Clinic Enhance Consent Guide

We take privacy and data protection seriously, especially since we specialise in medical fields.

We have years of experience working with aesthetic clinics in South Korea for high level plastic surgery.

This guide outlines how we handle customer data, ensure compliance with privacy laws, and provide transparency for businesses using our review management services.

Below is an attached email from an ICO Lead Case Officer.

1) Medical Field Concerns

I operate in a medical field, where sensitive data is processed.

GDPR and PECR laws do not make a discrimination on the industry, provided sensitive data is not shared.

Our service does not require medical data, only customer name, email and number.

Also, customer complaints, where we filter out negative feedback, are forwarded to you directly and not sent or shown in our system, avoiding the possibility of sensitive data sharing.

2) Consent to send review requests

My customers did not opt in for communications

Quoted from the ICO, “Genuine market research, such as asking for feedback on treatment, does not count as direct marketing.”

If we explore GDPR laws:

"Businesses do not need consent to collect feedback from customers if it is for market research and directly linked to a specific sale or service. However, this feedback cannot be used for marketing without additional consent. A reviews provider acting as a Data Processor can send feedback requests without requiring customers to log in or create accounts, and explicit opt-in is not needed for this purpose."

So provided we are not directly marketing to your customers, feedback requests are acceptable under GDPR and PECR laws.

3) Allowing a 3rd party to handle your data

What are the rules around us giving a 3rd party like Clinic Enhance our customer data?

Clinic Enhance processes customer data as a third-party provider under the GDPR, ensuring compliance with privacy laws. This is typically allowed as part of the client’s service agreement, provided appropriate privacy policies and data protection measures are in place.

Data Processing Agreement (DPA):

Clinic Enhance offers a legally binding DPA, detailing commitments to:

• Process data only for agreed purposes (e.g., review requests).

• Implement strong data security measures.

• Comply with GDPR and relevant legal frameworks.

Legal Basis for Review Requests:

1. Legitimate Interest (GDPR Article 6(1)(f)):

Businesses can process personal data for review requests if it is linked to prior customer interactions, without overriding the customer’s rights.

2. Third-Party Involvement:

• Businesses must inform customers in their privacy policy about data sharing with third-party processors like Clinic Enhance.

• A DPA ensures compliance and transparency.

3. Soft Opt-In Exception:

Review requests can be sent if:

• Contact details were collected during a transaction.

• Customers are informed and given an opt-out option.

Clinic Enhance’s Compliance Measures:

• Signs DPAs with clients to formalize data usage.

• Processes only necessary non-sensitive data (e.g., name, email, phone).

• Includes opt-out options in all communications.

• Keeps all communications strictly review-related and non-intrusive.

4) How we contact your customers

Do your contact methods follow compliance laws?

Our email templates will include your company’s full address, as well as an obvious opt out function. 

Our SMS similarly will have the sender ID and an obvious opt out function.

Therefore all communications channels comply with privacy laws in both the UK and USA where we operate.

5) How we process the data

What software do you use to process data?

We use GoHighLevel software to store customer information, who are GDPR compliant. More information can be found on their site at the following links:

https://www.gohighlevel.com/gdprhttps://www.gohighlevel.com/data-processing-agreement

6) ICO Registration

Are you qualified to handle customer data?

We operate as a trading style under Ambitions Web Ltd. Our ICO registration is as followed.Organisation name:  Ambitions Web Ltd Reference:  ZB804022 

We also have a 4.9 star rating on google after many years of running an online marketing agency.

clinicenhance operates under The Ambitions Agency Ltd, an established growth agency based in the United Kingdom.

© 2024 The Ambitions Agency | All Rights Reserved | Terms and Conditions | Privacy Policy

Clinic Enhance operates under The Ambitions Agency Ltd, an established growth agency based in the United Kingdom.

© 2024 The Ambitions Agency | All Rights Reserved | Terms and Conditions | Privacy Policy