This Privacy Notice sets out what personal information we may collect from you and how that information may be used.
In particular, this Privacy Notice:
- explains how we will manage your personal information, from the time we collect it and onwards;
- explains how we use your personal information and who we share it with;
- how we will comply with any relevant laws; and
- explains your rights in relation to your personal data, and how you can exercise them.
We have a separate Privacy Notice written with children in mind. If you are under 13 and wish to ask a question or use our website in a way that requires you to submit any personal information, please ask your parents or guardian to do it on your behalf.
What personal information do we collect from you and how do we use it?
We will use your personal data for the reasons set out below. The personal data we collect and use may include:
- your name, address and contact details, including email address and home and mobile telephone numbers. If you provide these details, we may use them to contact you unless you ask us not to. This could include emails, text or voicemail messages;
- date of birth and gender;
- Contractual and Financial Information
- the terms and conditions of your contract with us for the provision of healthcare and related services;
- your bank account and national insurance number) if you are a ‘self-pay ’patient or the financial information of the company or individual who is responsible for the payment of invoices/bills relating to your care (e.g. insurer, sponsor, guarantor or employer);
- we will take a swipe of your debit or credit card. We will let you know if we intend to take a payment from this card before we do so;
- information about your marital status, next of kin, dependants nominated and/or emergency contacts;
- information about your nationality and entitlement to treatment in the UK; and
- equal opportunity monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief, genetic data.
Health related Data
- your previous and current medical health records whether provided by HCA UK or other third parties;
- information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
- information about medical or health conditions of your family;
- Information about how you use our website.
- Information received in response to any surveys, complaints claims
- The data we collect may also include visual images, personal appearance and behaviour e.g. where CCTV is used as part of our building security measures.
Other CMC Privacy Notices
If you are a Consultant/ Doctor or other healthcare provider you are not employed by CMC but we will also hold and process other information relating to you and the clinical services you carry out.
How CMC will collect this information
We will collect most of this information directly during the registration process but we may also obtain data from your passport or other identity documents such as your driving licence;, online web forms; from correspondence with you; through interviews and surveys, meetings or other assessments.
We will collect data if you have a remote consultation with a healthcare professional either virtually or by telephone.
In some cases, CMC may collect personal data about you from third parties, such as your GP, the NHS, mental health providers, insurance providers, referral agencies, sponsors, credit and other checks permitted by law.
Where information is obtained from a third party not involved in your care or employment we will let you know.
We will tell you if providing some personal data is optional, including if we need to ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide care and treatment to you and receive payment for these services.
How do we use your data?
We use your personal data to support the provision of your healthcare in the following ways:
- To decide how best to provide treatment to you;
- As necessary to support the healthcare contract with you and to allow us to receive full payment for those services;
- To take steps at your request during the course of your treatment;
- To keep your records up to date;
We use your data for the following purposes, to maintain the high standards of service that we provide to you:
- For good governance, accounting, and managing and auditing our clinical and business operations both internally and by third parties;
- For surveys of patient experience and quality of care;
- To monitor emails, calls, other communications, and activities on HCA networks and systems;
- For market research, other surveys and analysis and developing statistics for improving clinical performance; and
We may process your data to ensure the security of our systems and to prevent crime and ensure compliance with all laws and regulations that are applicable to our services:
We may monitor and record telephone calls, emails, text messages, social media messages and other communications in relation to our dealings with you. We will do this to ensure an appropriate standard of care, for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications networks and systems, to check for unlawful content, obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on our network and systems where necessary for these reasons and this is for our legitimate interests or other legal obligations.
We use your data to ensure we can comply with our legal obligations:
When you exercise your rights under data protection law and make requests;
- For compliance with legal and regulatory requirements and related disclosures;
- For establishment and defence of legal rights;
- For activities relating to the prevention, detection and investigation of crime;
- To verify your identity, credit fraud prevention and anti-money laundering checks;
- To investigate complaints, legal claims and data protection or clinical incidents.
Based on your consent we may also share your data:
- With your next of kin or other nominated contact;
- If you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures;
- When we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).
You are free at any time to change your mind and withdraw your consent, where we have only relied on your consent, to share your data. We will advise you if the consequence of doing so is that we cannot continue to provide full healthcare services to you.
Who do we share your personal information with?
We may share your personal data with:
- Healthcare Providers or those who help us provide care to you
- Consultants/Doctors and other healthcare professionals who provide treatment to you at our Facilities;
- Other healthcare providers including your General Practitioner (GP) where we believe this will enhance the quality of your care. Let us know if you do not wish us to share information with your GP;
- Sub-contractors and other persons who help us to provide healthcare products and services to you;
- Companies and other persons including interpreters providing services to you as part of your extended care and post care follow-up;
Advisors, Legal, Government and regulatory bodies
- Fraud prevention agencies, credit reference agencies, and debt collection agencies;
- Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner's Office and Care Quality Commission (CQC) https://www.cqc.org.uk/about-us/our-policies/privacy-statement
- General Medical Council and other professional bodies;
- Courts, to comply with legal requirements, and for the administration of justice;
- In an emergency or to otherwise protect your vital interests;
- Third parties who help us to protect the security or integrity of our business operations and other patients;
- When we restructure or buy or sell our business or its assets or have a merger or re-organisation;
- Payment systems and providers; and
- Anyone else where we have your consent or as required by law.
SHARING OF YOUR PERSONAL DATA IN ORDER TO RECEIVE PAYMENT FOR YOUR TREATMENT FROM YOUR INSURER OR GUARANTOR
We will contact the individual or company including your insurer and provide them with the information necessary to support our invoices for payment and to ensure that we receive full payment for your care. We may also contact them prior to your care to confirm that the treatment you are about to receive is covered by them and they are willing to pay for your care. We will also provide information necessary to support any audits carried out by insurers and sponsors.
WHAT MARKETING ACTIVITIES DO WE CARRY OUT
Subject to obtaining your consent and in accordance with your communications preferences we may use your contact details to send you newsletters and other information on new Facilities, services and treatments which we think may be of interest to you. We will not sell your personal data to a third party without your written consent.
You are free at any time to change your mind and withdraw consent for marketing activities. Please contact firstname.lastname@example.org. This will not affect the healthcare services we provide to you.
YOUR RIGHTS UNDER APPLICABLE DATA PROTECTION LAW
Your rights, under the data protection laws, are as follows (noting that these rights do not apply in all circumstances):
- The right to be informed about processing of your personal data;
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the "right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data ("data portability") ; and
- Rights in relation to automated decision-making including profiling
How long do we keep your data?
Information will be kept in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care 10`6 (amended 2021).
Where we get your personal data from
We obtain your data from you or your previous medical records. If you are under 13 then your parent or carer has to give it to us on your behalf. If you are being treated by us then we might also take information from, for example, your GP or others involved in your care. This helps us to give you the best treatment. It is really important to know that we are really careful with this information.
When you are being treated by us we will sometimes ask you for personal information. Personal information means things like your name, your age, where you live and how we can contact you.
But that’s only if you are over 13. The first thing we would want to know, and check, is how old you are.
Are you Under 13?
If you are under 13 then we have to ask a parent or carer, or another adult who looks after you to give us that information for you. We tell them how we keep that information safe in our other ‘Privacy Notice’ – it is a bit longer than this one! They can ask to see any of that information, any time. You can also have a look at this if you want more information.
Are you over 13?
If you are over 13 and getting treatment from us then your Consultant or Doctor will sit down with you and explain all of this and check that you understand what we do with your personal information – it is yours after all and that you know what your rights are.
Everyone here is trained in safeguarding which means that we know how to keep you safe and that includes how we keep your information safe. We don’t share it unless you tell us we can (unless we are really worried about you), and we store it safely.
We will process your data to make sure you get the best possible care but also to make sure we can protect it from anyone who shouldn’t see it and to make sure we are following all the laws and regulations.
You have all the same ‘rights’ with regard to your personal information as adults do. The main ones are that you can get a copy of all the data we hold about you; you can get any incorrect information put right; and you can complain to the Information Commissioner's Office (ICO). They will check that we have complied with the data protection laws and will take action if we haven’t. Contact the ICO on www.ico.org.uk
Data protection Office (DPO) & Caldicott Guardian – Amanda Nathan (Director)
Practice Manager – Isabella Rock
The Information Commissioner's Office (ICO)