Privacy Policy

Purpose of this Privacy Policy

This policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It applies to personal data we process about clients, prospective clients, business contacts and users of our website. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By visiting https://quintessentialadvisors.com/ (“our website”) you are accepting and consenting to the practices described in this policy.

Data Controller & Data Protection

For the purpose of the General Data Protection Regulation (EU) 2016/679, the Data Protection Act 2018 and all applicable UK data protection legislation (“Data Protection Laws”), the data controller is Quintessential Medical Advisory of 19 Harley Street, London W1G 9QJ.

We have appointed a Data Protection Compliance Manager who is responsible for overseeing compliance with Data Protection Laws and this privacy policy. You may find our contact information at the end of this privacy policy.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Quintessential Medical Advisory uses the UK National Health Service (NHS) Records Management Code of Practice 2021 as guidance for data retention, which recommends a maximum of eight (8) years after the last engagement, testing, or treatment with Quintessential.

Personal Data We Collect

We may collect, hold and use personal data about you including:

• Name, company, job title and professional background
• Address, email address, telephone number and other contact details
• Health information, medical history and records relevant to the advisory services you engage us for
• Debit/credit card and payment information
• Notes from any meetings, consultations or other conversations with you
• Internet protocol (IP) address, operating system, browser type and version, time zone setting and location, browser plug-in types and versions, and other technology on the devices you use to access our website
• Your interests, preferences, feedback and survey responses
• Information about how you use our website

How Your Personal Data Is Collected

We may collect personal data about you through:

• Direct interactions. You may give us your personal data directly when we meet, when you give us your business card, when you complete an enquiry form on our website, or when you contact us by post, phone, email or otherwise.
• Third parties or publicly available sources. We may receive personal data about you from various sources including LinkedIn and other publicly available platforms, or from referring healthcare professionals and partner organisations.
• Automated technologies. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns via cookies and similar technologies. Please refer to our Cookie Policy for further details.

Purposes For Which We Use Your Personal Data

We will only use your personal information as the law permits. We process your personal data in the following ways:

• To administer our website and to ensure that content is presented in the most effective manner for you and for your computer.
• To administer and manage our relationship with you, including contacting you periodically to ask you to correct or update the information we hold about you and to confirm your preferences.
• To provide you with private medical advisory and healthcare coordination services.
• To comply with any contract between us.
• To provide you with any information, products or services you request from us.
• To provide you with information about services we offer where we think this may be of interest to you, where you have consented to receive such communications.
• To allow you to participate in interactive features of our website when you choose to do so.
• To notify you about changes to our services.
• To allow us to comply with any legal obligation on us.

Visiting Our Website

We process your personal data to administer our website and to ensure that content is presented in the most effective manner for you and for your computer. For more information on cookies please refer to our Cookie Policy.

Website Access & Server Logs

To make our website available and to ensure its functionality, the web server automatically records your visit in server log files. The following data is processed: browser type and version, operating system, IP address, access date and time, duration of visit, amount of data transferred, and the page from which access was made.

This data is processed for the purpose of providing our website, for statistical analysis, and for identifying and tracing unauthorised access. The legal basis for data processing is our legitimate interests pursuant to Article 6(1)(f) GDPR. Log file information is stored for a maximum of 30 days from the end of your visit and then deleted.

Google Analytics

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to analyse traffic on our website. This involves collecting, collating and analysing data about your behaviour as a visitor, including referrer URLs, pages visited and duration of visit. The data processed will not be assigned to you personally but will be given a separate user ID.

The legal basis for the processing of personal data is your consent pursuant to Article 6(1)(a) GDPR. You can prevent the collection of data by adjusting your browser cookie settings or by downloading the browser plug-in available at: tools.google.com/dlpage/gaoptout. Further information on data protection at Google can be found at policies.google.com/privacy.

Google Ads

This website may use Google Ads from Google Ireland Limited to display interest-based advertising across devices. The legal basis for the processing of personal data is your consent pursuant to Article 6(1)(a) GDPR. You can opt out via your browser cookie settings or at google.com/settings/ads/plugin.

Facebook Custom Audiences

We may use Facebook Custom Audiences (Facebook Pixel) operated by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”) to display interest-based advertisements to users of our website when they visit Facebook or other websites using this method. The legal basis is your consent pursuant to Article 6(1)(a) GDPR. You can manage your preferences via your browser cookie settings. Further information on Facebook’s data protection practices can be found at facebook.com/about/privacy.

Contact & Business Relationships

Contact by Email or Enquiry Form

You can contact us via our website using the email addresses  we provide, or by completing our private enquiry form. The personal data you provide will be processed for the purpose of responding to your enquiry or establishing a relationship with you.

Where the purpose of contacting us relates to a contract or prospective contract, the legal basis for processing is Article 6(1)(b) GDPR. In other cases, the legal basis is Article 6(1)(f) GDPR — our legitimate interest in being able to respond to your communications.

Maintaining & Performing Contractual Relationships

We may additionally process your personal data in order to:

• Administer and manage our relationship with you, including updating and correcting information we hold
• Comply with any contract between us for the provision of private medical advisory services
• Notify you about changes to our services
• Comply with any legal obligation on us

The legal basis for processing is Article 6(1)(b) GDPR where necessary for the performance of a contract, Article 6(1)(c) GDPR where necessary to comply with a legal obligation, or Article 6(1)(f) GDPR where processing is necessary for our legitimate business interests.

Marketing Communications

You may receive marketing communications from us where:

• You have specifically requested that information from us, for example by signing up to receive updates from us
• You are an existing client and have not opted out of receiving marketing communications

The legal basis for marketing communications for which we do not require consent is Article 6(1)(f) GDPR — our legitimate interest in communicating with existing clients about relevant services. Where you have requested communications or provided consent, the legal basis is Article 6(1)(a) GDPR.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message or by contacting us using the details set out below. Please note that we are not able to send marketing information to anyone under 16 without parental or guardian consent.

Our Presence on Social Media

Quintessential Medical Advisory operates profiles on social media platforms. Please note that you use these platforms and their interactive functions under your own responsibility. Each platform has its own privacy policy which governs how your data is processed by them.

Your Rights

Under Data Protection Laws you have the following rights in relation to your personal data:

• Right of access. To request a copy of the personal data we hold about you.
• Right to rectification. To request that we correct any incomplete or inaccurate data we hold about you.
• Right to erasure. To request that we delete your personal data where there is no good reason for us continuing to process it.
• Right to object. To object to the processing of your personal data where we are relying on legitimate interests, or where we are processing your data for direct marketing purposes.
• Right to restriction. To ask us to suspend processing of your personal data in certain circumstances.
• Right to data portability. To request the transfer of your personal data to you or a third party in a structured, machine-readable format.
• Right to withdraw consent. To withdraw consent at any time where we are relying on consent to process your personal data.
• Right not to be subject to automated decisions. To not be subject to decisions based solely on automated processing where those decisions produce legal or similarly significant effects.
• Right to lodge a complaint. To lodge a complaint with the ICO or another supervisory authority if you consider that the processing of your personal data infringes Data Protection Laws.

We require proof of identity to process your request and will respond to all legitimate requests within one month. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Security

We have put in place appropriate security measures against unlawful or unauthorised processing of your personal data and against accidental loss of, or damage to, your personal data. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at your own risk.

Disclosure of Your Information

You agree that we have the right to share your personal information with:

• Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
• Selected third parties including our External Partners — the scientists, clinicians, doctors and health professionals we work with — who will contact you directly in line with our terms and conditions.
• Our payment services providers to enable the processing of your payment details.
• Analytics and search engine providers that assist us in the improvement and optimisation of our website.
• Third parties in the event that we sell or buy any business or assets.
• Third parties where we are under a duty to disclose your personal data to comply with any legal obligation, or to protect the rights, property or safety of Quintessential Medical Advisory, our clients or others.

We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Transferring Personal Data Outside the UK & EEA

All information you provide to us is stored on our secure servers within the UK and European Economic Area (“EEA”). Where we transfer personal data outside the UK or EEA, we will ensure that all applicable safeguards and measures are implemented in compliance with Data Protection Laws. The security of the transfer is principally ensured by standard contractual clauses adopted by the UK and EU, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the UK GDPR and GDPR.

Retention of Data

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. In determining the appropriate retention period we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data, and the applicable legal requirements.

In line with the NHS Records Management Code of Practice 2021, clinical and health-related records are retained for a maximum of eight (8) years following your last engagement with Quintessential Medical Advisory.

Cookies

Our website uses cookies to distinguish you from other users of our website and to improve your experience. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

Third-Party Links

Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Changes to Our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.

Contact Us

Any questions, comments and requests regarding this privacy policy are welcomed and should be addressed to our Data Protection Compliance Manager: