The General Data Protection Regulations (GDPR) (2018) requires the Company to be open about the information that it holds on you and uses.
You are entitled to audit the business to ensure we comply with the GDPR. Please contact the Data Protection Officer in writing.
You have the right to withdraw your consent to processing of data. Please contact the Data Protection Officer in writing, however, please be aware that due to legal obligations we may decline your request.
The Company policy is to respect the privacy of clients and their employees and to maintain compliance with the General Data Protection Regulations (GDPR). Personal data related to clients and their employees will be protected.
All sub-contractors of the business have their own separate Data Protection / Privacy policies.
This policy applies when you engage Alexandra and Hillyfields Vets Ltd.
Alexandra and Hillyfields Vets Ltd will, if required, sign a separate confidentiality agreement if the client deems it necessary.
This policy complies with the General Data Protection Regulations May 2018.
Data Protection Officer:
Our Data Protection Officer is Tim Wilson BVSc MRCVS. For further information, subject access requests or complaints please contact email@example.com
In order to comply with its obligations, Alexandra and Hillyfields Vets Ltd, undertakes to adhere to the GDPR principles:
1) Process personal data fairly, lawfully and transparently
We will make all reasonable efforts to ensure that individuals who are the focus of the personal data (data subjects) are informed of the purposes of the processing, any disclosures to third parties that are envisaged, given an indication of the period for which the data will be kept, and any other information which may be relevant.
2) Data collected for a specified and legitimate purpose
We will ensure that the reason for which it collected the data originally is the only reason for which it processes those data, unless the individual is informed of any additional processing before it takes place.
3) Ensure that the data is adequate, relevant and not excessive in relation to the purpose for which it is processed
We will not seek to collect any personal data which is not strictly necessary for the purpose for which it was obtained. Forms for collecting data will always be drafted with this mind. If any irrelevant data is given by individuals, it will be destroyed immediately.
4) Keep personal data accurate and, where necessary, up to date.
We will review and update all data on a regular basis. It is the responsibility of the client giving personal data to ensure that this is accurate, and clients should notify us if, for example, a change in circumstances mean that the data needs to be updated. It is the responsibility of the company to ensure that any notification regarding the change is noted and acted on.
5) Only keep personal data for as long as is necessary
We undertake not to retain personal data for longer than is necessary to ensure compliance with the legislation, and any other statutory requirements.
6) Put appropriate technical and organisational measures in place against unauthorised or unlawful processing of personal data, and against accidental loss or destruction of data.
The Data Protection Officer is responsible for ensuring that any personal data which is held is kept securely and not disclosed to any unauthorised third parties.
We will ensure that all personal data is accessible only to those who have a valid reason for using it.
We will have in place appropriate security measures:
- keeping all personal data in a lockable cabinet with key-controlled access.
- password protecting personal data held electronically.
In addition, we will put in place appropriate measures for the deletion of personal data – manual records will be shredded or disposed of as ‘confidential waste’ Hard drives of redundant PCs will be wiped clean before disposal or if that is not possible, destroyed physically.
Storage and Security and Third Party Information Sharing:
Data is stored on servers at both our locations. These are heavily firewalled and password protected. On site backups occur and are stored in firesafes and never off site. Cloud backups occur as well so data is also with Vet Solutions – the company that supports our IT. Any dialling into the system is done via VPN.
In order to provide the services we do we will share data with the following third parties:
VirtualRecall – This is for your pet’s parasite reminders.
Idexx and other external laboratories – for diagnostics.
Referal Veterinary Practices – when we refer you for a specialised procedure.
VetsNow – This is our Out of Hours Service.
Pet Insurance Companies – in order to process your claims.
Debt Recovery Agency – in the event of unpaid invoices.
Mailchimp – to receive newsletters and other marketing by email.
SAVSNET – please see separate leaflets in the waiting rooms.
Other First Opinion Veterinary Practices – If we receive a history request because you have moved.
Transparency and Choice:
You may at any time contact Alexandra and Hillyfields Vets Ltd and ask what personal information we hold. The business has one month to respond to your request. You may ask us to update this information if it is incorrect, which we will strive to do as quickly as possible.
You may ask for any personal data to be deleted. This will be done as long as we can ensure compliance with other legislation and statutory requirements.
We regularly review our compliance with the GDPR.
The Information Commissioners Office contact information can be found at:
The Practice reference no. is : ZA441557
Monday-Friday: 9am – 6pm
Saturday : 9am to 11am
(Hillyfields Vets, Winscombe)
Consultations: 9am – 10.30am
Saturday:11am to 1:30pm
(Alexandra Vets, Clevedon)
Consultations: 12pm – 1.30pm