Overview and Scope
This GDPR Policy explains how Golden Assistance Clinic handles personal data concerning individuals located in the European Economic Area (EEA) and the United Kingdom, in accordance with the EU General Data Protection Regulation (GDPR) and the UK GDPR. It supplements — and should be read alongside — our Privacy Policy.
Our clinical services are delivered exclusively in Florida and New York. This Policy therefore primarily concerns information collected when EEA or UK visitors interact with our website or correspond with our office.
Data Controller
For the purposes of GDPR, Golden Assistance Clinic is the controller of personal data collected through this website and through correspondence initiated by EEA or UK visitors. Contact details for the controller are provided at the end of this Policy.
Personal Data We Process
- Identity and contact data submitted through forms or email (name, email, phone).
- Correspondence content — including any questions or details you share with our office.
- Technical data — IP address, browser, device, referrer, and pages viewed.
- Cookie data — essential cookies used to keep the site functioning and optional analytics where you consent.
We do not knowingly collect special-category data from EEA or UK visitors through this website. If you share health information voluntarily, it is processed under explicit consent and used only to respond to your enquiry.
Lawful Bases for Processing
We process personal data under one or more of the following lawful bases:
- Consent — for optional analytics, marketing communications, and any special-category data you choose to share.
- Contract — to take steps at your request prior to entering a service relationship, and to perform services you have requested.
- Legal obligation — for record-keeping, regulatory compliance, and responding to lawful requests.
- Legitimate interests — to operate, secure, and improve our website and services, balanced against your rights and expectations.
Your Rights Under GDPR
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of your data ("right to be forgotten") where applicable.
- Request restriction of processing in certain circumstances.
- Object to processing carried out on the basis of legitimate interests.
- Receive your data in a structured, commonly used, machine-readable format (data portability).
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
- Lodge a complaint with your local supervisory authority, including the UK Information Commissioner's Office (ICO) for UK residents.
We respond to verified rights requests within one month, with a possible extension for complex requests as permitted by GDPR.
International Data Transfers
Because the Clinic operates in the United States, personal data collected from EEA and UK visitors is transferred to and processed in the U.S. Where required, transfers are protected by appropriate safeguards — including Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and supplementary measures assessed against current guidance.
Data Retention
We retain personal data only as long as necessary for the purposes set out in our Privacy Policy or as required by applicable law and professional standards. Website correspondence is typically deleted within 24 months of resolution unless a longer retention period is justified.
Security
We apply administrative, technical, and organisational measures appropriate to the risk profile of the data we process — including encryption in transit and at rest, access controls, staff training, and contractual safeguards with vendors.
Children
Our services and website are intended for adults. We do not knowingly process personal data of children under 16 from the EEA or UK without verified parental consent.
Updates to This Policy
We may update this GDPR Policy periodically. The "Last updated" date at the top of the page will always reflect the most recent revision. Material changes will be highlighted here.
Contact and Complaints
To exercise any of your GDPR rights or to ask a question about this Policy, email info@goldenassistanceclinic.com or visit our contact page. If you are not satisfied with our response, you have the right to lodge a complaint with your local data-protection supervisory authority.
