Our contact details
Name: Contact Health Limited
Address: Litfield Medical Centre. Litfield Place. Clifton Down. Bristol. BS8 3LS
ICO Registration number: ZA775439
Your privacy
This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.
Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality and adherence with the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection.
Main categories and type of Personal Data collected and processed
We may collect and process the following information:
We treat all personal data as sensitive but acknowledge that we also process special category data including health data.
If you change personal data which we already hold about you (for instance by changing a pre-populated form) then we will update our systems to reflect the changes, but our systems will also continue to hold the originally recorded personal data.
Collection of your Personal Data
We may collect personal data directly from you when you:
Our patients will often receive healthcare services from other organisations in addition to Contact Health Limited, and to provide you with the best care possible we may have to collect personal data about you from other organisations. This may include medical record details from:
We may also collect personal data about you from other third parties as follows:
If you (or the relevant other healthcare providers and other third parties outlined above) do not provide us with the personal data that we ask for, then we may be unable to provide your care or provide you with our services.
Medical records include personal data about your diagnosis, clinic and hospital visits and may include any imaging previously obtained during an episode of care or diagnosis.
How we use your personal data
We use (or “process”) your personal data for a number of different purposes but in all cases, we must have a legal basis for doing so. When we use “special category data” such as personal data relating to a person’s health we must have a specific additional legal basis to do so. Please contact our Data Protection Officer for further details.
Generally, we will rely on the following legal bases:
Contract:
Legitimate interests:
Legal obligation:
Legal claims:
Consent:
How long do we keep your personal data for
Your care record will be kept for a period of 8 years following your last interaction with the organisation.
Records involving pioneering or innovative treatment may have archival value, and their long-term preservation will be discussed with the local Place of Deposit or The National Archives and may be transferred to them.
Financial details, such as credit card details that are used to pay us are only kept for the duration of the transaction. If you would like to know the retention period for a specific piece of data, please contact our Data Protection Officer.
Sharing of Personal Data
Your personal data will only be shared with our own staff, associates, or contractors when it is necessary for them to have access to complete their assigned responsibilities or provide their contracted services. Sharing of your data will be relative to the nature of our engagement with you.
We utilise the services of other organisations who are critical for the provision of our service to you and will be viewed as data processors. Their access is restricted, and they are contractually bound to strict confidentiality and the protection of your personal data.
Our operations are based in the UK, and your personal information is generally processed within the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the UK and EEA.
If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.
A full list of processors is available from our Data Protection Officer.
Where necessary we may disclose your information to healthcare professionals including the NHS. We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.
How we protect your personal information
We are committed to looking after your personal data and have implemented appropriate physical, technical, and organisational security measures designed to protect against accidental loss and unauthorised access, use, alteration, or disclosure.
In doing so, we comply with UK data protection law, including the Data Protection Act 2018, the UK General Data Protection Regulation and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the Health & Care Professions Council (HCPC) and the General Medical Council GMC.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only use your personal data on our instructions and they are subject to a duty of confidentiality.
In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, and we identify a risk to your rights and freedoms, we will report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK. Where the loss or unauthorised access of your data has the potential to cause you harm we will notify you without undue delay.
Your rights in relation to personal data
Under UK data protection law, you have the following rights which you can exercise by emailing our Data Protection Officer on ContactHealthDPO@clinicaldpo.com
Right |
Explanation |
Right to be Informed |
This means that we have to be transparent in how we collect and use your personal data |
Right of Access |
You have the right to access your personal data. |
Right to Rectification |
If the information we hold about you is inaccurate or incomplete you can request that we correct this |
Right to Erasure |
You can request that we delete or remove personal data in certain circumstances |
Right to Restrict Processing |
You have the right to request that we cease processing your data if · you consider it inaccurate or incomplete and/or you object to the reason we’re processing your data We will review the validity of your request and respond to you with our decision |
Right to Data Portability |
Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party |
Right to Object |
You have the right to object to our processing in certain circumstances.
|
Rights relating to Automated Decision-Making including Profiling |
We do not use automated decision-making or profiling Where automated decision-making is applied, organisations must give you information about the processing introduce simple ways for you to request human intervention or challenge a decision carry out regular checks to make sure that our systems are working as intended |
If you are unhappy with anything we have done with your data, please let us know. You also have the right to complain to the Information Commissioners Office.
To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113.
https://ico.org.uk/make-a-complaint
How to contact us?
For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer:
Data Protection Officer: Clinical DPO
Phone Number 0203 411 2848