Fair Processing and Privacy Notice
Your Information, Your Rights
Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the Data Protection Act 2018 and the EU General Data Protection Regulations (GDPR).
The use of information collected through our service shall be limited to the purpose of providing the service for you as the patient having engaged with Supportive Care UK Ltd. It also describes the choices available to you regarding the use of your personal information and how you can access and update this information.
Our designated Data Protection Officer is Nigel Rawlings, who may be contacted on 0161 413 8230.
Collecting and using personal information
What information do we collect?
We will collect the following types of information from you or about you from a third party (provider organisation) engaged in the delivery of your care:
‘Personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified from the data. This includes, but is not limited to name, date of birth, full postcode, address, next of kin. We may also request your Private Health Insurance details.
‘Special category / sensitive data’ such as medical history including details of appointments and contact with you, medication, emergency appointments and admissions, clinical notes, treatments, results of investigations and supportive care arrangements.
How do we use your information?
Supportive Care UK Ltd collects information for internal use within the company and the hospitals within which the consultants work.
Information may be collected over the telephone when you call the office, via BMI /Spire/HCA booking lines, or in person at the time of outpatient attendance.
We only use your information for the primary purpose of contacting you, creating your online accounts with us, assessing your needs and responding to your patient requests and requirements.
In certain situations, Supportive Care UK may be required to disclose personal data in response to requests by other clinicians within BMI/Spire/HCA or your private medical insurer.
Credit card information to make payment for invoices may also be taken over the telephone. The information you share will not be stored for future use.
If you have any privacy or data use concerns that we have not addressed satisfactorily, please contact our office on firstname.lastname@example.org
Information disclosure guidelines
Supportive Care UK Ltd does not share any personal or corporate information except for the purpose of providing the services that have been requested.
In the event that we need to share personally identifiable information with third parties other than those we have stated in this policy, we will request your permission prior to doing so.
We do not sell your personal information to 3rd parties.
We will retain your information for a minimum of 7 years in line with legislation for the retention of medical records.
If your personal information changes whilst you are under the care of one of our consultants please contact us by telephone 0161 413 8230 or by email at email@example.com or by post.
How do we maintain the confidentiality of your records?
We are committed to protecting your privacy and will only use information that has been collected lawfully. Every member of staff who works for our organisation has a legal obligation to keep information about you confidential. We maintain our duty of confidentiality by conducting annual training and awareness, ensuring access to personal data is limited to the appropriate staff and information is only shared with organisations and individuals that have a legitimate and legal basis for access.
When sending information to our consultants or the treating hospital we use encrypted emails to ensure secure transmissions.
When you enter sensitive information on our forms, a copy is stored on our online system and a paper copy may be stored within the hospital administration system. Any paper copies we retain are filed appropriately and held within locked office spaces.
Information is not held for longer than is necessary. We will hold your information in accordance with the Records Management Code of Practice for Health and Social Care 2016.
Consent and Objections
Do I need to give my consent?
The GDPR sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. However consent is only one potential lawful basis for processing information. Therefore, we may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice. We will contact you if we are required to share your information for any other purpose which is not mentioned within this notice. Your consent will be documented within your electronic or paper patient record.
What will happen if I withhold my consent or raise an objection?
You have the right to write to withdraw your consent at any time for any particular instance of processing, provided consent is the legal basis for the processing. Please contact our Head Office for further information and to raise your objection. We will respond to your request within 7 days.
Your Right of Access to Your Records
The Data Protection Act and General Data Protection Regulations allows you to find out what information is held about you including information held within your medical records, either in electronic or physical format. This is known as the “right of subject access”. If you would like to have access to all or part of your records, you can make a request in writing to the organisation that you believe holds your information. You should however be aware that some details within your health records may be exempt from disclosure. However this will be in the interests of your wellbeing or to protect the identity of a third party.
In the event that you feel Supportive Care UK has not complied with the current data protection legislation, either in responding to your request or in our general processing of your personal information, you should raise your concerns in the first instance in writing to the Practice Manager Mrs Pam Mottershead at: Suite 7, Southgate 2, 319 Wilmslow Road, Cheadle, Cheshire. SK8 3PW Tel: 0161 413 8230
Common to most websites, information is gathered automatically and stored in log files. This information may include Internet protocol addresses, browser type, Internet service provider, referring or exit pages and clickstream data. We do not link system-collected data to any other information that we collect about you.
Supportive Care may display personal testimonials on our website in addition to other endorsements. With your consent, we may post your testimonial, using your name or initials or anonymized, in line with your written consent, respecting your request for privacy where appropriate.