Contact Health Limited Privacy Notice

Our contact details

Name: Contact Health Limited

Address: Litfield Medical Centre. Litfield Place. Clifton Down. Bristol. BS8 3LS

ICO Registration number: ZA775439

Your privacy

This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.

Your privacy matters to us and we are committed to the highest data privacy standards, patient confidentiality and adherence with the Data Protection Act 2018 and UK GDPR. We adopt the six core principles of data protection.

Main categories and type of Personal Data collected and processed

We may collect and process the following information:

  • Personal identifiers, contacts and characteristics.
  • Name, address and contact details.
  • Financial information, such as credit card details used to pay us.
  • Occupation
  • Emergency contact details, including next of kin.
  • Background referral details.
  • Details of your current or former physical or mental health. Such as personal data about any healthcare services you have received (from other healthcare providers such as GPs or hospitals (private and/or NHS)) or need, including clinic and hospital visits.
  • Details of previous healthcare services you have received from other healthcare providers in circumstances where medical negligence is alleged, or being investigated, against that third-party provider.

 

We treat all personal data as sensitive but acknowledge that we also process special category data including health data.

If you change personal data which we already hold about you (for instance by changing a pre-populated form) then we will update our systems to reflect the changes, but our systems will also continue to hold the originally recorded personal data.

Collection of your Personal Data

We may collect personal data directly from you when you:

  • Enter into a contract with us for the provision of your care.
  • Have remote consultations and imaging opinions with a healthcare professional including virtual or by telephone.
  • Complete enquiry forms on our website.
  • Send us a question including through our website, by email or by social media.
  • Correspond with us by letter, email, telephone or social media, including where you reference Heart and Lung Health in a public social media post.

 

Our patients will often receive healthcare services from other organisations in addition to Contact Health Limited, and to provide you with the best care possible we may have to collect personal data about you from other organisations. This may include medical record details from:

  • Your GP.
  • Your healthcare professional (including their medical secretaries).
  • The NHS or any private healthcare organisation.
  • Mental health providers.

 

We may also collect personal data about you from other third parties as follows:

  • Solicitors or other third parties acting on your behalf in connection with medico-legal proceedings.
  • Your current or former employer, healthcare professional or other healthcare services or on your behalf in connection with healthcare provided by us.
  • Your insurance policy provider.
  • Experts (including medical experts) and other service providers about your care.
  • NHS health service bodies about your care.

 

If you (or the relevant other healthcare providers and other third parties outlined above) do not provide us with the personal data that we ask for, then we may be unable to provide your care or provide you with our services.

Medical records include personal data about your diagnosis, clinic and hospital visits and may include any imaging previously obtained during an episode of care or diagnosis.

How we use your personal data

We use (or “process”) your personal data for a number of different purposes but in all cases, we must have a legal basis for doing so. When we use “special category data” such as personal data relating to a person’s health we must have a specific additional legal basis to do so. Please contact our Data Protection Officer for further details.

Generally, we will rely on the following legal bases:

Contract:

  • We need to use your personal data to take steps so that you can enter into a contract with us and/or a healthcare professional to provide your care.
  • We need to use your personal data to provide your care in accordance with a contract between you and Contact Health Limited and/or a healthcare professional. We will rely on this for activities such as supporting your care and other benefits, supporting other healthcare professionals and providing other services to you.
  • We need to use your personal data to assist in your investigation of potential medical negligence against another healthcare provider. The medico-legal assessment may be performed by one of our healthcare professionals.

 

Legitimate interests:

  • We need to use your personal data for our legitimate business interest to process your personal data and such interest does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and helping with medical research.

 

Legal obligation:

  • We need to use your personal data to comply with our legal or regulatory obligations.

 

Legal claims:

  • We need to use your personal data to establish, exercise or defend our legal claims.

 

Consent:

  • You have given us your consent to use your personal data for this purpose.

 

How long do we keep your personal data for

Your care record will be kept for a period of 8 years following your last interaction with the organisation.

Records involving pioneering or innovative treatment may have archival value, and their long-term preservation will be discussed with the local Place of Deposit or The National Archives and may be transferred to them.

Financial details, such as credit card details that are used to pay us are only kept for the duration of the transaction. If you would like to know the retention period for a specific piece of data, please contact our Data Protection Officer.

 

Sharing of Personal Data

Your personal data will only be shared with our own staff, associates, or contractors when it is necessary for them to have access to complete their assigned responsibilities or provide their contracted services. Sharing of your data will be relative to the nature of our engagement with you.

 

We utilise the services of other organisations who are critical for the provision of our service to you and will be viewed as data processors. Their access is restricted, and they are contractually bound to strict confidentiality and the protection of your personal data.  

 

Our operations are based in the UK, and your personal information is generally processed within the UK and countries within the European Economic Area (EEA). In some instances, we may transfer your personal information to third countries, for example, where our suppliers or cloud service providers are situated outside the UK and EEA.

 

If the recipient is situated in a third country that has not received an adequacy decision from the relevant regulator, we will ensure additional safeguards are in place including the use of applicable standard contractual clauses.

 

A full list of processors is available from our Data Protection Officer.

 

Where necessary we may disclose your information to healthcare professionals including the NHS. We may also pass information to external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity. Should any claim be made, we may pass your personal information to our insurers and, if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.

 

How we protect your personal information

We are committed to looking after your personal data and have implemented appropriate physical, technical, and organisational security measures designed to protect against accidental loss and unauthorised access, use, alteration, or disclosure.

In doing so, we comply with UK data protection law, including the Data Protection Act 2018, the UK General Data Protection Regulation and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the Health & Care Professions Council (HCPC) and the General Medical Council GMC.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only use your personal data on our instructions and they are subject to a duty of confidentiality.

In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, and we identify a risk to your rights and freedoms, we will report this to the Information Commissioners Office, who are responsible for regulating data protection legislation in the UK. Where the loss or unauthorised access of your data has the potential to cause you harm we will notify you without undue delay.

Your rights in relation to personal data

Under UK data protection law, you have the following rights which you can exercise by emailing our Data Protection Officer on ContactHealthDPO@clinicaldpo.com 

Right

Explanation

Right to be Informed

This means that we have to be transparent in how we collect and use your personal data

Right of Access

You have the right to access your personal data.

Right to Rectification

If the information we hold about you is inaccurate or incomplete you can request that we correct this

Right to Erasure

You can request that we delete or remove personal data in certain circumstances

Right to Restrict Processing

You have the right to request that we cease processing your data if

· you consider it inaccurate or incomplete and/or

you object to the reason we’re processing your data

We will review the validity of your request and respond to you with our decision

Right to Data Portability

Where you have consented to our processing your data or where the processing is necessary for us to deliver a contract you can request a copy of that data be provided to a third party

Right to Object

You have the right to object to our processing in certain circumstances.

 

Rights relating to Automated Decision-Making including Profiling

We do not use automated decision-making or profiling

Where automated decision-making is applied, organisations must

give you information about the processing

introduce simple ways for you to request human intervention or challenge a decision

carry out regular checks to make sure that our systems are working as intended

If you are unhappy with anything we have done with your data, please let us know. You also have the right to complain to the Information Commissioners Office.

To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113.  

https://ico.org.uk/make-a-complaint

 

How to contact us?

For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer:

 

Data Protection Officer: Clinical DPO

Phone Number 0203 411 2848

Email: ContactHealthDPO@clinicaldpo.com