This is the privacy notice of Doc Abode Ltd.
We are a Limited Company registered in the in England and Wales with Company Registration number 10158487.
Our registered offices are at 107 Kirkgate, Leeds, England, LS1 6DP.
Introduction
This privacy notice aims to inform you about how we collect and process any information that we collect from you, or that you provide to us. It covers information that could identify you (legally termed “personal data”). In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information. This notice tells you about your privacy rights and how the law protects you.
We are committed to protecting your privacy and the confidentiality of your personal information. We comply with the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you in regards to the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org. Information on how to contact us is provided below.
Except as set out below, we do not share, or sell, or disclose to a third party, any information that we collect.
1. Data Protection Officer
2. We have appointed a Data Protection Officer (DPO) who oversees the way that we work and advises us on compliance with the GDPR. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our DPO by email to: dataprotection@DocAbode.com
3. Data we process
We will collect, use, store and transfer different kinds of personal data about you if you are a patient who has been referred through our service or you are a health care professional who may contribute to the delivery of care as part of that service. The information we collect and process from the Healthcare Provider will include some or all of:
Patients
• Your identity, which includes information such as first name, last name, date of birth, and other identifiers that you may have provided at some time.
• Your contact information, which includes information such as address, telephone numbers and any other information you have given to us for the purpose of communication or meeting.
• Information about your health, race, ethnicity and religious beliefs where these are needed to manage our service, support effective communications with you and provide you with care. This type of personal information is termed ‘Special Category Personal Data’ and can only be processed for purposes such as the management and delivery of care.
Health Care Professionals
• Your identity, which includes information such as first name, last name, title, and other identifiers that you may have provided at some time.
• Your contact information, which includes information such as email address, telephone numbers and any other information you have given to us for the purpose of communication or meeting.
• Your profession, right to practice and areas of expertise if you are a health care professional registered to help provide our services.
Visitors to our Website
• Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
4. The legal basis on which we process information about you
The law requires us to have a clear legal basis for processing personal information, and to notify you of the basis for processing information about you. If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data or if there is a different legal basis that applies we will notify you of the change.
There are a number of different legal bases that can apply, depending upon our relationship with you and the type of information involved:
• Information we process because we have a contractual obligation with you as a provider of care services
Healthcare Professionals who deliver care services at appointments made through Doc Abode do so under a contract with Doc Abode Limited that provides us with a legal basis for processing their personal information. The contract sets out the purposes for which we can process their data. Where that data includes Special Category Personal Data such as Race and Ethnicity, we are restricted by law to only process that data to support the delivery and management of care.
We shall continue to process this information only for the purpose of providing the service and normally for no more than two years after the contract between Doc Abode and the Healthcare Provider ends or is terminated by either party under the terms of the contract.
• Information we process for the purposes of legitimate interests
Patients: We process information about patients and those who have a need for an appointment on the basis there is a legitimate interest, either to the requestor or to us, of doing so. Where we process your information on this basis, we believe:
- we could not deliver our service without processing the data
- processing will not cause anyone harm and, if the purpose is to support care, not processing the data might cause a patient harm
- you would expect us to process the data, and that you would consider it reasonable to do so
Where the personal information that we process about an individual is Special Category Personal Data, e.g. about their health, we will only process that data to support the management and delivery of care.
Users of our Website: We may use your personal information to:
- Personalise our website for you and enable your use of the services available on our website.
- Administer our website and business, including enquiries and complaints.
- Send you goods or services purchased through our website, send statements, invoices and payment reminders to you, and collect payments from you.
- Send you non-marketing commercial communications;
- Send you email notifications that you have specifically requested and our email newsletter, if you have requested it.
- Send you marketing communications relating to our business which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications).
- Keep our website secure, prevent fraud and verify compliance with the terms and conditions governing the use of our website (including monitoring private messages sent through our website private messaging service).
• Information we process because we have a legal obligation
Sometimes, we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal information.
5. Use of Non-Identifiable Data
We may aggregate anonymous data such as statistical or demographic data for a range of purposes associated with the delivery of our service. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity. For example, we may aggregate data to assess the number and type of requests for out of hours care processed by Doc Abode Ltd. However, if we combine or connect aggregated data with your personal information so that it can identify you in any way, we treat the combined data as personal information and it will be used in accordance with this privacy notice.
6. Information Sharing
We only share patient personal data with the health care professionals contracted to provide care as part of our service and with the NHS organisation that has commissioned the service. Full Healthcare Professional personal information will only be shared with the NHS organisation.
We may disclose personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors, or to any member of our group of companies, insofar as reasonably necessary for the purposes set out in this policy.
We reserve the right to provide details of health care professionals to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling. We will not supply patient information for these commercial purposes.
We process a unique reference number assigned to you by the NHS which NHS Digital have suggested you may opt-out of it being used. If you would like to learn more about this choice
click here. 7. International data transfers
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate. This includes the following countries which do not have data protection laws equivalent to those in force in the European Economic Area: the United States of America. No patient data is transferred outside of the U.K. Limited data about Healthcare Professionals is processed in the United States of America under the Privacy Shield arrangements that provide equivalent data protection to that provided under the GDPR.
8. Retention of Information
We keep your personal information only for as long as required by us:
• to provide our services;
• to comply with contracts;
• to comply with regulations, including the NHS Records Management Code of Practice;
• to support a claim or defence in court.
We do not normally hold any personal data for more than two years after an episode of care, where the data relates to patients, or the end of a contract, where the data relates to healthcare professionals. This is in line with the NHS Records Management Code of Practice.
9. Cookies
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved. Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use. If you choose not to use cookies or you prevent their use through your browser settings, you may not be able to use all the functionality of our website.
We use cookies in the following ways:
• to track how you use our website
• to record whether you have seen specific messages we display on our website
• to keep you signed in to our site
10. Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is
inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain
circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your
personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your
personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information
you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have
one month to respond to you.
To obtain a copy of any information that we hold about you, you should contact us in writing to make that request.
When we receive any request to access or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
11. How you can complain
If you are not happy with our privacy policy or if you have any complaint then you should tell us. If a dispute is not settled then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration. To contact us please use the following email address:
dataprotection@DocAbode.com
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/.