Privacy policy

Effective Date: August 2024

1. Introduction

Welcome to KLNIK (“we,” “our,” “us”). This privacy policy explains how we collect, use, disclose, and protect your personal information when you visit our website www.klnik.co.uk (the “Site”) or use the name @klnikofficial or @drroshofficial on Facebook, Twitter and Instagram. This also applies when you make an appointment and become a KLNIK patient and use our services. By using our Site, you agree to the practices described in this policy. 

KLNIK is committed to ensuring that your privacy is protected. KLNIK will not ask you to provide any information on the website or social media which you can be identified.

When asking to provide personal information for an appointment you can be assured that it will only be used in accordance to this privacy notice.

KLNIK will amend this notice in keeping with its legal obligation. This notice is prepared in accordance to the UK General Data Protection Regulation 2016/679 (‘GDPR’).

This notice is effective from 1 November 2022.

You have the right to be informed that as a wellness facility, KLNIK will process your personal information for legitimate interest only. This includes special category information which may include medical information, biometric, genetic and ethnic information depending on service use. KLNIKs intended purpose for this information is for health promotion and safe medical practice, marketing, auditing and research purposes. Voice calls may be recorded for training and monitoring purposes. Anonymization and pseudonymization are implemented regularly as a culture to ensure your information is protected. KLNIK will never share your information with an undisclosed third party.

2. Information We Collect

Personal Information:

We may collect personal information that you provide to us, including:

Usage Data:

We collect information about your interactions with our Site, such as:

3. How We Use Your Information

We use the collected information to:

4. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files placed on your device that help us enhance your experience on our Site.

Types of Cookies We Use:

Managing Cookies:

You can adjust your browser settings to refuse cookies. However, this may impact your experience on our Site. For more details on how to manage cookies, visit youronlinechoices.com.

5. Third-Party Services

Our Site may include third-party content or services (e.g., embedded videos, social media plugins). These third parties may set their own cookies and have their own privacy policies. We are not responsible for their practices. We encourage you to review their privacy policies.

6. Data Protection Rights

Your Rights Include:

7. Data Security

Patient data is stored within Pabau systems.

Pabau data is always backed up daily. Backups are redundantly stored in multiple physical locations.

KLNIK choose our partners carefully. Pabau has achieved the following accreditations and certifications:

– PCI DSS Level 1;

– ISO 27001 (Information Security Management System).

Pabau is also ISO 9001 accredited & registered with the ICO.

Should a catastrophic loss occur, Pabau’s design provides the ability to rapidly restore all services, ensuring availability of systems should KLNIK encounter a serious problem at our primary data centre, where tests are regularly run.

Pabau performs real-time file replication to disk at each data centre, and near real-time data replication between the production data centre and the disaster recovery centre. Disaster recovery tests verify our projected recovery times and the integrity of customer data.

The Pabau networks are monitored to protect our perimeter against potential threats. Possible threats include hackers, data breaches, adware, spyware, pop-ups, browser exploits and phishing attempts.

All secure servers are protected by layer 7 firewalls, best-of-class router technology, TLS encryption, file integrity monitoring and network intrusion detection that identifies malicious traffic and network attacks. Network security scanning helps us quickly identify out-of-compliance systems.

All networks are monitored using a Security Incident Event Management (SIEM) system that gathers logs from all network systems and creates alert triggers based on correlated events.

In addition to our own capabilities, and those of our hosting providers, KLNIK contract with on-demand Distributed Denial of Service (DDoS) scrubbing providers that allow us to mitigate DDoS attacks.

Intrusion detection sensors throughout our internal network report events to the SIEM system for logging, alerts and reports.

Our patient database and file attachments are encrypted at rest, using the industry standard AES-256 encryption algorithm.

GDPR Compliance

KLNIK is GDPR compliant, Some points from our side include:

• Database encryption at storage level.

• Having full breach policies in place.

• Ability for auditing specific circumstances such as a patient record being accessed.

• Permissions surrounding user groups and what they can access on a client card.

• Hosted within the EU.

• Ability to pull out a record in its entirety if a patient was to request.

• Date and audit stamps for most activity.

We take appropriate measures to protect your personal information from unauthorised access, use, or disclosure. We use secure connections (HTTPS) and work with trusted third-party service providers to safeguard your data.

8. Data Retention

We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, or resolve disputes. Typically, this period is six years following your last interaction with us.

Lawful Basis

Legitimate interest – means the interest of our business in conducting and managing our business to enable KLNIK to give you the best service/product and the best and most secure experience. KLNIK will ensure  that it considers and balances any potential impact on you (both positive and negative) and that your rights before KLNIK processes your personal data for its  legitimate interests. 

KLNIK do not use your personal data for activities where its interests are overridden by the impact on you (unless KLNIK has your consent or it is otherwise necessary to process that data by law). You can obtain further information about how KLNIK assesses its legitimate interests against any potential impact on you in respect of specific activities by contacting us by email at INFO@klnik.co.uk.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or, to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation to which KLNIK is subject.

Further rights

You can find out what information KLNIK holds about you and ask us not to further process the information KLNIK collects and holds by contacting INFO@klnik.co.uk. 

If you’ve signed up for email alerts, you can unsubscribe or change your settings at any time by selecting the ‘unsubscribe’ link that appears in every email.

Controlling your personal information. You may choose to restrict the collection or use of your personal information in the following ways:

Whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us. You may request details of personal information which KLNIK hold about you under the GDPR. If you would like a copy of the information held on you please email info@klnik.co.uk or write to the Data Protection Officer , KLNIK, The Colony, Wilmslow, Cheshire, SK9 4LY, Greater Manchester, United Kingdom. If you believe that any information KLNIK is holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address, or using the above email address.   KLNIK will promptly correct any information found to be incorrect.

KLNIK will deactivate/delete inactive files (those exceeding 36 months) in accordance with its document destruction policy. If you wish to close your KLNIK file before this time, please email info@klnik.co.uk requesting your information to be deleted and removed from our systems. All of our staff have DBS clearance and are trained to safeguard you and your data.   

You have the right to request your personal data that KLNIK holds by making a data subject access request to a member of the KLNIK team, by email to info@Klnik.co.uk or in writing to, The Data Protection Officer, KLNIK, The Colony, Wilmslow, SK9 4LY.

9. Contact Us

If you have questions or concerns about this privacy policy or your personal information, please contact us at:

KLNIK

Email: info@klnik.co.uk

Data Protection Officer: Ryan Parkes

Address: KLNIK, The Colony, Altrincham Road, Wilmslow, SK9 4LY.

10. Changes to This Policy

We may update this privacy policy from time to time. The revised policy will be posted on our Site with an updated effective date. We encourage you to review this policy periodically to stay informed about how we protect your information.

11. Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another relevant supervisory authority.

I will ensure that future responses use English spelling by default. If there’s anything else you need, just let me know!