Privacy policy
This privacy notice sets out details of the information we collect from you and how that information may be used. It will provide you with details of how we manage your data, our compliance with legal obligations and outline your rights in respect of your personal information.
What personal information do we collect?
Personal information which may include “special categories of personal information”, such as information relating to your physical and mental health, which is necessary in order for us to fulfil our contractual obligations to you.
Information we collect may include
- Name and DOB
- Contact details including address, email and phone numbers
- Insurance company details
- Occupation
- Emergency contact details including next of kin
- Background referral details
Confidentiality of your information is very important to us. We make every effort to prevent unauthorised access to all data held. As of 25th May 2018 all uses of information will comply with GDPR and the new Data Protection Act.
How we collect Information
- Information may be collected directly from you. This may be when you attend an appointment, make an enquiry or contact us by email letter or phone.
- We may collect information from other Healthcare providers in order to provide the best possible treatment for you. This may include GP’s, other clinicians (Private and NHS) or other Healthcare providers.
- It is also often necessary to collect information from third parties. This may include your Insurance provider. If we are dealing with you regarding a Medico legal case we may need to collect information from other Hospital sources or from Legal Counsel.
How will we communicate with you
If we need to contact you regarding treatment, appointment or any aspect of your care we will do so via letter, phone or email.
What are the purposes for which your information is used
- In response to your request to enter into a contract with us for medical treatment this information is necessary for us to carry out this contract and provide you with advice and treatment. The Legal grounds for this use of information are for the purposes of providing the necessary healthcare and related services and fulfilling our contract with you for the delivery of healthcare. The additional legal grounds for special categories of information are that we need this information to provide healthcare services to you.
- We have an appropriate business need such as maintaining our business records and ensuring your account and billing is fully accurate and up to date. The legal grounds are our providing you with healthcare, fulfilling our contract with you for delivery of healthcare and our business need to use your information. The additional legal grounds for special categories of personal information are that we need the information in order to provide healthcare services and that the use is necessary in order for us to establish, exercise or defend our legal rights.
- Communicating with you for matters relating to your healthcare or resolving any queries
- We may need to use such information to establish or defend our legal rights.
- Communicating with and updating any other healthcare professionals involved in your care.
Who do we share your information with?
Disclosures to third parties:
We may disclose your information to the third parties listed below for the purposes described in this Privacy Notice. This might include:
- A doctor, nurse, carer or any other healthcare professional involved in your treatment
- Other members of support staff involved in the delivery of your care, like receptionists and porters
- Anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or carer
- NHS organisations, including NHS Resolution, NHS England, Department of Health
- Other private sector healthcare providers
- Your GP
- Your dentist
- Your clinician (including their medical secretaries)
- Third parties who assist in the administration of your healthcare, such as insurance companies
- Government bodies, including the Ministry of Defence, the Home Office and HMRC
- Our regulators, like the Care Quality Commission, Health Inspectorate Wales and Healthcare Improvement Scotland
- The police and other third parties where reasonably necessary for the prevention or detection of crime
- Our insurers
- Debt collection agencies
- Credit referencing agencies
- Our third party services providers such as IT suppliers, auditors, lawyers, document management providers and tax advisers
- Selected third parties in connection with any sale, transfer or disposal of our business
We may communicate with these third parties in a variety of ways including, but not limited to, email, post and telephone.
How long do we keep personal Information for?
We will only keep your personal information as long as is necessary to comply with our legal and regulatory obligations.
Your Rights
Under Data Protection law you have certain rights in relation to the personal information that we hold about you. These include rights to know what information we hold about you and how it is used.
You are entitled to the following under data protection law.
Under Article 15(1) of the GDPR we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you:
- The purposes for which we use your personal information
- The types of personal information we hold about you
- Who your personal information has been or will be shared with, including in particular organisations based outside the EEA.
- If your personal information leaves the EU, how we make sure that it is protected
- Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for
- If the personal data we hold about you was not provided by you, details of the source of the information
- Your right to ask us to amend or delete your personal information
- Your right to ask us to restrict how your personal information is used or to object to our use of your personal information
- Your right to complain to the Information Commissioner’s Office
We also need to provide you with a copy of personal data.
In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
The right to erasure
In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to restriction of processing
In some circumstances, we must “pause” our use of your personal data if you ask us to. We do not have to comply with all requests to restrict our use of your personal information. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to data portability
In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible another individual/ organisation of your choice. The information must be transferred in an electronic format.
The right to complain to the Information Commissioner’s Office
You can complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.
More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.