Privacy Policy
1. Introduction
At Ridgeway Surgery (“we”, “us”, or “our”), accessible at ridgewaysurgery.com, we are committed to protecting and respecting your privacy. We recognize and value your trust in sharing personal information with us, and we are fully dedicated to safeguarding your data in accordance with applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, and protect your personal data, and your rights in relation to that information.
2. Scope of this Policy and Data Controller Role
This Privacy Policy applies to all users of the ridgewaysurgery.com website and any associated services we provide to you. Ridgeway Surgery acts as the Data Controller for the personal information collected via this website or through any form of communication with our practice. If you have any questions concerning your data or this policy, you may contact us at [email protected].
3. Categories of Data We Process
We collect and process a variety of personal data categories depending on your interaction with ridgewaysurgery.com. The categories include:
a) Usage Data
Information regarding how you interact with our website, including IP address, browser type, location, pages visited, time spent on each page, session timestamps, and navigation paths.
b) Account Data
Data you provide when registering or communicating with us, such as your name, residential or mailing address, email address, and telephone number.
c) Profile Data
Information related to user preferences, behavioral patterns on our services, order history, saved services, and healthcare or appointment preferences as applicable.
d) Communication Data
Records of correspondence with you, including inquiries, feedback, appointment requests, or service-related messages made via email or on our website.
e) Technical Data
Details automatically collected from your device, such as operating system, mobile device type, screen resolution, time zone settings, and browser plug-ins.
f) Transaction Data
Information related to appointments, financial transactions, methods of payment, insurance or delivery details according to services rendered or requested.
g) Preference Data
Marketing opt-ins, communication preferences, and expressed interests in our services or offers.
4. Legal Bases for Processing Personal Data
We will only process your personal information when we have a legal basis to do so. These bases include:
– Consent: When you voluntarily provide information and explicitly agree to our use of it for specific purposes, such as marketing communications.
– Contractual Necessity: Where information is required to deliver services requested by you or to fulfill a mutual contractual obligation.
– Legal Obligation: Processing necessary for compliance with legal or regulatory requirements placed upon us.
– Legitimate Interests: For purposes reasonably required to operate our business or improve our services, provided such interests do not override your fundamental rights or freedoms.
5. Your Rights Under Data Protection Laws
You possess a number of legal rights with respect to your personal data. These include:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You may ask us to delete your data where there is no lawful reason for its continued processing.
– Right to Restriction: You can request that we temporarily or permanently limit the processing of your data.
– Right to Data Portability: You are entitled to receive your data in a commonly used and machine-readable format.
– Right to Object: You may object to the processing of your data where it is based on our legitimate interests or for direct marketing purposes.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We employ robust administrative, technical, and physical safeguards to secure your personal data, including but not limited to:
– Encryption of data at rest and in transit;
– Role-based access controls and authentication procedures;
– Regular security audits and monitoring for anomalies;
– Staff training to recognize and prevent data breaches;
– Secure servers and privacy-by-design principles in all systems development.
While we apply stringent controls, no online platform can guarantee absolute security. We therefore encourage you to adopt protective practices when accessing our services.
7. International Data Transfers
Your personal information may be transferred to, and processed in, countries outside the jurisdiction in which you reside. In such instances, we comply with applicable data protection requirements by implementing safeguards such as Standard Contractual Clauses approved by the European Commission or other regulatory-approved mechanisms that ensure appropriate levels of data protection.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, including for compliance with legal, contractual, or operational obligations.
Retention periods vary by data category:
– Account and Transaction Data: Up to 7 years post-termination or final transaction;
– Communication and Support Data: Up to 3 years from last contact;
– Technical and Usage Data: Up to 24 months unless further retention is justified;
– Marketing and Preference Data: Retained until you withdraw consent or opt out.
Data is securely erased or anonymized once the retention period has expired.
9. Cookie Policy
Ridgewaysurgery.com uses cookies and similar technologies to enhance your experience, analyze traffic, and provide essential website functionalities. Cookies used include:
– Essential Cookies: Required for the site to function correctly (e.g., login or language preference).
– Functional Cookies: Enhance usability and personalize settings.
– Analytics Cookies: Help us understand how users interact with the site (e.g., Google Analytics).
– Performance Cookies: Track load speeds and responsiveness.
Cookies do not directly reveal your identity but may link to user profiles in conjunction with other data sets.
10. Cookie Management and Compliance
We provide a Cookie Consent Banner for users to manage their preferences in compliance with GDPR and CCPA. You may accept or reject non-essential cookies at any time using our cookie settings interface. Additionally, you may modify your browser settings to block or delete cookies, although this may impact your user experience.
California residents have the right to opt-out of the sale of personal data. Ridgeway Surgery does not sell personal information as defined under CCPA.
11. Children’s Privacy
Our services are not directed to, and we do not knowingly collect personal data from, children under the age of 13. If we discover that we have inadvertently handled the data of a minor under 13 without verifiable parental consent, we will promptly take steps to delete such data.
12. Policy Updates
We may update this Privacy Policy from time to time to address changes in legal obligations, technologies, or our services. Where significant changes are made, we will notify you through appropriate channels, which may include our website, email updates, or through updated notifications upon accessing our site.
We encourage you to revisit this policy periodically to remain informed of our privacy practices.
13. Contact Information
Should you have any questions or concerns relating to this Privacy Policy, your personal information, or wish to exercise your data rights, you may contact our Privacy Manager at:
Email: [email protected]
Website: https://www.ridgewaysurgery.com
We are committed to ensuring full compliance with data protection legislation and best practices. If you believe your privacy rights have been violated, you may also contact your relevant data protection authority.