This policy applies to all the websites we operate, our use of emails and text messages for both business and marketing purposes, and any other methods we use for collecting information. It covers what we collect and why, what we do with the information, what we won’t do with the information, and what rights you have.
Who We Are
Willett House Vets Ltd is a veterinary practice. In this policy, whenever you see the words (‘we’, ‘us’ or ‘our’), it refers to Willett House Vets Ltd, 138 Kingston Road Staines-upon-Thames TW18 1BL. Registered in England No: (08482443).
Under the EU’s General Data Protection Regulation Personal Data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
What Personal Data We Collect
We may collect the following data about you:
- Identification data – such as you title, name, date of birth, photograph (including CCTV video), signature
- Contact details – such as your home address, telephone numbers, email addresses Social media details – such as twitter handle
- Payment information – such as bank, debit or credit card details or details regarding any benefits you may be in receipt of
- Information about your use of our website – such as what you have read and what actions you have taken
How We Collect Your Personal Data
We may collect your personal data in the following ways:
When you phone us, we may collect certain personal data to enable us to provide you with the services we offer e.g. registering you on our database.
Inbound and outbound calls may be recorded for training and monitoring purposes.
When you email us, we may collect certain personal data to enable us to provide you with the services we offer. We may also store personal data contained with any attachments you send to help us fulfil our services to you.
During our normal course of providing you with a service you may provide your personal details through the completion of registration forms (client, pet club, microchip), consent forms (operation, inpatient, euthanasia), prescription requests, insurance forms, credit/instalment forms, accident reports etc. All of these will be stored for future reference.
If you visit our website we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns including times and dates of visits, pages you have interacted with, links you have clicked and other websites you have visited. We may also collect information about your computer, including where available your IP address (the name and internet address your device uses to identify itself to us), device type, operating system, unique identification numbers, browser-type, broad geographical location and other technical information for system administration. This is statistical data about our users’ browsing actions and patterns we do not make any attempt to find out the identities of those visiting our website.
Whilst using our website we collect your personal data when you submit your details using our contact forms, registration forms, email links or, where available, our online chat or blog service.
If you follow a link from our website to log in via Google, Facebook, Twitter or Instagram then that website will provide us with personal data, but you will be asked what you want us to receive and will have a chance to edit the information that you provide to us.
Several of our practice sites have CCTV which record client images for security and crime prevention purposes.
Third Party Sources
When you register with us we will request any previous history your pet may have at other vet practices. This information may contain your personal data. We may also receive personal data about you from other sources such as if you have been referred to us from a local charity.
We may also collect your personal data when you voluntarily complete customer surveys, participate in competitions, register for an event we are hosting, submit a job description or a training application (including work experience applications).
When you communicate with us (e.g. by email, fax, phone calls, tweets etc) we may retain such information and our responses to you in the records of your account. Likewise, if you engage with us on social media we make collect some of your personal data.
How We Process Your Personal Data
We will only process your data if we have decided there is a lawful basis for doing so. The following highlights which lawful basis we use for processing your personal data:
We may process your personal data because we have contract with you (or will be potentially entering into a contract with you) e.g. you are a job applicant, an employee, a contractor; or you are a client (or potential client) that has requested (or enquired about) our services, registered your pet or joined our Pet Club. Examples of how we process your data include:
- To register your pet on our practice management system
- To book you an appointment
- To provide veterinary services to your pet
- To keep an accurate record of the services and treatments that have been provided to your pet
- To answer any queries that you may have
- To help us identify you when you contact or visit us
- To update you on your pet’s condition, laboratory results, treatment requirements and when you pet’s medications are ready
- To process your payments and send you receipts/invoices
- To assist us in debt management and/or debt recovery
- To provide you with an estimate for treatments or procedures you have requested
- To administer your membership of our Pet Club and set-up your direct debit payments
- To allow us to respond promptly and courteously to complaints
- For processing of personal data re job applicants and employees/contractors please see later.
We may process your data to comply with our legal obligations. Examples of how we may process your data would include:
- To respond to a police request e.g. to view our CCTV footage whilst they investigate a crime
- To respond to a court order
- To prevent fraud or criminal activity
- To uphold our obligations under animal welfare legislation etc
Vital Interest Basis
We may be required to process your personal data to protect your life. This would include using the data we possess to inform emergency services of your identity should you have a medical emergency whilst on our premises or whilst we are performing a house visit.
Public Task Basis
We may be required to process your personal data if carrying out a specific task in the public interest or we have been instructed by an official authority to do so. This may be informing the authorities of your identity should we suspected or identify your pet as having a notifiable disease such as avian influenza.
Legitimate Interest Basis
We may process your personal data for our legitimate business interests. “Legitimate Interests” means in the interests of our company in conducting and managing our business and providing you with the best services and products in the most secure way. These interests include:
- To send you appointment reminders
- To help us to improve the quality of our service
- To send you pre-operative information advice, discharge instructions and/or treatment plans
- To process your insurance claims and contact your insurance company
- To allow us to process any financial assistance provided to you from any charitable organisation
- To allow us to provide additional services you request e.g. cremation services
- To set up an interest free loan with a third-party credit company at your request
- To contact another practice or referral centre if your pet needs further treatment
- To administer (such as troubleshooting, data analysis, research) and tell you about changes to our website or software
- To help us improve our website to make it better for all users and to get your feedback on our website
When we process your personal data for our legitimate business interests we always ensure that we consider and balance any potential impact on you and your rights under data protection laws.
Currently, due to technological limitations, some of the services above (e.g. appointment reminders) are only available by consent due to the inability to separate legitimate interest text reminders from those reminders requiring consent.
Whenever the processing of your personal data requires your consent then you will be given the opportunity to opt-in to having your contact details used at the time your details are submitted. The range of products and services offered by us include, but is not limited to:
- Email and/or text reminders regarding important aspects of your pet’s preventative healthcare programme, including health examinations, vaccinations and worm & flea treatments.
- Invitations to nurse-led healthcare, including weight, dental, senior wellness checks Pet Club reminders
- Invitations to special events, including puppy parties, evening talks and first aid demonstrations
- Updates on new or emerging diseases that may affect your pet
- Updates on pet screening we offer in disease identification and/or prevention
E Communication Group
To assist us in providing you with the services listed above we have created an E Communication Group which allows you to opt in to receive such important reminders alongside appointment reminders.
- Practice newsletters
- Special offers and promotions (although these will never be excessive)
Please be aware that if you opt out of marketing communications received you may miss out on important information regarding your pet’s health, and certain services are only available when you opt in to specific contact streams e.g. flea and worm treatment applications are only available by opting in to our text service.
If you do not wish us to use your data as set out above, please leave the relevant boxes, situated on the form for which we use to collect your data, blank or unticked.
If you no longer wish to receive email or other promotional materials from us after you have opted in to a service, you may opt-out of receiving these communications at any time by one of the following methods:
- By replying to the email with ‘unsubscribe’ in the subject line
- By writing to Willett House Vets Ltd, 138, Kingston Road, Staines, TW18 1BL By calling us on 01784 452048
We will also seek your consent when passing your personal data and pet’s clinical record when requested by another veterinary practice that you moved to.
Sharing Your Information
We may disclose your personal data to third parties to fulfil some of services listed above although in the majority of cases this will be with your consent or only when you have requested a specific service from us. This may include sharing your personal data with:
- Your authorised agents including companies that may be looking after your pet e.g. catteries and kennels, export companies
- Other veterinary practices if we refer your pet or you move practice
- Our service providers e.g. cremation services, direct debit collection provider, pet cub administrator, MRI provider, tele-diagnostic companies, laboratories
- Your insurance company and, if you decide to sign up, companies offering free introduction insurance
- Microchip registration companies
- Charities that are assisting you
- Loan and credit companies if you wish to take out an interest free loan
- Our debt management and recovery companies
- Drug manufacturers if your pet has had an adverse reaction to one of their products
- Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights or apply our Terms and Conditions of Business, or (iii) to protect your vital interests or those of any other person, This may include:
- Emergency Services
- Our Solicitors
- Veterinary defence Society
- Royal College of Veterinary Surgeons
- Health & Safety Executive o Veterinary Medicine Directive
- Department for Environment, Food and Rural Affairs
- Trading Standards
- Dog Warden
We work closely with our in-house out-of-hour provider, Vets Now, to offer you the best possible service. This means they have access to your pets’ clinical record outside of normal working hours to ensure they know what treatments and care we have provided to your pet and your personal data so they may contact you if you pet is an inpatient. They are prohibited from using such personal data for any other use apart from providing emergency care to your pet and are contracted to keep your personal data confidential.
IT Companies & Website
For IT maintenance purposes our IT companies may be able to view your personal data whilst providing us support for our client, CCTV and call recording databases. However, they are prohibited from making copies or using your data.
We use a third-party service to publish our website and use a standard service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it.
We do not pass you personal data to third parties for their own marketing purposes. However, we do use third parties (text messaging companies and Microsoft Office 365) to assist sending our own electronic communications to you.
Where we share your personal data with a third party we endeavour to ensure your personal data is kept safe in order to protect your privacy. Our policy requires:
- We only provide personal data that is required for the third party to perform their specific services
- Third parties only use your data for the exact purposes we specify in our contract with them
- We work closely with third parties to ensure your privacy is respected and protected
- If we stop using their services, any personal information held by them will be either deleted or rendered anonymous (subject to applicable law)
Data Security & Retention
The majority of the personal data we collect is stored in the UK on our own computers or in our own paper filing systems. Some personal data, e.g. emails, are stored using Microsoft Office 365 cloud services and on occasion we will use Dropbox to pass information such as x-rays or patient histories to our service providers.
We have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored securely to protect against its loss, misuse and alteration. Likewise, we take steps to ensure that any businesses that we share your data with will have security protocols and policies in place to manage and record your data privacy and preferences correctly and that your data is stored correctly.
Unfortunately, the transmission of data across the internet is not completely secure and whilst we do our best to try to protect the security of your information we cannot ensure or guarantee that loss, misuse or alteration of data will not occur whilst data is being transferred.
We will keep your information only for as long as we need it to provide you with the goods, services or information you have required, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with people that have asked us not to. When we no longer need information, we will delete or anonymise it securely, using specialist companies if necessary. If this is not possible (e.g. it has been stored in a backup archive) then we will store your data and isolate it from further processing until deletion is possible.
International Data Transfers
Some of our third-party service providers operate outside the UK, such as in Australia and the United States. This means that when we collect your personal information we may process it in any of these countries. On the occasions that this proves necessary we have policies in place to ensure your information receives the same protection as if it were being processed inside the EEA.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this policy.
Job Applicants, Current and Former Willett House LTD Employees
All information you provide during the application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. We will not share any of the information you provide during our recruitment process with any third parties for marketing purposes. Data sent electronically or processed beyond the initial application will be stored locally or using Microsoft Office 365. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.
Applications may be received by email, physically by post or through a third-party recruitment agency. We may ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to this information.
We might ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. This information is held by Willett House Vets Ltd. If you are unsuccessful following assessment for the position you have applied for, we may retain your details in our talent pool for a period of up to two years.
Offer of Employment
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore may be required to provide:
- Proof of your identity
- Proof of your qualifications
- A criminal records declaration to declare any unspent convictions Details of two referees so we may obtain references Medical information to establish your fitness to work.
If we make a final offer, we will also ask you for the following:
- Bank details – to process salary payments
- Emergency contact details – so we know who to contact in case you have an emergency at work
Use of Data Processors
If you are employed by us, relevant details about you will be provided to a number of third-party providers, including our payroll and pensions providers. All employees will be given an appropriate privacy notice to explain this in detail.
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 7 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, your CV shall be retained for up to 24 months and any other information you have provided until that point will be retained for 6 months from the closure of the campaign. If you would prefer us to delete your CV, please let us know by contacting our GDPR Officer using the details at the bottom of this notice.
Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it.
Under the data protection legislation, you have the right to request copies of your data, request rectification of your data, request erasure of your data, object to us processing your data, the right to prevent your data being used for direct marketing, request us to restrict the process and where our systems allow, the right to access a copy of the information we hold about you (a subject access request).
For more information about your rights under the Data Protection Act contact the Information Commissioner’s Office www.ico.org.
If you wish to exercise any of these rights please contact the GDPR Officer in writing at Willett
House Vets Ltd, 138, Kingston Road, Staines, TW18 1BL or by emailing email@example.com
Under the data protection legislation, you have the right to request copies of your data, request rectification of your data
Complaints & Queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.
If you have any questions or concerns about our use of your personal data, please contact our GDPR Officer at the following address firstname.lastname@example.org.