The following statement sets out the privacy notice in relation to InHealth Group Limited.
Introduction and General Terms
We are committed to protecting and respecting your privacy and ask that you read this notice carefully. It explains when and why we collect personal data about you, how we use it, the conditions under which we may disclose it and how we keep it secure.
Who are we?
We are InHealth Group Limited, registered in England & Wales under company number 04620480 with our registered office at Beechwood Hall, Kingsmead Road, High Wycombe, Bucks HP11 1JL.
What type of personal data do we collect and process and how do we do it?
Personal data is any information that relates to you and can be used to identify you.
We may collect and process personal data when you engage with our businesses. The typical places that personal data are collected include:
- When you use our website, including filling in forms;
- When you communicate with us about our services;
- In the course of receiving services, such as providing information to our staff or responding to requests from staff during a scan;
- If you respond to a request from us to a survey.
We describe below the types of personal data that we may collect from you:
- Name and contact information such as email, address and phone number.
- Information related to your job if it is relevant to your care and treatment.
- Details of the services you have accessed.
- Treatment notes and reports about your health and any treatment you have received.
- Your feedback and treatment outcome information.
- Information surrounding complaints and incidents which may have arisen.
- Recordings of calls, inbound and outbound.
- Any other personal information we collect in the ordinary course of providing our services or in operating our business or in connection with your enquiry or healthcare pathway.
Information about your health, racial or ethnic origin, genetic and biometric data and sexual orientation is classified as ‘special category data’. We will only process this information on the basis that it is necessary for medical diagnosis, the provision of health care services and research purposes, and/or with your consent.
If you give us data on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has agreed that you can:
- give consent on their behalf to the processing of their personal data;
- receive on his/her behalf any data protection notices.
Most of the personal data we process is provided to us directly by you. However, sometimes we will receive personal data and special category personal data from third parties, such as:
- your GP
- a primary healthcare provider such as a hospital where you have been referred for other healthcare services
- a family member
In these cases, you will typically have consented to the sharing of your personal data by such persons for the purpose of your treatment. We will use your personal data to improve your healthcare pathway. We may share this data with such persons or third parties as are necessary in our view to enable your healthcare to be delivered. This may include:
- the NHS
- your GP
- any hospital in which you are or will receive treatment
- Clinical Commissioning Groups
- Local authorities
- Healthcare providers generally
- Data controllers and processors involved in your healthcare pathway
We will only share your personal data with the foregoing if it is necessary for the purpose of your treatment.
Under data protection legislation (including Data Protection Act 2018 and General Data Protection Regulation (GDPR), we may only process your personal data if one of the following lawful basis applies, which will be considered on an individual basis.
(a) We have your consent. You are able to withdraw your consent at any time. You can do this by contacting us. (Please refer to “How do you contact us?” below)
(b) We have a contractual obligation with you that requires us to process your personal data
(c) We have a legal obligation to process your personal data
(d) We have to protect your vital interests
(e) We need it to perform a public task
(f) We have a legitimate interest to process your personal data
The lawful basis we will usually apply for processing your personal data is our legitimate interest to do so.
The legitimate interest is for the purpose of patient healthcare. Processing is necessary to achieve this where we are acting as a data controller of health data and we need to book patients for clinical appointments and perform, and report, clinical practice.
What we do with the information we have
The purpose we need to process your data is for some or all the following reasons:
- for the purpose of your treatment
- compliance with legal, regulatory and corporate governance obligations and good practice
- gathering information as part of inspections by regulatory bodies or legal proceedings or requests
- operational reasons, such as recording services, training and quality control
- staff administration and assessments, monitoring staff conduct, disciplinary matters
- improving our services by conducting statistical analysis and research (in this case your data will be anonymised meaning your data will not be identifiable to you)
- enabling us to meet your healthcare pathway generally
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for quality assurance, training, fraud prevention and compliance purposes.
How is your personal data used and stored?
Your personal data is securely stored on locations which are strictly governed by our data security framework. This provides appropriate organisational and technical security measures to prevent unauthorised access or unlawful processing of your personal data and to prevent personal data being lost, destroyed or damaged. We continually strive to ensure our data security framework offers a robust defence against breaches of data security including through audits. We are accredited with ISO9001 Quality Management System and ISO27001 Information Security Management Standard.
Data protection legislation prohibits the transfer of personal data to countries outside the European Economic Area (EEA) unless:
- The country in question has been deemed by the European Commission or United Kingdom to provide an adequate level of protection for personal data; or
- One of the mechanisms set out in the legislation has been put in place, e.g. where one of the ‘appropriate safeguards’ listed in data protection legislation has been put in place or a specific exception applies.
For how long do we hold your personal data?
We will hold your personal data on our systems only for as long as is necessary to respond to and manage your enquiry.
We will hold your personal data only for as long as it is necessary in accordance with our Data Retention Policy which is available on request. (Please refer to “How do you contact us?” below.)
Where you have provided consent for us to process your personal data, please note that you have the right to withdraw this consent at any time.
Who has access to your personal data?
We may disclose your personal data to other companies within our group. We will not pass on your personal data obtained through our websites to any third party except as required by law.
If you would like to find out more about cookies, or how you can stop their use in your browser (although please be aware that this may mean that some functions of the site are no longer available to you), please visit www.allaboutcookies.org , or if you would like to view information from Google please visit www.google.com/intl/en/analytics/privacyoverview.html
What rights do you have?
Under data protection legislation, you have rights including:
Right of access: you have the right to ask us for copies of your personal data. This is called a “Subject Access Request”. Please send your request to firstname.lastname@example.org.
Right to rectification: you have the right to ask us to rectify personal data you think is inaccurate or to complete information you think is incomplete.
Right to erasure: you have the right to ask us to erase your personal data in certain circumstances.
Right to restriction of processing: you have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to object to processing: you have the right to object to the processing of your personal data in certain circumstances.
Right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Right not to be subject to solely automated decisions: you have the right including related to profiling not to be subject to processes that do not involve human intervention.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
We will need to verify your identity by reference to your driving licence, passport, and utility bill or similar showing your name and address. To exercise any of these rights you need to contact us, please refer to “How do you contact us?” below.
Lodging a complaint
If you have reason to complain about how your personal data has been controlled or processed by us, please contact us by email at email@example.com.
We shall try to resolve your queries promptly and, if you remain unsatisfied, you have the right to contact the Information Commissioner’s Office at:
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
How do you contact us?
If you have any questions about this privacy notice or the personal data we hold about you or you wish to exercise any of your rights, please contact us on:
Name: Data Protection Officer
Address: Beechwood Hall, Kingsmead Road, High Wycombe, Buckinghamshire HP11 1JL
Phone Number: 01494 560036
Changes to the Privacy Notice
We may change this Privacy Notice from time to time. You should check this notice occasionally to ensure you are aware of the most recent version that will apply each time you access this website.
This Privacy Notice was most recently updated in December 2020.