Privacy Policy
The information provided is for demonstration purposes only. This website is a portfolio (educational) project.
This Privacy Policy has been developed in accordance with:
the UK General Data Protection Regulation (UK GDPR) the Data Protection Act 2018 and other applicable UK legislation
The Data Controller is: Crystal Dental Clinic Ltd
Company Number: 12345678
Registered Office Address: 17 Harley Street, Marylebone, London W1G 9QH, United Kingdom
Email: info@crystaldental.com
Phone: +44 20 7946 0958
The clinic provides dental services in accordance with UK regulatory requirements and is registered with the Care Quality Commission (CQC).
the UK General Data Protection Regulation (UK GDPR) the Data Protection Act 2018 and other applicable UK legislation
The Data Controller is: Crystal Dental Clinic Ltd
Company Number: 12345678
Registered Office Address: 17 Harley Street, Marylebone, London W1G 9QH, United Kingdom
Email: info@crystaldental.com
Phone: +44 20 7946 0958
The clinic provides dental services in accordance with UK regulatory requirements and is registered with the Care Quality Commission (CQC).
2.1. Automated processing of personal data - the processing of personal data using computer technology.
2.2. Blocking of personal data - the temporary suspension of the processing of personal data (except where processing is necessary to verify or clarify the personal data).
2.3. Website - a collection of graphical and informational materials, as well as software and databases, ensuring their availability on the Internet at the address www.yousitename.com.
2.4. Personal data information system - a set of personal data contained in databases, together with information technologies and technical means used for their processing.
2.5. Anonymisation of personal data - actions resulting in the impossibility of identifying, without the use of additional information, the personal data as belonging to a specific User or other data subject.
2.6. Processing of personal data - any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, updating or modification, retrieval, use, disclosure by transmission (dissemination, provision, access), anonymisation, restriction, erasure, or destruction of personal data.
2.7. Data Controller - a public authority, legal entity, or individual who, alone or jointly with others, determines the purposes and means of processing personal data, including the scope of personal data and the operations performed on such data.
2.8. Personal data - any information relating to an identified or identifiable User of the website ___________________.
2.9. Personal data permitted for dissemination - personal data to which access has been granted to an unlimited number of persons by the data subject through consent for processing and dissemination in accordance with applicable data protection legislation.
2.10. User - any visitor to the website www.yousitename.com.
2.11. Provision of personal data - actions aimed at disclosing personal data to a specific person or a defined group of persons.
2.12. Dissemination of personal data - any actions aimed at disclosing personal data to an undefined group of persons or making such data available to an unlimited number of persons, including publication in the media, placement on information and telecommunications networks, or providing access by any other means.
2.13. Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state, including to foreign authorities, individuals, or legal entities.
2.14. Destruction of personal data - any actions resulting in the irreversible destruction of personal data, making it impossible to restore the content of such data within the personal data information system and/or resulting in the destruction of physical media containing personal data.
2.2. Blocking of personal data - the temporary suspension of the processing of personal data (except where processing is necessary to verify or clarify the personal data).
2.3. Website - a collection of graphical and informational materials, as well as software and databases, ensuring their availability on the Internet at the address www.yousitename.com.
2.4. Personal data information system - a set of personal data contained in databases, together with information technologies and technical means used for their processing.
2.5. Anonymisation of personal data - actions resulting in the impossibility of identifying, without the use of additional information, the personal data as belonging to a specific User or other data subject.
2.6. Processing of personal data - any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, updating or modification, retrieval, use, disclosure by transmission (dissemination, provision, access), anonymisation, restriction, erasure, or destruction of personal data.
2.7. Data Controller - a public authority, legal entity, or individual who, alone or jointly with others, determines the purposes and means of processing personal data, including the scope of personal data and the operations performed on such data.
2.8. Personal data - any information relating to an identified or identifiable User of the website ___________________.
2.9. Personal data permitted for dissemination - personal data to which access has been granted to an unlimited number of persons by the data subject through consent for processing and dissemination in accordance with applicable data protection legislation.
2.10. User - any visitor to the website www.yousitename.com.
2.11. Provision of personal data - actions aimed at disclosing personal data to a specific person or a defined group of persons.
2.12. Dissemination of personal data - any actions aimed at disclosing personal data to an undefined group of persons or making such data available to an unlimited number of persons, including publication in the media, placement on information and telecommunications networks, or providing access by any other means.
2.13. Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state, including to foreign authorities, individuals, or legal entities.
2.14. Destruction of personal data - any actions resulting in the irreversible destruction of personal data, making it impossible to restore the content of such data within the personal data information system and/or resulting in the destruction of physical media containing personal data.
3.1. The Data Controller has the right to:
obtain accurate information and/or documents containing personal data from the data subject;
continue processing personal data without the consent of the data subject where such consent has been withdrawn or where a request to cease processing has been submitted, provided there are lawful grounds under applicable data protection legislation;
determine independently the scope and list of measures necessary and sufficient to ensure compliance with applicable data protection laws and regulations, unless otherwise required by law.
3.2. The Data Controller is obliged to:
provide the data subject, upon request, with information relating to the processing of their personal data;
organise the processing of personal data in accordance with applicable UK legislation;
respond to requests and enquiries from data subjects and their authorised representatives in accordance with data protection legislation;
provide the relevant supervisory authority with the necessary information upon request within the prescribed timeframe;
publish or otherwise ensure unrestricted access to this Privacy Policy;
implement legal, organisational, and technical measures to protect personal data against unauthorised or accidental access, destruction, modification, blocking, copying, disclosure, dissemination, or other unlawful actions;
cease the transfer (disclosure, provision, access), processing, and ensure the deletion of personal data in the cases and manner предусмотренных applicable data protection legislation;
obtain accurate information and/or documents containing personal data from the data subject;
continue processing personal data without the consent of the data subject where such consent has been withdrawn or where a request to cease processing has been submitted, provided there are lawful grounds under applicable data protection legislation;
determine independently the scope and list of measures necessary and sufficient to ensure compliance with applicable data protection laws and regulations, unless otherwise required by law.
3.2. The Data Controller is obliged to:
provide the data subject, upon request, with information relating to the processing of their personal data;
organise the processing of personal data in accordance with applicable UK legislation;
respond to requests and enquiries from data subjects and their authorised representatives in accordance with data protection legislation;
provide the relevant supervisory authority with the necessary information upon request within the prescribed timeframe;
publish or otherwise ensure unrestricted access to this Privacy Policy;
implement legal, organisational, and technical measures to protect personal data against unauthorised or accidental access, destruction, modification, blocking, copying, disclosure, dissemination, or other unlawful actions;
cease the transfer (disclosure, provision, access), processing, and ensure the deletion of personal data in the cases and manner предусмотренных applicable data protection legislation;
- fulfil other obligations предусмотренные applicable data protection legislation.
4.1. Data subjects have the right to:
receive information regarding the processing of their personal data, except where otherwise provided by applicable legislation. Such information shall be provided by the Data Controller in an accessible form and must not include personal data relating to other data subjects, unless there are lawful grounds for such disclosure. The scope of information and the procedure for obtaining it are defined by applicable data protection legislation;
request the rectification, restriction, or erasure of their personal data where such data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as to take measures предусмотренные law to protect their rights;
require prior consent for the processing of personal data for direct marketing purposes;
withdraw consent to the processing of personal data and submit a request to cease such processing;
lodge a complaint with the relevant supervisory authority or seek judicial remedy in relation to unlawful actions or inaction by the Data Controller;
exercise other rights предусмотренные applicable data protection legislation.
4.2. Data subjects are obliged to:
provide the Data Controller with accurate personal data;
inform the Data Controller of any updates or changes to their personal data.
4.3. Individuals who provide inaccurate information about themselves or disclose personal data of another data subject without proper consent shall be held liable in accordance with applicable legislation.
receive information regarding the processing of their personal data, except where otherwise provided by applicable legislation. Such information shall be provided by the Data Controller in an accessible form and must not include personal data relating to other data subjects, unless there are lawful grounds for such disclosure. The scope of information and the procedure for obtaining it are defined by applicable data protection legislation;
request the rectification, restriction, or erasure of their personal data where such data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as to take measures предусмотренные law to protect their rights;
require prior consent for the processing of personal data for direct marketing purposes;
withdraw consent to the processing of personal data and submit a request to cease such processing;
lodge a complaint with the relevant supervisory authority or seek judicial remedy in relation to unlawful actions or inaction by the Data Controller;
exercise other rights предусмотренные applicable data protection legislation.
4.2. Data subjects are obliged to:
provide the Data Controller with accurate personal data;
inform the Data Controller of any updates or changes to their personal data.
4.3. Individuals who provide inaccurate information about themselves or disclose personal data of another data subject without proper consent shall be held liable in accordance with applicable legislation.
5.1. Обработка персональных данных осуществляется на законной и справедливой основе.
5.2. Обработка персональных данных ограничивается достижением конкретных, заранее определенных и законных целей. Не допускается обработка персональных данных, несовместимая с целями сбора персональных данных.
5.3. Не допускается объединение баз данных, содержащих персональные данные, обработка которых осуществляется в целях, несовместимых между собой.
5.4. Обработке подлежат только персональные данные, которые отвечают целям их обработки.
5.5. Содержание и объем обрабатываемых персональных данных соответствуют заявленным целям обработки. Не допускается избыточность обрабатываемых персональных данных по отношению к заявленным целям их обработки.
5.6. При обработке персональных данных обеспечивается точность персональных данных, их достаточность, а в необходимых случаях и актуальность по отношению к целям обработки персональных данных. Оператор принимает необходимые меры и/или обеспечивает их принятие по удалению или уточнению неполных или неточных данных.
5.7. Хранение персональных данных осуществляется в форме, позволяющей определить субъекта персональных данных, не дольше, чем этого требуют цели обработки персональных данных, если срок хранения персональных данных не установлен федеральным законом, договором, стороной которого, выгодоприобретателем или поручителем по которому является субъект персональных данных. Обрабатываемые персональные данные уничтожаются либо обезличиваются по достижении целей обработки или в случае утраты необходимости в достижении этих целей, если иное не предусмотрено федеральным законом.
5.2. Обработка персональных данных ограничивается достижением конкретных, заранее определенных и законных целей. Не допускается обработка персональных данных, несовместимая с целями сбора персональных данных.
5.3. Не допускается объединение баз данных, содержащих персональные данные, обработка которых осуществляется в целях, несовместимых между собой.
5.4. Обработке подлежат только персональные данные, которые отвечают целям их обработки.
5.5. Содержание и объем обрабатываемых персональных данных соответствуют заявленным целям обработки. Не допускается избыточность обрабатываемых персональных данных по отношению к заявленным целям их обработки.
5.6. При обработке персональных данных обеспечивается точность персональных данных, их достаточность, а в необходимых случаях и актуальность по отношению к целям обработки персональных данных. Оператор принимает необходимые меры и/или обеспечивает их принятие по удалению или уточнению неполных или неточных данных.
5.7. Хранение персональных данных осуществляется в форме, позволяющей определить субъекта персональных данных, не дольше, чем этого требуют цели обработки персональных данных, если срок хранения персональных данных не установлен федеральным законом, договором, стороной которого, выгодоприобретателем или поручителем по которому является субъект персональных данных. Обрабатываемые персональные данные уничтожаются либо обезличиваются по достижении целей обработки или в случае утраты необходимости в достижении этих целей, если иное не предусмотрено федеральным законом.
Purpose of processing: informing the User by means of email communications
Personal data
Personal data
- full name
- email address
- telephone numbers
- the legitimate interests of the Data Controller
- contracts concluded between the Data Controller and the data subject
- collection, recording, organisation, storage, and erasure or anonymisation of personal data
- sending informational communications to the email address
7.1. Personal data is processed with the consent of the data subject to the processing of their personal data.
7.2. Processing of personal data is necessary for compliance with legal obligations to which the Data Controller is subject under applicable UK legislation.
7.3. Processing of personal data is necessary for the administration of justice, compliance with a court order, or the lawful request of a competent authority.
7.4. Processing of personal data is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
7.5. Processing of personal data is necessary for the purposes of legitimate interests pursued by the Data Controller or a third party, provided that such interests are not overridden by the rights and freedoms of the data subject.
7.6. Processing of personal data is carried out where such data has been made publicly available by the data subject or at their request (publicly available personal data).
7.7. Processing of personal data is carried out where such data is subject to publication or mandatory disclosure in accordance with applicable legislation.
7.2. Processing of personal data is necessary for compliance with legal obligations to which the Data Controller is subject under applicable UK legislation.
7.3. Processing of personal data is necessary for the administration of justice, compliance with a court order, or the lawful request of a competent authority.
7.4. Processing of personal data is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
7.5. Processing of personal data is necessary for the purposes of legitimate interests pursued by the Data Controller or a third party, provided that such interests are not overridden by the rights and freedoms of the data subject.
7.6. Processing of personal data is carried out where such data has been made publicly available by the data subject or at their request (publicly available personal data).
7.7. Processing of personal data is carried out where such data is subject to publication or mandatory disclosure in accordance with applicable legislation.
The security of personal data processed by the Data Controller is ensured through the implementation of legal, organisational, and technical measures necessary to comply fully with applicable data protection legislation.
8.1. The Data Controller ensures the security of personal data and takes all reasonable measures to prevent unauthorised access.
8.2. Personal data of the User will not be disclosed to third parties under any circumstances, except where required by law or where the data subject has given consent for such disclosure for the performance of contractual obligations.
8.3. In the event of inaccuracies in personal data, the User may update such data by notifying the Data Controller via email at info@yousitename.com with the subject line “Update of Personal Data”.
8.4. The retention period for personal data is determined by the purposes for which the data was collected, unless a longer period is required by contract or applicable legislation. The User may withdraw consent to the processing of personal data at any time by sending a notification to info@yousitename.com with the subject line “Withdrawal of Consent to Personal Data Processing”.
8.5. Any information collected by third-party services, including payment providers, communication services, and other service providers, is processed by such parties in accordance with their respective terms and privacy policies. The Data Controller is not responsible for the actions of such third parties.
8.6. Any restrictions set by the data subject on the transfer or processing of personal data made publicly available shall not apply where processing is required for reasons of public interest or in accordance with applicable legislation.
8.7. The Data Controller ensures the confidentiality of personal data during processing.
8.8. Personal data is stored in a form which permits identification of the data subject for no longer than is necessary for the purposes of processing, unless a longer retention period is required by law or contract.
8.9. Processing of personal data may be terminated upon achievement of the processing purposes, expiry of the consent period, withdrawal of consent by the data subject, a request to cease processing, or in the event of unlawful processing being identified.
8.1. The Data Controller ensures the security of personal data and takes all reasonable measures to prevent unauthorised access.
8.2. Personal data of the User will not be disclosed to third parties under any circumstances, except where required by law or where the data subject has given consent for such disclosure for the performance of contractual obligations.
8.3. In the event of inaccuracies in personal data, the User may update such data by notifying the Data Controller via email at info@yousitename.com with the subject line “Update of Personal Data”.
8.4. The retention period for personal data is determined by the purposes for which the data was collected, unless a longer period is required by contract or applicable legislation. The User may withdraw consent to the processing of personal data at any time by sending a notification to info@yousitename.com with the subject line “Withdrawal of Consent to Personal Data Processing”.
8.5. Any information collected by third-party services, including payment providers, communication services, and other service providers, is processed by such parties in accordance with their respective terms and privacy policies. The Data Controller is not responsible for the actions of such third parties.
8.6. Any restrictions set by the data subject on the transfer or processing of personal data made publicly available shall not apply where processing is required for reasons of public interest or in accordance with applicable legislation.
8.7. The Data Controller ensures the confidentiality of personal data during processing.
8.8. Personal data is stored in a form which permits identification of the data subject for no longer than is necessary for the purposes of processing, unless a longer retention period is required by law or contract.
8.9. Processing of personal data may be terminated upon achievement of the processing purposes, expiry of the consent period, withdrawal of consent by the data subject, a request to cease processing, or in the event of unlawful processing being identified.
9.1. The Data Controller carries out the collection, recording, organisation, storage, updating (modification), retrieval, use, disclosure (including dissemination, provision, or access), anonymisation, restriction, erasure, and destruction of personal data.
9.2. The Data Controller carries out automated processing of personal data, including the receipt and/or transmission of such data via information and telecommunications networks, or without the use of such networks.
9.2. The Data Controller carries out automated processing of personal data, including the receipt and/or transmission of such data via information and telecommunications networks, or without the use of such networks.
10.1. Prior to carrying out cross-border transfers of personal data, the Data Controller shall ensure that such transfers comply with applicable data protection legislation, including requirements under the UK GDPR.
10.2. Before transferring personal data to recipients located outside the United Kingdom, the Data Controller shall ensure that appropriate safeguards are in place, including obtaining sufficient information about the recipient and ensuring an adequate level of data protection in accordance with applicable legislation.
10.2. Before transferring personal data to recipients located outside the United Kingdom, the Data Controller shall ensure that appropriate safeguards are in place, including obtaining sufficient information about the recipient and ensuring an adequate level of data protection in accordance with applicable legislation.
The Data Controller and any other persons who have gained access to personal data are obliged not to disclose or disseminate such data to third parties without the consent of the data subject, unless otherwise required by applicable legislation.
12.1. The User may obtain any clarification regarding the processing of their personal data by contacting the Data Controller via email at info@yousitename.com.
12.2. Any changes to this Privacy Policy will be reflected in this document. The Policy remains in effect indefinitely until replaced by a new version.
12.3. The current version of the Policy is publicly available on the Internet at www.yousitename.com/privacy-policy/.
12.2. Any changes to this Privacy Policy will be reflected in this document. The Policy remains in effect indefinitely until replaced by a new version.
12.3. The current version of the Policy is publicly available on the Internet at www.yousitename.com/privacy-policy/.