This policy is to inform the people using the services of Ascot Rehabilitation Ltd. (ARL) of the data we
collect, what we do with your information, what we do to keep it secure and who it is shared
with. The document also outlines your rights and choices regarding your personal data and who to
speak to if you have any concerns regarding the management of your data at Ascot Rehab.
Ascot Rehabilitation Ltd is committed to protecting the privacy and security of your personal
information. We take care to protect the privacy of our patients and users of our services that
communicate (online or offline) with us, face-to-face, via medical companies, insurance
companies, over the phone, or through our website.
Throughout this document we refer to Data Protection Legislation which means the Data
Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the
Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation
implemented in connection with the General Data Protection Regulation which is the governing
legislation that regulates data protection across the EEA. This includes any replacement legislation
coming into effect from time to time.
notice of these changes by any reasonable means, including by providing notice through our
website. By continuing to access, browse or use the Site, you confirm your acceptance of the
Why Ascot Rehab needs your data
Ascot Rehab will only collect information that we require in order to direct, manage and deliver
the care you receive. ARL will process your contact details, demographic details, health details,
insurance company details, medical information and contact we have had with you such as
appointments and details of your inpatient stay. ARL needs this information in order to provide
your medical care, to contact you regarding your treatment and your invoices, and to improve the
quality of care we provide. We may ask for further information from you such as your occupation,
religion, ethnicity etc. but only in circumstances where this information is deemed absolutely
necessary for us to provide an appropriate service to you.
We may also collect IP addresses and cookies for the purposes of service and website
The law requires us to determine the lawful bases for processing your information under the Data
Protection Legislation, which are as follows;
- • We need to process this information in order to provide you with healthcare services
- • We may also need to use your information for the purposes of establishing, exercising or defending our legal rights, for example in the event of a complaint.
- • Where we do not have a legal obligation to process your data in a particular way, we have a legitimate interest to conduct general business processes and improve our services. When relying on our legitimate interests we conduct an assessment to ensure that this
use of your data is fair, proportionate and in no way detrimental.
How we use your information
Ascot Rehab Ltd will use your personal information we collect to:
- • To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
- • Make available, process and deliver our services to you;
- • Provide appropriate care during our service to you, enabling medical staff to administerthe right treatment;
- • Process payments;
- • Help answer your questions and solve any issues you have;
- • Ensure our services can meet patient needs in the future by reviewing the care you have received, feedback provided and investigating complaints.
Who we might share your information with
Everyone working within healthcare has a legal duty to keep information about you confidential.
Similarly, anyone who receives information from us has a legal duty to keep it confidential.
If necessary, we may share your personal data with other organisations in the following
- • If the law or a public authority says we must share the personal data;
- • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud).
- • In order to treat and manage your care we may need to share your data with:
- o Your GP, consultant, other healthcare professionals
- o Medical staff both sub-contracted to Ascot Rehab and external,
- o Insurance companies,
- o Embassies
Ascot Rehab will not share any of your information with other third parties without a lawful
reason to do so unless; it is thought to be in the best interest of a child or vulnerable adult; if the
health and safety of others is at risk; or if the law requires us to pass on information. In these
instances personal data will be shared on a need to know basis. The process of sharing will always
be as secure as possible.
From time to time, Ascot Rehab Ltd may employ the services of other parties for dealing with
certain processes necessary for the operation of our website. However, sensitive personal
information will not be shared, so neither you nor any of your devices can be identified.
How long we keep your information for
All personal data held by the hospital is kept on site and in a secure storage facility. Electronic data is
protected by the use of access control, data encryption and a robust network security regime. Paper
documents that include personal information are kept securely locked away.
Ascot Rehab is required to keep medical records for the amount of time specified in the Records
Management Code of Practice for Health and Social Care 2016. We will not retain your information
for longer than is necessary.
Ascot Rehab Ltd place great importance on the security of all personal information associated
with our users. We have security measures in place to attempt to protect against the loss, misuse
and alteration of personal information under our control.
We take security measures to protect your information including:
- • Limiting access to our buildings to those that we believe are entitled to be there (by use of key access and alarms);
- • Implementing access controls to our information technology;
- • We use appropriate procedures and technical security measures to safeguard your information across all our computer systems, networks, websites and offices, including encryption on our central database, Practice Manager, firewalls and ant-virus software;
- • Never asking you for your passwords;
- • Advising you never to enter your account number or password into an email or after following a link from an email.
You rights regarding your personal information
You have rights when it comes to how we handle your Personal Data. These include rights to:
- (a) withdraw Consent to Processing at any time;
- (b) receive certain information about the Data Controller’s Processing activities;
- (c) request access to their Personal Data that we hold;
- (d) prevent our use of their Personal Data for direct marketing purposes;
- (e) ask us to erase Personal Data. This right is not absolute and will only apply if ARL is able to do so without breaking other laws that as a hospital we must abide by. If it is possible to erase your data it will be done so within one month of receiving your request.
- (f) rectify inaccurate data or to complete incomplete data;
- (g) restrict Processing in specific circumstances;
- (h) challenge Processing which has been justified on the basis of our legitimate interests or in the public interest;
- (i) request a copy of an agreement under which Personal Data is transferred outside of the EEA;
- (j) object to decisions based solely on Automated Processing, including profiling (ADM), although ARL has no automated decision process, we are obliged to inform you of this right;
- (k) be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
- (l) make a complaint to the supervisory authority;
- (m) in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format.
We will verify the identity of any individual requesting data under any of the rights listed
above (do not allow third parties to persuade you into disclosing Personal Data without
You must forward any Data Subject requests to Marydelia Mitchell, HR Manager firstname.lastname@example.org.
Ascot Rehab Ltd process all personal data in the UK or EEA, however in exceptional circumstances
we reserve the right to transfer your personal information to our service providers based outside
treating patients referred from overseas and/or patients referred by embassies. If we do this,
your personal information will continue to be subject to one or more appropriate safeguards set
out in the legislation.
This website may include links to third-party websites, plug-ins and applications. Clicking on those
links or enabling those connections may allow third parties to collect or share data about you. We
do not control these third-party websites and are not responsible for their privacy statements.
How we keep you updated on our products and services
Ascot Rehab Ltd do not undertake mass marketing activities to individuals. We will not contact
you for marketing purposes.
Giving your reviews and sharing your thoughts
When using our website, you may be able to share information through social networks like
Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing
this, your personal information may be visible to the providers of those social networks and/or
their other users. Please remember it is your responsibility to set appropriate privacy settings on
your social network accounts so you are comfortable with how your information is used and
shared on them.
provide you with a good experience when you browse our website and also allows us to improve
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of
your computer if you agree. Cookies contain information that is transferred to your computer’s
We use the following cookies:
- • Analytical/performance cookies. Specifically, we use Google analytics. They allow us to
recognise and count the number of visitors and to see how visitors move around our
website when they are using it. This helps us to improve the way our website works, for
example, by ensuring that users are finding what they are looking for easily.
How to contact us
If you would like to exercise one of your rights as set out above, or you have a question or a
complaint about this policy, the way your personal information is processed, please contact us by
one of the following means:
By email: Marydelia Mitchell, HR Manager email@example.com.
By post: Ascot Rehab Limited, 1 College Fields, 16 Prince Georges Road, London, SW19 2PY