Mercer and Hughes Ltd are the data controller, and may subsequently be referred to as ‘us’ ‘we’ and ‘our’ throughout this policy. Rebecca Kitchen has been appointed our Data Protection Manager (DPM), and if you have any questions regarding this policy then please contact her using the information below.
Mercer and Hughes Ltd
14 Radwinter Road
🕾 01799 522 082
Please address all enquiries regarding GDPR and the use of your data to Ilse Pedler.
Correcting Your Information
If you feel you have any need to lodge a formal complaint about our processing of your data, please do get in touch with us first so that we can try to resolve it for you by contacting our DPM Rebecca Kitchen at email@example.com. However, you also have the right to complain to the Information Commissioner’s Office.
The Data We Hold On You
We hold some personal data about you to ensure that we are able to fulfil our duty of care to you and your pet. Personal data is classed as any information which may identify an individual, and does not include anonymised data. You may be interested to know that the data held on animals is not covered by GDPR.
Data About You
We need to know your full name and title (so that we know what to call you); your address ( so that we know where to send any bills or information, plus where to come if you need an emergency call out by our vet), your contact telephone number/s and/or email address (so that we can contact you with test results, send you important operation instructions, and treatment reminders); a record of the treatments, medications and services you have purchased from us (which, as well as forming important medical history for your pet, also allows us to keep track of your financial transactions with us). All of this comes under our contractual relationship with you, and we never ask you for more information than we need.
Data About Your Communication With Us
You can contact us, and we may contact you back, in many different ways – by phone, email, in writing, in person, by text, and via the contact forms on our website. Sometimes this is to answer your questions about various treatments, or to register a new pet or make changes to your customer record. Sometimes it is to do with insurance, or because we need to send you pre- and post-operative care information. We need to keep a record of this contact between us so that we can respond to you in good, timely fashion and answer your queries. It’s also pretty important in helping us identify any areas of legal dispute, and helping us to resolve them.
Data About How You Like To Be Contacted
We send routine information to our customers on a regular basis, including flea and worming treatment reminders, vaccination reminders, and appointment reminders, as part of our service to you, our customer. Sometimes we need to send pre-operative instructions as part of our duty of care to your pet. We also occasionally send out newsletters with invitations to our special pet care events. You may prefer to receive these by text, email, or in writing. Or, you may prefer to not receive routine communications from us at all in these matters. So we keep a record of the information you want to receive, and how you like to receive it. Sometimes we use this information to decide on how best to contact our customers in the future.
If you are one of our customers who use our website and online booking facilities, we need to understand how these are working for you. We analyse this by looking at how you interact with them, what device you are using to use them via (eg phone or laptop), the links you like to click on, any referral links which send you to us, what pages you look at the most and how long you look at them for. This is achieved by the use of analytical cookies on our website. These cookies also sometimes track IP addresses, which are useful for us to understand where our website visitors are coming from. Being a local business, we want to make sure our local customers are finding us! We also need to take back-ups of our website, email, accounting, and booking systems to maintain security and ensure all the information we have is relevant and up-to-date. All of this information helps us to develop our business and ensure we are providing you with the services and information you require.
We do not collect any sensitive data about you.
How We Collect Your Data
You provide us with your relevant personal data when you register with us as a client. You may provide this information over the phone, by email, or via one of our online contact forms. We may also receive personal data about you when we request previous veterinary histories, which we need in order to provide the best care for your pet.
We may also collect technical personal data about you, such as via cookies on our website, analytical tools such as Google Analytics and Facebook marketing, both of which are based outside of the EU.
Why We Send You Information
Much of the information we send to you is relevant to our duty of care to your pet (which comes under either our legitimate interests or a contractual basis for processing your data). For instance, we believe that you would like to know when your pet is due their annual health check and booster, when their appointments are booked, and when their flea and worming treatment is due. This is especially the case if you are on our Pet Healthcare Plan, where you are paying a monthly Direct Debit to spread the cost of the routine care of your pet. You are paying for the treatments, so we feel obligated to tell you when you are due some more.
We also need to send you information when your pet is booked in for an operation or procedure (which is a contract between you and us), so that you know how to prepare your pet and look after them afterwards. This is crucial for the well-being of your pet and is part of our duty of care.
Of course, you can choose how to have this information sent to you, or opt out of receiving these routine communications if you wish.
Assuming you have not since opted out of receiving marketing information from us, we may occasionally send you relevant marketing communications (our newsletter) which we hope you will find interesting and informative. This includes invitations to our special pet care events and annual vaccine amnesty programme.
We send these communications to our current customers and those who have used our services before, as allowed under the current PECR (Privacy and Electronic Communications Regulations). We also send them to those who have chosen to sign up to our marketing emails separately at events or via the website. You may choose to opt out of these communications at any time.
Oh, and we NEVER sell your information to third parties.
How to Opt Out
You can opt out of receiving marketing emails from us at any time by emailing us at firstname.lastname@example.org.
Opting out of marketing communications does not affect data collected via any financial transactions or treatments provided. We still have a right to contact you regarding the status of your account and to provide you with relevant information regarding your pet’s treatment as part of our duty of care.
Sharing Your Data
As part of the day to day running of our business, it is essential that we share your data to certain third parties. We ask them to only process your information as and when requested by us, according to our instructions, and in accordance with the law.
- IT and administration service providers (such as our accounts software, laboratory services, microchip providers, insurance companies, and specialist veterinary software)
- Our lawyers, auditors, banks, insurers, governing bodies, and other advising professionals (including other veterinary specialists we refer your pet to for treatment)
- Relevant government bodies whom we are required to report to by law
- Debt settlement agencies (based in the UK)
- Credit agencies (based in the UK)
Transfers of Your Data Outside of the EEA
Some of our service providers are based outside of the EEA (European Economic Area). The levels of protection offered in some of this countries are variable, and so the new GDPR laws have declared that data cannot be transferred outside of the EEA unless certain security measures are in place.
We will only transfer your personal data to service providers outside of the EEA who meet adequate security requirements, either set out by the European Commission or if they are part of the EU-US Privacy Shield.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Your Legal Rights and The Right to be Forgotten
You have legal rights over your data. This includes the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent. If you wish to exercise any of the rights set out above, please email us at email@example.com.
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
A fee isn’t chargeable to process any of your legal rights over your data. However, we are entitled to charge a reasonable fee if your requests are repetitive, extreme, or unfounded. Alternatively, in these cases we have a right to refuse your request. We try to respond to all requests within 30 days.
We may also need to request further personal information from you in order to fulfil this request and to confirm your identity. This is to protect your data and ensure that no-one is given access to it without permission. This additional data will only be used to process your legal rights.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
For tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Links On Our Website
You can set your browser to block some or all cookies, though it can affect the functionality of the site if you do this.