Privacy notice- General Data Protection Regulations Privacy Notice General Data Protection Regulations. Qure Ltd The GDPR May 2018 state that the information you provide to people about how you process their personal data must be: concise, transparent, intelligible and easily accessible; written in clear and plain language, free of charge. Dr Paul Charlson is our Data controller and may be contacted at: Qure Ltd 24 Westfield Park Brough HU15 1AN Personal data/ Qure Ltd Qure Ltd does not retain any personal data from visitors to our web site. We do not use any personal information for processing, analysis or sharing with third parties. Links to other websites which may be displayed on www.skinqure.co.uk are not our responsibility Information obtained and retained which is necessary for legal accurate medical notes and prescriptions: Name, address, DOB, contact details and records of treatment is kept securely stored and is not accessible to any third party. Medical records will be retained and securely stored for a minimum of ten years. We only retain personal data that has been sourced DIRECTLY from the data source. We do not obtain or store personal data from third parties. Personal data that makes up part of the data subject’s treatment notes is kept in accordance with good medical practice and stored securely. This information is not shared with other parties for the purpose of marketing or analysis. When medication is supplied on a prescription, personal data that is necessary to comply with a legal prescription ( Name, address, DOB ) is shared with our medical suppliers. These suppliers are UK based, licensed medical wholesalers who conform to GDPR and store their records securely. If a situation occurs that necessitates sharing of personal data with medical colleagues this is only done with the express permission of the Data Subject. E mail addresses that are used for marketing purposes are those addresses which have been provided with written consent. Data subjects have the right to withdraw consent at any time. Data subjects have the right to lodge a complaint with a supervisory authority Any breaches of data security will be reported to the Data Controller and the necessary action taken.