Privacy Policy
Ridgeway Surgery (“we,” “us,” or “our”) is firmly committed to protecting the privacy, confidentiality, and security of your personal data. This Privacy Policy outlines the types of personal data we collect through your use of our website, ridgewaysurgery.com (“Website”), how we process that data, the purposes of such processing, and the rights you have under relevant data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Commitment to Privacy and Data Protection
We understand that your trust in us depends on how we handle your personal data. We treat all information you provide to us with the highest professional and legal obligations. We collect only data necessary to improve your user experience, provide our services, and comply with our legal obligations. Your personal data is handled transparently, lawfully, and with respect for your individual rights and freedoms.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all individuals who access or use ridgewaysurgery.com and any related services. Ridgeway Surgery acts as the “data controller” for purposes under GDPR with respect to personal data collected via this Website.
As the data controller, we determine the purposes and means by which your personal data is processed. For all privacy-related matters, we may be contacted at: [email protected].
3. Categories of Data We Collect and Process
To fulfill our services and operate the Website efficiently, we may process the following categories of personal data:
a) Usage Data:
Includes information automatically collected during your visit, such as browser type, IP address, device identifiers, referring/exit pages, time stamps, and website navigation patterns. This data helps us assess the performance and security of our Website.
b) Account Data:
Includes personal identifiers such as your name, telephone number, email address, postal address, and other registration-related information provided when you create an account or fill out forms on the Website.
c) Profile Data:
Includes data pertaining to your preferences, history of interactions, website use behavior, purchase history, and survey responses.
d) Communication Data:
Includes the contents of your inquiries, feedback, correspondence, and any communication history with us, whether via forms, emails, or phone calls.
e) Technical Data:
Includes system configuration information and metadata relating to your browser type, operating system, screen resolution, and other technological identifiers.
f) Transaction Data:
Includes billing details, order records, delivery addresses, payment confirmations (processed via secure third-party providers), and associated data related to service fulfilment.
g) Preference Data:
Includes your preferences relating to marketing communications, notification settings, and interests for specific services or products offered on ridgewaysurgery.com.
4. Legal Bases for Processing Personal Data
We process your personal data under the following legal bases, in accordance with the GDPR:
– Consent: When you have provided explicit consent for specific processing activities (e.g., subscribing to newsletters).
– Contractual Necessity: When processing is necessary to fulfill our agreement with you (e.g., delivering services requested).
– Legal Obligation: To comply with legal requirements, including financial and health regulations.
– Legitimate Interests: For purposes such as improving site functionality, enhancing user experience, and securing the Website, provided that such interests are not overridden by your rights and freedoms.
5. Your Rights Under GDPR and CCPA
As a data subject under GDPR or a consumer under CCPA, you are entitled to the following rights regarding your personal data (subject to legal limitations and verifications):
– Right to Access – You may request access to your personal data we hold.
– Right to Rectification – You may request correction of inaccurate or incomplete data.
– Right to Erasure – You may request deletion of your data, where permissible.
– Right to Restriction – You may request limitation of data processing.
– Right to Data Portability – You have the right to receive a copy of your data in a commonly used, machine-readable format.
– Right to Object – You may object to processing conducted based on our legitimate interests.
– Right to Withdraw Consent – Where we rely on your consent, you may withdraw it at any time.
– Right to Non-Discrimination (CCPA) – You will not receive discriminatory treatment for exercising any of your rights.
6. Data Security Measures
We implement industry-standard safeguards to protect your personal data, including:
– Data encryption (HTTPS/SSL) for all communications.
– Access control to restrict unwarranted or unauthorized access to personal data.
– Routine system backups and monitoring of network activity.
– Employee awareness and mandatory training on data security and privacy compliance.
Although we strive to use commercially acceptable security means, no method of transmission or storage is entirely secure. We cannot guarantee absolute security, but we diligently work to mitigate risks.
7. International Data Transfers
We may transfer and process your personal data outside of your jurisdiction, including to third-party service providers located in countries that may not provide the same level of data protection. In such cases, we ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses and adherence to GDPR-compliant frameworks.
8. Data Retention
We retain your personal data only as long as is necessary for the purposes set out in this policy:
– Account and Profile Data: Retained for as long as your account remains active or until you request deletion.
– Transaction Data: Kept for up to 7 years to comply with financial and tax obligations.
– Communication Logs: Retained for 3 years following your last interaction.
– Technical and Usage Data: Retained for 12 months for analytics and security monitoring.
– Preference Data (e.g., marketing consents): Retained until withdrawal of consent or account deletion.
Data may be retained longer where required by legal obligations.
9. Cookie Policy
Our Website uses cookies and similar technologies to provide a functional, secure, and personalized experience. These include:
– Essential Cookies: Required for core functionalities such as login, navigation, and session management.
– Functional Cookies: Enhance usability by storing user preferences.
– Performance Cookies: Help us analyze usage patterns and measure Website effectiveness.
– Analytics Cookies: Collect aggregated data on website performance and user behavior using tools like Google Analytics.
10. Cookie Management and Compliance
Upon arriving at ridgewaysurgery.com, you are presented with a cookie consent banner, allowing you to manage which cookie types are activated. You may modify your preferences or withdraw consent at any time through cookie settings in your browser or the cookie management tool available on our Website. This is in full compliance with GDPR regulations for EU users and CCPA’s “Do Not Sell My Personal Information” provision.
We do not sell your personal data.
11. Children’s Data Protection
Our services are not intended for individuals under the age of 13. We do not knowingly collect or solicit personal information from children. If we become aware that we have collected data from a child under 13 without parental consent, we will promptly delete it. Parents or legal guardians with concerns may reach us at [email protected].
12. Policy Updates
We reserve the right to modify or update this Privacy Policy at any time to reflect changes in technology, legal requirements, or our practices. Major updates will be communicated via appropriate channels. Continued use of ridgewaysurgery.com following any change constitutes acceptance of the revised policy.
13. Contact Information
For any inquiries regarding this Privacy Policy, requests related to your data rights, or privacy concerns, you may contact us at:
Privacy Officer
Ridgeway Surgery
Email: [email protected]
We are committed to ensuring that your personal data is respected, managed properly, and handled in full compliance with applicable data protection laws including the GDPR and CCPA. Should you have any concerns about your privacy or the handling of your personal data, please do not hesitate to reach out to us.