This policy is to inform the people using the services of Ascot Rehabilitation Ltd. (ARL) of the data we collect, what we do with your information, what we do to keep it secure and who it is shared with. The document also outlines your rights and choices regarding your personal data and who to speak to if you have any concerns regarding the management of your data at Ascot Rehab.
Ascot Rehabilitation Ltd is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our patients and users of our services that communicate (online or offline) with us, face-to-face, via medical companies, insurance companies, over the phone, or through our website.
Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the General Data Protection Regulation which is the governing legislation that regulates data protection across the EEA. This includes any replacement legislation coming into effect from time to time.
Why Ascot Rehab needs your data
Ascot Rehab will only collect information that we require in order to direct, manage and deliver the care you receive. ARL will process your contact details, demographic details, health details, insurance company details, medical information and contact we have had with you such as appointments and details of your inpatient stay. ARL needs this information in order to provide your medical care, to contact you regarding your treatment and your invoices, and to improve the quality of care we provide. We may ask for further information from you such as your occupation, religion, ethnicity etc. but only in circumstances where this information is deemed absolutely necessary for us to provide an appropriate service to you.
We may also collect IP addresses and cookies for the purposes of service and website improvements.
The law requires us to determine the lawful bases for processing your information under the Data Protection Legislation, which are as follows;
- • We need to process this information in order to provide you with healthcare services
- • We may also need to use your information for the purposes of establishing, exercising or defending our legal rights, for example in the event of a complaint.
- • Where we do not have a legal obligation to process your data in a particular way, we have a legitimate interest to conduct general business processes and improve our services. When relying on our legitimate interests we conduct an assessment to ensure that this use of your data is fair, proportionate and in no way detrimental.
How we use your information
Ascot Rehab Ltd will use your personal information we collect to:
- • To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
- • Make available, process and deliver our services to you;
- • Provide appropriate care during our service to you, enabling medical staff to administerthe right treatment;
- • Process payments;
- • Help answer your questions and solve any issues you have;
- • Ensure our services can meet patient needs in the future by reviewing the care you have received, feedback provided and investigating complaints.
Who we might share your information with
Everyone working within healthcare has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential. If necessary, we may share your personal data with other organisations in the following circumstances:
- • If the law or a public authority says we must share the personal data;
- • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud).
- • In order to treat and manage your care we may need to share your data with:
- o Your GP, consultant, other healthcare professionals
- o Medical staff both sub-contracted to Ascot Rehab and external,
- o Insurance companies,
- o Embassies
Ascot Rehab will not share any of your information with other third parties without a lawful reason to do so unless; it is thought to be in the best interest of a child or vulnerable adult; if the health and safety of others is at risk; or if the law requires us to pass on information. In these instances personal data will be shared on a need to know basis. The process of sharing will always be as secure as possible.
From time to time, Ascot Rehab Ltd may employ the services of other parties for dealing with certain processes necessary for the operation of our website. However, sensitive personal information will not be shared, so neither you nor any of your devices can be identified.
How long we keep your information for
All personal data held by the hospital is kept on site and in a secure storage facility. Electronic data is protected by the use of access control, data encryption and a robust network security regime. Paper documents that include personal information are kept securely locked away.
Ascot Rehab is required to keep medical records for the amount of time specified in the Records Management Code of Practice for Health and Social Care 2016. We will not retain your information for longer than is necessary.
Ascot Rehab Ltd place great importance on the security of all personal information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.
We take security measures to protect your information including:
- • Limiting access to our buildings to those that we believe are entitled to be there (by use of key access and alarms);
- • Implementing access controls to our information technology;
- • We use appropriate procedures and technical security measures to safeguard your information across all our computer systems, networks, websites and offices, including encryption on our central database, Practice Manager, firewalls and ant-virus software;
- • Never asking you for your passwords;
- • Advising you never to enter your account number or password into an email or after following a link from an email.
You rights regarding your personal information
You have rights when it comes to how we handle your Personal Data. These include rights to:
- (a) withdraw Consent to Processing at any time;
- (b) receive certain information about the Data Controller’s Processing activities;
- (c) request access to their Personal Data that we hold;
- (d) prevent our use of their Personal Data for direct marketing purposes;
- (e) ask us to erase Personal Data. This right is not absolute and will only apply if ARL is able to do so without breaking other laws that as a hospital we must abide by. If it is possible to erase your data it will be done so within one month of receiving your request.
- (f) rectify inaccurate data or to complete incomplete data;
- (g) restrict Processing in specific circumstances;
- (h) challenge Processing which has been justified on the basis of our legitimate interests or in the public interest;
- (i) request a copy of an agreement under which Personal Data is transferred outside of the EEA;
- (j) object to decisions based solely on Automated Processing, including profiling (ADM), although ARL has no automated decision process, we are obliged to inform you of this right;
- (k) be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
- (l) make a complaint to the supervisory authority;
- (m) in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format.
We will verify the identity of any individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation).
You must forward any Data Subject requests to Marydelia Mitchell, HR Manager email@example.com.
How we keep you updated on our products and services
Ascot Rehab Ltd do not undertake mass marketing activities to individuals. We will not contact you for marketing purposes.
Giving your reviews and sharing your thoughts
When using our website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- • Analytical/performance cookies. Specifically, we use Google analytics. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
How to contact us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
By email: Marydelia Mitchell, HR Manager firstname.lastname@example.org.
By post: Ascot Rehab Limited, 1 College Fields, 16 Prince Georges Road, London, SW19 2PY