Our Privacy Statement to you
Our Privacy Promise
Transparency – We will always tell you what data we’re collecting about you and how we use it. We only share your data with government bodies such as, for example, the NHS, Safeguarding Agencies or the Police and will never sell your data.
Secure – We are committed to always follow industry best practices to ensure your data is stored safely and securely. We protect the confidentiality, accuracy and availability of the information we collect about you.
Control – We will always give you control over the marketing you receive from us. You can choose the types of messages you receive and whether you want to stop receiving marketing communications.
Our Privacy Statement
Information we collect about you
How and why we use your personal data
Below, we set out all of the ways we use your personal data, and why. We have also identified what our legitimate interests are where appropriate.
It is sometimes necessary for us to process your personal data in order to enter into a contract with you, or to satisfy a contractual requirement (referred to as ‘performance of a contract with you’ below), or to comply with a statutory requirement. In those circumstances, if you do not provide the personal data we require, we will be unable to provide our services to you.
Registration – We use your personal and contact information to register you as a new patient. Necessary for the performance of medical services.
Verification We may require copies of documents to verify your identity where we are required by law to provide assistance or in order to comply with any request, you may make. Necessary for compliance with a legal obligation under our regulator (CQC).
Medical Notes- To provide you the best level of medical care. To comply with the Health and social; care Act 2008 and associated Regulations
Your consent – Necessary for legal compliance.
Managing your account – We use your personal and contact information to contact you if there is a need for that.
Staff training – We use copies of your communications with us (including voice recordings) in order to train our staff. Necessary for our legitimate interests (to ensure that we are able to provide the best service to you).
Market research – We may use the personal and contact information you have provided to ask you to take part in market research or a survey. We also use the results of any surveys or market research that you undertake to improve our website, or our service. Necessary for our legitimate interests (to assess and improve our patient care services).
Technical issues – if you contact us about an issue, we may use technical information, and personal and contact information to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Necessary for our legitimate interests (for running, the provision of administration and IT services, security and fraud prevention).
Experience – We use information about your use of our website, together with technical information about your device and (in some circumstances) your personal and contact information, and other relevant information that we receive from you or third parties (including aggregated information that we combine with your personal data), to deliver the best medical care and relevant clinical advice.
Advertising effectiveness – We use information about your use of our website and, in some circumstances, personal and contact information about you, to measure or understand the effectiveness of the advertising we serve to you. Necessary for our legitimate interests (to determine how effective advertising is in order to improve advertising, its relevance).
Analytics – We use information about your use of our website and technical information, including about your device or where you are accessing our or website from, to optimise our service and to improve our , website, games, services, direct marketing, player relationships, behaviour profiling and experiences. Necessary for our legitimate interests (to measure the interactions with our website, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
Publicity – We may use your personal and limited contact information in any publicity materials provided that you have given your consent.
Regulatory compliance – We may use your personal and contact information, information about any transaction between you and us, information about your use of out website, or technical information, to enable us to comply with our legal and regulatory obligations. These include reporting to the CQC, as we are required to. Necessary to comply with a legal obligation.
Fraud prevention – We may use your personal and contact information, information about any transaction between you and us, information about your use of our website, or technical information, in order to undertake analysis for the purposes of identifying and dealing with any fraud or fraudulent activity. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to ensure that transactions and interactions with us are not fraudulent).
Queries – We may use your personal and contact information, information about any transaction between you and us, information about your use our website, or technical information for the purpose of dealing with any request, complaint or query from you. Necessary to comply with a legal obligation.
We use your personal data to create aggregated data sets. You are not identifiable from that aggregated data and it is not considered personal data.
How we use your personal data for direct marketing
We send you marketing communications through a newsletter. You will receive direct marketing by email if you have visited us for the purpose of seeking medical services and have consented to receive such email marketing during account registration, and/or have not asked us to stop sending direct marketing by email to you. How can I control your direct marketing to me?
• email to firstname.lastname@example.org with the Subject: remove to be removed from our marketing mailing list or Subject: include to start receiving our newsletter with information about our patient care services.
Sharing your information with our marketing partners
We may share your data with our marketing partners, including advertisers, advertising networks and agencies to provide targeted advertising or to exclude you from our targeted advertising. We may also share your data with social media providers, including Facebook for custom audiences (for information on to opt out of Facebook custom audiences see the information provided by Facebook in its Help Centre (www.facebook.com/help/1415256572060999).
You can also opt out from cookies and other technology being used for marketing purposes. Please go to Manage your cookies for information on how to do this.
How we share your data with third parties
We sometimes share the data we collect from you with the following trusted third parties:
How we protect your personal data
We have put various measures in place to protect your personal data:
Your personal data may be processed outside the European Economic Area (EEA) – including by staff operating outside the EEA who work for us or for one of our third parties mentioned. That includes to digital marketing or social media agencies for the purposes of providing relevant marketing or advertising to you, market research or survey providers and email marketing services, for the purposes of processing any payments that you may make to us, communicating with players delivering dynamic content to web browsers and mobile applications or for the purposes of reporting and tracking web and mobile application performance. Where your personal data is transferred outside of the EEA, we require that appropriate safeguards are in place. To find out more about the appropriate safeguards that we have in place, please contact us.
How long we keep your personal data
We will only keep your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, medical, or reporting requirements. As we use computerised Medical records, these are kept for 6 after the patients death. At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you may be entitled to ask us to delete your data: see ‘Your rights’ below for further information.
Your rights You have the right:
By post to:
Data Protection Officer
3 Ascroft Court
OL1 1HP, Oldham
Telephone: 0161 222 3480
Mobile: 07525 234 034
By email to: email@example.com
In order to request a copy of the personal data that Ascroft Medical holds about you, please send your request in writing to the Data Protection Officer at the above address. To enable us to verify your identity and process your request, you must include all of the following information and documentation with your request: • your full name; • the email address or Personal ID registered to your account; • a description of the data that you are requesting, including a date range; • a copy of your current and valid photo ID (e.g. passport photo page); • proof of your address in the form of a photocopy of a utilities or service provider bill; and • the date of the request. If you are unhappy with our processing of your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/. We would, however, appreciate the chance to deal with any concerns before you approach the ICO, so please contact the Data Protection Officer by email in the first instance.
Manage your cookies
For more information about cookies, how to opt out and the steps you can take to protect your privacy on the internet, go to http://www.youronlinechoices.com/uk/ – the guide to online behavioural advertising and privacy. This website is operated by the Internet Advertising Bureau, the industry body for online advertising. On here you’ll find information about how behavioural advertising works, how to opt out, further information about cookies and the steps you can take to protect your privacy on the internet. If you’d prefer to restrict, block or delete cookies from our website, you can do so in your browser settings. If you choose to disable cookies, then please note that this may limit the way you use our Website. For example, you may have to re-enter information that would have ordinarily been stored as a cookie.
This Privacy Statement was last updated on 24th May 2018.