We are committed to protecting the privacy of all individuals using this website and our services
The following statement sets out the Privacy Notice in relation to InHealth Group Limited. If a subsidiary of InHealth Group Limited has its own Privacy Notice, then that Privacy Notice will apply to that subsidiary.
Introduction and General Terms
We are committed to protecting and respecting your privacy and ask that you read this notice carefully. It explains when and why we collect personal data about you, how we use it, the conditions under which we may disclose it and how we keep it secure.
Who are we?
We are InHealth Group Limited, registered in England & Wales under company number 04620480 with our registered office at Beechwood Hall, Kingsmead Road, High Wycombe, Bucks HP11 1JL. The principal subsidiary of InHealth Group Limited is InHealth Limited.
What type of personal data do we collect and process?
Personal data is any information that relates to you and can be used to identify you.
We may collect and process personal data when you engage with our services. The typical places that personal data are collected include:
- When you use our website, including filling in forms;
- When you communicate with us about our services;
- In the course of receiving services, such as providing information to our staff or responding to requests from staff during a scan;
- If you respond to a request from us to a survey.
We describe below the types of personal data that we may collect from you:
- Name and contact information such as email, address and phone number.
- Information related to your job if it is relevant to your care and treatment.
- Details of the services you have accessed.
- Treatment notes and reports about your health and any treatment you have received.
- Your feedback and treatment outcome information.
- Information surrounding complaints and incidents which may have arisen.
- Recordings of calls, inbound and outbound.
- Any other personal information we collect in the ordinary course of providing our services or in operating our business or in connection with your enquiry or healthcare pathway.
Information about your health, racial or ethnic origin, genetic and biometric data and sexual orientation is classified as ‘special category data’. We will only process this information on the basis that it is necessary for medical diagnosis, the provision of health care services and research purposes, and/or with your consent.
How do we collect personal data?
Most of the personal data we process is provided to us directly by you. However, sometimes we will receive personal data and special category personal data from third parties, such as:
- your GP
- a primary healthcare provider such as a hospital where you have been referred for other healthcare services
- a family member
In these cases, you will typically have consented to the sharing of your personal data by such persons for the purpose of your healthcare treatment. We will use your personal data for the purpose of your healthcare treatment.
If you give us personal data on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has agreed that you can:
- give consent on their behalf to the processing of their personal data
- receive on their behalf any data protection notices
Who many we share your personal data with?
We may share data with such persons or third parties as are necessary in our view to enable your healthcare to be delivered. This may include:
- the NHS
- your GP
- any hospital in which you are or will receive treatment
- NHS Integrated Care Boards
- Local authorities
- Healthcare providers generally
- Data controllers and processors involved in your healthcare pathway
- Suppliers who we appoint to help us provide our services to you
We will only share your personal data with the above if it is necessary for the purpose of your healthcare treatment. Suppliers must meet our strict requirements about the security and privacy of your personal data.
What we do with the information we have
Under data protection legislation (including Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR), we may only process your personal data if one of the following lawful bases appliy, which will be considered on an individual basis.
(a) We have your consent. You are able to withdraw your consent at any time. You can do this by contacting us. (Please refer to “How do you contact us?” below)
(b) We have a contractual obligation with you that requires us to process your personal data
(c) We have a legal obligation to process your personal data
(d) We have to protect your vital interests
(e) We need it to perform a public task
(f) We have a legitimate interest to process your personal data
The lawful basis we will usually apply for processing your personal data is our legitimate interest to do so.
The legitimate interest is for the purpose of patient healthcare. Processing is necessary to achieve this where we are acting as a data controller of health data and we need to book patients for clinical appointments and perform, and report, clinical practice.
The purpose we need to process your data is for some or all the following reasons:
- for the purpose of your treatment
- compliance with legal, regulatory and corporate governance obligations and good practice
- gathering information as part of inspections by regulatory bodies or legal proceedings or requests
- operational reasons, such as recording services, training and quality control
- staff administration and assessments, monitoring staff conduct, disciplinary matters
- improving our services by conducting statistical analysis and research (in this case your data will be anonymised meaning your data will not be identifiable to you)
- enabling us to meet your healthcare pathway generally
Monitoring and recording communications
We may monitor and record communications with you (such as telephone conversations and emails) for quality assurance, training, fraud prevention and compliance purposes.
How is your personal data stored?
Your personal data is securely stored on locations which are strictly governed by our data security framework. This provides appropriate organisational and technical security measures to prevent unauthorised access or unlawful processing of your personal data and to prevent personal data being lost, destroyed or damaged. We continually strive to ensure our data security framework offers a robust defence against breaches of data security including through audits. We are accredited with ISO 9001 Quality Management System and ISO 27001 Information Security Management Standard.
Transferring data outside the UK
In some cases, we (or our data processors) may need to transfer data outside of the UK, for example to provide triage or reporting services, and to enable us to deliver services effectively for our patients. We only transfer data overseas:
- to countries within the EEA (European Economic Area that are subject to data protection rules equivalent to UK legislation
- to countries that have been assessed by the UK Government to provide an adequate level of protection for processing of personal data; or
- otherwise, if we have ensured that appropriate safeguards are in place to ensure that personal data is transferred securely and with equivalent protections to UK data protection standards.
For how long do we hold your personal data?
We will hold your personal data on our systems only for as long as is necessary to respond to and manage your enquiry.
We will hold your personal data only for as long as it is necessary in accordance with our Data Retention Policy which is available on request. (Please refer to “How do you contact us?” below.)
Where you have provided consent for us to process your personal data, please note that you have the right to withdraw this consent at any time.
Who has access to your personal data from the website?
We may disclose your personal data to other companies within our group. We will not pass on your personal data obtained through our websites to any third party except as required by law.
If you would like to find out more about cookies, or how you can stop their use in your browser (although please be aware that this may mean that some functions of the site are no longer available to you), please visit www.allaboutcookies.org , or if you would like to view information from Google please visit www.google.com/intl/en/analytics/privacyoverview.html
Do Not Track (DNT)
Please note that this website does not monitor or respond to Do Not Track browser requests.
What rights do you have?
Under data protection legislation, you have rights including:
Right of access: you have the right to ask us for copies of your personal data. This is called a “Subject Access Request”. Please send your request to firstname.lastname@example.org.
Right to rectification: you have the right to ask us to rectify personal data you think is inaccurate or to complete information you think is incomplete.
Right to erasure: you have the right to ask us to erase your personal data in certain circumstances.
Right to restriction of processing: you have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to object to processing: you have the right to object to the processing of your personal data in certain circumstances.
Right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Right not to be subject to solely automated decisions: you have the right including related to profiling not to be subject to processes that do not involve human intervention.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
We will need to verify your identity by reference to your driving licence, passport, and utility bill or similar showing your name and address. To exercise any of these rights you need to contact us, please refer to “How do you contact us?” below.
Lodging a complaint
If you have reason to complain about how your personal data has been controlled or processed by us, please contact us by email at email@example.com.
We shall try to resolve your queries promptly and, if you remain unsatisfied, you have the right to contact the Information Commissioner’s Office at:
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
How to exercise your data protection rights and contact us
If you wish to exercise any of your data protection rights, please send your request to firstname.lastname@example.org.
If you have any questions about this Privacy Notice or the personal data we hold about you or you wish to exercise any of your rights, please contact us on:
Name: Data Protection Officer
Address: Beechwood Hall, Kingsmead Road, High Wycombe, Buckinghamshire HP11 1JL
Phone Number: 01494 560036
Changes to the Privacy Notice
We may change this Privacy Notice from time to time. You should check this notice occasionally to ensure you are aware of the most recent version that will apply each time you access this website.
This Privacy Notice was most recently updated in September 2023.