Privacy Policy | Hirschmann Health
top of page

Privacy Policy

Welcome to Hirschmann Health! In this Privacy Policy, we would like to inform you about all data protection aspects concerning the collection, storage, and use of your Personal Data when you visit our  website and services.

 

We are Hirschmann Health of Thomas House, 84 Eccleston Square, London, SW1V 1PX (“we”, “us”, “our”) and in the case of your direct use of our website and services, we act as the Data controller in accordance with the UK`s Data Protection Act 2018 (“DPA”) and the General Data Protection Regulation (“GDPR”).

 

Unfortunately, it is in the nature of things that these explanations sound very technical, but we have tried to describe the most important things as simply and clearly as possible when creating them.

 

What is Personal Data?

Personal Data is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Data. This includes, for example, the number of users of a website. 

 

General information on data processing

In the course of our business and website operations, we process data. This also includes disclosure by transmission to third parties and, where applicable, to so-called third countries outside the UK and the EEA. Where we transfer data outside the UK or EEA, we ensure that processing of your Personal Data is governed by Processing Agreements that include Standard Contractual Clauses to ensure a high level of data protection.

 

All Personal Data that we obtain from you via the website will only be processed for the purposes it was collected for and only if one of the following legal bases exists:

 

  • you have given your consent,

  • the data is necessary for the fulfilment of a contract / pre-contractual measures,

  • the data is necessary for the fulfilment of a legal obligation or

  • the data is necessary to protect the legitimate interests of our company, provided that your rights and freedoms are not overridden. 

 

Finally, we process and store your Personal Data only as long as it is needed to achieve the respective purpose or for as long as a legal retention period exists (up to 6 years in accordance with the UK`s commercial and tax law). Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

 

Personal Data that is processed by us

a) Collection of access data and log files

We collect data on every access to our website. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

 

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. The legal basis for the data processing is our legitimate interest in providing an appealing website.

 

 

b) Hosting

As part of processing on our behalf, Wix.com Ltd provides website presentation services for us. This serves to protect our legitimate interests in the correct presentation of our website, which are outweighed by a balance of interests. All data collected in the course of using our website or in forms provided for this purpose in the online shop are processed on Wix`s servers. 

 

c) Contacting us

If you contact us, we process the following data from you for the purpose of processing and handling your enquiry: Name, contact details (phone number and e-mail address) -if provided by you- and your message. The legal basis of the data processing is our obligation to fulfil the contract and/or to fulfil our pre-contractual obligations and/or our legitimate interest in processing your enquiry.

 

For the Chat, we use Ascend by Wix. We have no influence on the processing of data by Wix and no possibility to influence it. 

 

We also offer to contact us via the messaging services of WhatsApp. If you contact us via those on the occasion of a specific transaction, we store and use the mobile phone number you use on and - if provided - your first and last name in accordance with the provision of a contractual or pre-contractual measure to process and respond to your request.

 

d) Bookings 

For our appointment bookings, we obtain your Name, E-mail, Phone Number, and additional information you provide to us. The data you provide us with will also only be used for the purpose of your contact, bookings, or appointments and the services carried out. The legal basis for processing your data when booking an appointment is the preparation for a contract. The data collected in respect of our Booking Feature is processed on our behalf by PracticeHub.

 

e) Shop

If you order a Gift Card or one of our Treatment Packages on our web site, we will process your order and send you the relevant voucher to the delivery address you have provided. This is done on the basis of a contract.

 

f) Payment Data

If you make a purchase your payment will be processed via the payment service provider Square Squareup or Stripe, as applicable. Payment data will solely be processed through the payment system of Square or Stripe. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.

 

g) When you use our services

If you have contracted us to provide a service, we process your data (if provided: Name, contact details (email address and telephone number), address, and all information required in the context of the performance of the services including health data in accordance with Art. 9 GDPR, exclusively for the purpose of processing and handling the contractual relationship. This includes in particular our appropriate treatment, advice and support, correspondence with you, invoicing, fulfilment of our accounting and tax obligations. 

 

We ask you not to provide us with health data pursuant to Art. 9 GDPR from the outset. If health data are relevant according to Art. 9 GDPR, we process them together with your other data. Your data will not be used by us for automated decision making or profiling, nor will it be shared with third parties.

 

Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfil our legal obligations.

​

h) Exercise Prescription Management

If required, we will process some of your Personal Data and in particular Contract Data in our exercise prescription management tool Physitrack. This is done on the basis of a contract.

 

i) Service Notifications

By using our services, you are giving your consent to receiving notifications and messages per email. Those typically include general, profile and content information in relation to your use of our Services your appointment, practitioner used and do not include any health-related information. Our service notifications are sent using PracticeHub and Mailchimp (Intuit Inc) and are designed to enhance your experience. You can of course opt out from receiving notifications by following the unsubscribe instructions at the bottom of every notification e-mail sent by us. The legal bases are to provide you with our services and your consent as well as our legitimate interest.

 

j) Newsletter

If you have consented to receive our newsletter, we will use your e-mail address and, if applicable, your name to send you information about us, our music, promotions, competitions, and news. You can revoke your consent to receive the newsletter or to the creation of personalised user profiles at any time with effect for the future. You will find the unsubscribe link at the end of each newsletter. The revocation leads to the deletion of the collected user data. Our newsletter is sent as part of processing on our behalf by Mailchimp (Intuit Inc) to whom we pass on your e-mail address for this purpose.

 

k) Administration, financial accounting, contact management

We process data within the scope of administrative tasks as well as organisation of our business, financial accounting, and compliance with legal obligations, such as archiving.

 

In doing so, we process the same data that we process in the context of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.

 

In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers. Accordingly, the data is processed on the basis of fulfilling our contractual obligations as well as to fulfil our legal obligations.

 

l) Use of cookies

We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.

 

m) Service Reviews

We use the rating functions of Google and Trustpilot to constantly improve our service, we offer our customers the opportunity to rate us via those independent portal, without us being able to influence this in any way. For this purpose, some data is transmitted to Google or Trustpilot. The integration is based on our legitimate interest, and we have no influence or control over the data collected and processed by Google and Trustpilot.

 

​

Transfer of Personal Data 

We will not disclose or otherwise distribute your Personal Data to third parties unless this:

 

  • is necessary for the performance of our services, 

  • you have consented to the disclosure,

  • or the disclosure of data is permitted by relevant legal provisions. 

 

However, we are entitled to outsource the processing of your Personal Data in whole or in part to external service providers acting as processors within the framework of the DPA and GDPR. External service providers support us, for example, in the technical operation of the service and support of the website, data management, the provision and performance of services for example marketing, or the implementation and fulfilment of reporting obligations. 

 

The service providers commissioned by us however will process your data exclusively in accordance with our instructions and we remain in accordance with the DPA and the GDPR responsible for the protection of your data. Doing so we always make sure that service providers commissioned by us are carefully selected, follow strict contractual regulations, technical and organisational measures, and additional controls by us.

 

We may also disclose Personal Data to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.

 

Marketing

Insofar as you have also given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

 

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission, or sometimes your consent is implied from your interactions or contractual relationship. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

 

Our Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.

 

Automated decision-making

Automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR does not take place at Hirschmann Health.

 

Your rights 

Under the DPA and GDPR, you can exercise the following rights:

  • Right to information

  • Right to rectification

  • Right to object to processing

  • Right to deletion

  • Right to information

  • Right to data portability

  • Right of objection

  • Right to withdraw consent

  • Right to complain to a supervisory authority

  • Right not to be subject to a decision based solely on automated processing.

 

If you have any questions about the nature of the personal data we hold about you, or if you wish to request the erasure or rectification of personal data we hold about you, or to exercise any of your other rights as a data subject, please contact us. 

 

The Supervisory Authority

The competent data protection authority in the UK is:

 

The Information Commissioner`s Office (ICO) 

Wycliffe House, Water Ln, 

Wilmslow SK9 5AF, UK 

www.ico.org.uk

 

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

 

Access Request 

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. 

 

We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the respective legal regulations mentioned above).

 

Security

State-of-the-art internet technologies are used to ensure the security of your data. During the online enquiry process, your details are secured with SSL encryption. For secure storage of your data, the systems are protected by firewalls that prevent unauthorised access from outside. In addition, technical and organisational security measures are used to protect the Personal Data you have provided against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons.

 

Social Media

We are present in "social media" in order to communicate with our customers, interested parties and users registered there and to be able to inform them about our offers. We would like to point out that you use social media platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating). We, as the provider of our Social Media Profile, do not collect and process any data from your use of our social media platforms and beyond this. The processing of users' Personal Data is based on our legitimate interests in providing users with effective information and communicating with users. 

 

Links to other providers

Our website also contains - clearly recognisable - links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

 

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

 

Collection and Use of Children's Personal Data

Hirschmann Health takes the privacy of children very seriously. We do not knowingly collect Personal Data from children through our website. 

 

Changes

We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy or materially change Hirschmann Health's use of your Personal Data, we will revise the Privacy Policy accordingly and also change the effective date at the end of this section. We encourage you to periodically review this Privacy Policy to be informed of how we use and protect your Personal Data.

 

Questions and Concerns

If you would like to contact us regarding our privacy practices for any reason, please contact us.

 

Effective Date

Wednesday, 25 January 2023

bottom of page