1. This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
2. We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
3. We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
4. We undertake to preserve the confidentiality of all information you provide to us and hope that you reciprocate.
5. Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
6. The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
7. Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website. We will not place any advertisements on the interface to our services.
If you have any questions regarding this notice, please email us at firstname.lastname@example.org or write to us at 1st Floor, Building 2 Croxley Park, Watford, England, WD18 8YA.
• Personal Information: means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or an identification number.
• Special Category Information: means personal information about an identified individual that is considered more sensitive and therefore requires greater levels of protection. Special Category information includes things like; Race, Ethnicity & Health data.
• Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Protection & Privacy
We will comply with current data protection law, which states that the personal information we hold must be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.
A key part of complying with the law is that we state the lawful basis under which we use personal / special category information. Below we describe the processing that we undertake as a company together with the associated legal basis.
Information we process because we have a contractual obligation with you when you buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. To carry out our obligations under that contract we must process the information you give us.
Some of this information may be personal information about you or personal / special category health information about your patients.
We may use it to:
• verify your identity for security purposes
• sell products to you
• provide you / your patients with our services
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
Where we are processing your patient’s health information, you are responsible for obtaining and maintaining all relevant patient consents/authorisations as necessary for you use of our services. Additionally, we may aggregate this information in a general way and use it to provide class information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
Information we process with your consent
Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including job opportunities and our products and services.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you would reasonably expect us to reply. Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally. We may aggregate it in a general way and use it to provide class information, for example to monitor the performance of a particular page on our website.
We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us at email@example.com
Information we process for the purposes of legitimate interests
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information on this basis, we do after having considered:
• whether the same objective could be achieved through other means
• whether processing (or not processing) might cause you harm
• whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
For example, we may process your data on this basis for the purposes of:
• record-keeping for the proper and necessary administration of our business.
• responding to unsolicited communication from you to which we believe you would expect a response
• protecting and asserting the legal rights of any party
• insuring against or obtaining professional advice that is required to manage business risk
• protecting your interests where we believe we have a duty to do so
• Information we process because we have a legal obligation
We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. In such circumstances, this may include your personal information.
If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data.
If the basis changes then if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
Disclosure of your information
We may have to disclose information provided by you with third parties, including:
• third-party service providers (data “processors” who support our services and only process information on our instructions and subject to specific contractual obligations).
• other employees within our company insofar as reasonably necessary for the purposes set out in our agreement.
• All our third-party service providers are required to take appropriate security measures to protect personal information in line with our policies.
We only allow our third-party service providers to process provided information in accordance with our instructions and for the specified purposes. We do not allow any third parties to use provided personal data for their own purposes.
Transfers of data outside of the EEA
Our website is hosted in the South England and all application servers including database servers are hosted in South England and all and in the normal provision of services, we do not transfer your information outside of the EEA.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your provided personal information. All information provided to us is stored on our secure (password and firewall protected) servers. All electronic data associated with transactions you make or in relation to our website will be encrypted.
Your rights :
Under certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.
• Withdraw consent for processing in any circumstance where you may have provided it for a specific purpose.
If you want to exercise any of your rights listed above, please email firstname.lastname@example.org
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity prior to undertaking such requests. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
• A “session” cookie is temporary and expires after you close your browser. We use this type of cookie to help customise your experience on our site and maintain your signed-on status as you navigate through the site.
• A “persistent” cookie remains on your computer after you have closed your browser. They remain on your computer until you delete them, or they expire. They do not contain any personal information.
Your web browser should allow you to delete any cookies you choose. It also should allow you to prevent or limit their use.
Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.
If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed into our website.
Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information:
• to provide you with the services you have requested;
• to comply with other law, including for the period demanded by our tax authorities;
• to support a claim or defense in court.
We retain and destroy the information we hold in line with the Records Management Code of Practice for Health and Social Care 2016. This provides the retention periods for the categories of data we process, as outlined above.
Compliance with the law
However, ultimately it is your choice as to whether you wish to use our website.
How you can complain :
If a dispute is not settled, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office. This can be done at https://ico.org.uk/concerns/.
We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.