Our Privacy Statement to you
Our Privacy Promise
Transparency – We will always tell you what data we’re collecting about you and how we use it. We only share your data with government bodies such as, for example, the NHS, Safeguarding Agencies or the Police and will never sell your data.
Secure – We are committed to always follow industry best practices to ensure your data is stored safely and securely. We protect the confidentiality, accuracy and availability of the information we collect about you.
Control – We will always give you control over the marketing you receive from us. You can choose the types of messages you receive and whether you want to stop receiving marketing communications.
Our Privacy Statement
Information we collect about you
- Personal and contact information when you register to become one of our patients, including your name, address, email address, telephone number(s), title, date of birth, gender and ethnicity.
- Details (and copies) of your communications and interactions with us via our receptionists or doctors, including by email, telephone (voice recordings), post and online via our website, The Ascroft Medical social media channels.
- Copies of documents you provide to prove your identity (including driving license and passport) when you are registering as a patient, or where there is a legal reason to request this from you.
- Transaction details including payments from you for Ascroft Medical, Medical services payments,
- Details of the medical care you have received, or have been recommended to receive, including any referrals to NHS services as part of your patient care plan. Your NHS GP details if you have provided these.
- Information about how you use our website, and which websites you came to the Ascroft Medical website from.
- Technical information about your device or browser when you use our or website, including geolocation data to determine what country you are accessing our website from, your internet protocol (IP) address, device ID, browser type and version and time zone setting, which may in some circumstances be personal data.
How and why we use your personal data
Below, we set out all of the ways we use your personal data, and why. We have also identified what our legitimate interests are where appropriate.
It is sometimes necessary for us to process your personal data in order to enter into a contract with you, or to satisfy a contractual requirement (referred to as ‘performance of a contract with you’ below), or to comply with a statutory requirement. In those circumstances, if you do not provide the personal data we require, we will be unable to provide our services to you.
Registration – We use your personal and contact information to register you as a new patient. Necessary for the performance of medical services.
Verification We may require copies of documents to verify your identity where we are required by law to provide assistance or in order to comply with any request, you may make. Necessary for compliance with a legal obligation under our regulator (CQC).
Medical Notes- To provide you the best level of medical care. To comply with the Health and social; care Act 2008 and associated Regulations
Your consent – Necessary for legal compliance.
Managing your account – We use your personal and contact information to contact you if there is a need for that.
Staff training – We use copies of your communications with us (including voice recordings) in order to train our staff. Necessary for our legitimate interests (to ensure that we are able to provide the best service to you).
Market research – We may use the personal and contact information you have provided to ask you to take part in market research or a survey. We also use the results of any surveys or market research that you undertake to improve our website, or our service. Necessary for our legitimate interests (to assess and improve our patient care services).
Technical issues – if you contact us about an issue, we may use technical information, and personal and contact information to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). Necessary for our legitimate interests (for running, the provision of administration and IT services, security and fraud prevention).
Experience – We use information about your use of our website, together with technical information about your device and (in some circumstances) your personal and contact information, and other relevant information that we receive from you or third parties (including aggregated information that we combine with your personal data), to deliver the best medical care and relevant clinical advice.
Advertising effectiveness – We use information about your use of our website and, in some circumstances, personal and contact information about you, to measure or understand the effectiveness of the advertising we serve to you. Necessary for our legitimate interests (to determine how effective advertising is in order to improve advertising, its relevance).
Analytics – We use information about your use of our website and technical information, including about your device or where you are accessing our or website from, to optimise our service and to improve our , website, games, services, direct marketing, player relationships, behaviour profiling and experiences. Necessary for our legitimate interests (to measure the interactions with our website, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
Publicity – We may use your personal and limited contact information in any publicity materials provided that you have given your consent.
Regulatory compliance – We may use your personal and contact information, information about any transaction between you and us, information about your use of out website, or technical information, to enable us to comply with our legal and regulatory obligations. These include reporting to the CQC, as we are required to. Necessary to comply with a legal obligation.
Fraud prevention – We may use your personal and contact information, information about any transaction between you and us, information about your use of our website, or technical information, in order to undertake analysis for the purposes of identifying and dealing with any fraud or fraudulent activity. Necessary to comply with a legal obligation. Necessary for our legitimate interests (to ensure that transactions and interactions with us are not fraudulent).
Queries – We may use your personal and contact information, information about any transaction between you and us, information about your use our website, or technical information for the purpose of dealing with any request, complaint or query from you. Necessary to comply with a legal obligation.
We use your personal data to create aggregated data sets. You are not identifiable from that aggregated data and it is not considered personal data.
How we use your personal data for direct marketing
We send you marketing communications through a newsletter. You will receive direct marketing by email if you have visited us for the purpose of seeking medical services and have consented to receive such email marketing during account registration, and/or have not asked us to stop sending direct marketing by email to you. How can I control your direct marketing to me?
• email to firstname.lastname@example.org with the Subject: remove to be removed from our marketing mailing list or Subject: include to start receiving our newsletter with information about our patient care services.
Sharing your information with our marketing partners
We may share your data with our marketing partners, including advertisers, advertising networks and agencies to provide targeted advertising or to exclude you from our targeted advertising. We may also share your data with social media providers, including Facebook for custom audiences (for information on to opt out of Facebook custom audiences see the information provided by Facebook in its Help Centre (www.facebook.com/help/1415256572060999).
You can also opt out from cookies and other technology being used for marketing purposes. Please go to Manage your cookies for information on how to do this.
How we share your data with third parties
We sometimes share the data we collect from you with the following trusted third parties:
- Our IT system providers – in order to provide software to set up your patent medical records account, other communications providers and to provide our systems to us, including for the purposes of hosting, support and software licensing.
- Marketing service providers – to allow us to send email communications such as our newsletters.
- Marketing agencies – for the purposes of providing you with relevant advertising or marketing, website or on social media, including for the purposes of undertaking behavioural modelling for that purpose.
- Social media platforms – for the purpose of targeted advertising and communication to book your appointments.
- Online survey companies and market research agencies – to undertake surveys (including for example, our google patient satisfaction survey) and other market research and to analyse the results.
- Digital analytics companies – for the purposes of website analytics and reporting in respect of our analytics and marketing(such as google analytics).
- NHS Services or other designated medical care clinics compliant with CQC– for the purposes of providing you with continued patient care.
- Police or other such regulatory authority – as part of an investigation or otherwise for legal or regulatory purposes.
- Dispute Resolution agencies – for the purposes of dealing with any complaints.
- Credit reference agencies – for the purpose of checking the details that you have provided us with are correct and to comply with our regulatory obligations.
- Security companies – for the purposes of security, including prevention and detection methods • Auditors – to audit our systems and transactions for the purposes of ensuring efficiency, or regulatory or contractual compliance.
- UK law enforcement agencies and third party security companies – for the purposes of ensuring that we comply with the law and have adequate security measures in place.
- We will disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request. We do this in order to protect our rights, property or safety or of our players, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
How we protect your personal data
We have put various measures in place to protect your personal data:
- Our online security controls maintain confidentiality at all times, specifically for secure card payments. We are certified to the payment card data security standards (PCI-DSS) and never store card details.
- Our entire site is accessed using https rather than http, meaning that all information that is sent and received is encrypted for additional security. You can see this in the address bar of your browser.
Your personal data may be processed outside the European Economic Area (EEA) – including by staff operating outside the EEA who work for us or for one of our third parties mentioned. That includes to digital marketing or social media agencies for the purposes of providing relevant marketing or advertising to you, market research or survey providers and email marketing services, for the purposes of processing any payments that you may make to us, communicating with players delivering dynamic content to web browsers and mobile applications or for the purposes of reporting and tracking web and mobile application performance. Where your personal data is transferred outside of the EEA, we require that appropriate safeguards are in place. To find out more about the appropriate safeguards that we have in place, please contact us.
How long we keep your personal data
We will only keep your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, medical, or reporting requirements. As we use computerised Medical records, these are kept for 6 after the patients death. At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you may be entitled to ask us to delete your data: see ‘Your rights’ below for further information.
Your rights You have the right:
- to ask us not to use your personal data for direct marketing. To do so, at any time by send an email to email@example.com with the Subject: remove to be removed from our marketing mailing list or Subject: include to start receiving our newsletter with information about our patient care services.
- to ask us not to process your personal data where it is processed on the basis of legitimate interests, if there are no compelling reasons for that processing;
- to request from us access to personal information held about you (see Contact us below);
- to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
- to ask that we stop any consent-based processing of your personal data after you withdraw that consent;
- to ask, in certain circumstances, to delete the personal data we hold about you;
- to ask, in certain circumstances, for the processing of that information to be restricted; and
- to ask, in certain circumstances, for data portability.
By post to:
Data Protection Officer
3 Ascroft Court
OL1 1HP, Oldham
Telephone: 0161 222 3480
Mobile: 07525 234 034
By email to: firstname.lastname@example.org
In order to request a copy of the personal data that Ascroft Medical holds about you, please send your request in writing to the Data Protection Officer at the above address. To enable us to verify your identity and process your request, you must include all of the following information and documentation with your request: • your full name; • the email address or Personal ID registered to your account; • a description of the data that you are requesting, including a date range; • a copy of your current and valid photo ID (e.g. passport photo page); • proof of your address in the form of a photocopy of a utilities or service provider bill; and • the date of the request. If you are unhappy with our processing of your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/. We would, however, appreciate the chance to deal with any concerns before you approach the ICO, so please contact the Data Protection Officer by email in the first instance.
Manage your cookies
For more information about cookies, how to opt out and the steps you can take to protect your privacy on the internet, go to http://www.youronlinechoices.com/uk/ – the guide to online behavioural advertising and privacy. This website is operated by the Internet Advertising Bureau, the industry body for online advertising. On here you’ll find information about how behavioural advertising works, how to opt out, further information about cookies and the steps you can take to protect your privacy on the internet. If you’d prefer to restrict, block or delete cookies from our website, you can do so in your browser settings. If you choose to disable cookies, then please note that this may limit the way you use our Website. For example, you may have to re-enter information that would have ordinarily been stored as a cookie.
This Privacy Statement was last updated on 24th May 2018.