1 The Promenade, Kingsbridge,TQ7 1JD
The Nuffield Hospital, Derriford Rd, Plymouth, PL6 8BG
Peninsula Ophthalmology
PENINSULA OPHTHALMOLOGY PRIVACY POLICY
This Privacy Policy sets out how we collect and use your personal information and what your individual data protection and privacy rights are, together with all applicable clinical confidentiality guidelines.
Effective from 25th May 2018. This Privacy Policy was last updated on 24th May 2018 and is version 1.0.
Peninsula Ophthalmology Ltd trading is the Data Controller. This is the legal entity responsible for how your personal data is collected, stored and processed.
At Peninsula Ophthalmology we are committed to protecting the privacy and security of all our patients and website visitors. This policy explains:
· What information we collect.
· Why we collect that information.
· How we may use that information.
· How long we keep and protect your information.
· What we won’t do with your information
· What your individual data protection rights are.
When you share your personal information with us, you have a right to expect that information to be treated with total confidentiality. Therefore, it is our responsibility to manage your personal data that you provide to us with care and in accordance with all data protection legislation and industry best practice.
What information we collect.
We receive, collect and store information you enter on our website or provide us in any other way. In addition we collect the internet protocol (IP) address used to connect to your computer to the internet. We may use software tools to measure and collect session information including page response time, length of visit to certain pages, page interaction information and methods used to browse away from the page. We also will collect:
· information that you give us when you enquire or become a customer or patient of us including name, address, contact details (including email address and phone number)
· the name and contact details (including phone number) of your next of kin
· details of referrals, quotes and other contact and correspondence we may have had with you
· details of services and/or treatment you have received from us or which have been received from a third party and referred on to us
· notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered
· information you give us when you make a payment to us, such as financial or credit card information
· insurance providers will pass personal data of patients who have commenced a claim and require medical treatment with Peninsula Ophthalmology. This will normally be in the form of a referral and may consist of basic details e.g full name, date of birth, address, contact number and email address and the type of procedure/treatment they require.
Whether you have supplied your personal details online, by phone, by email or in a letter, we will never use them without a lawful reason to do so. We will use your personal data for the purposes for which they were initially requested and as fully explained in this Privacy Policy.
It is your responsibility to ensure that your personal data provided to us is accurate and up to date. You can update your personal contact details, including email address and phone number, by contacting carole.orlebar@btinternet.com
How do we use your personal data?
Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines.
Sensitive personal data related to your health will only be disclosed to those involved with your treatment or care, or in accordance with UK laws and guidelines of professional bodies or for the purpose of clinical audits (unless you object). Further details on how we use health related personal data are given below. We will only use your sensitive personal data for the purposes for which you have given us your explicit consent to use it. Please note that, although we have set out the purposes for which we may use your personal data below, we will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.
How long will we keep your information?
We will retain the personal data you have shared with us no longer than is necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting or reporting requirements.
The longest we will hold any personal data is 6 years plus the current financial year.
What we don’t do with your information.
We will use your personal data for the purposes for which they were initially requested and as fully explained in the Privacy Policy and we will not share your personal data with third party companies for the purpose of them marketing their products to you.
Medical regulators: We may be requested – and in some cases can be required - to share certain information (including personal data and sensitive personal data) about you and your care with medical regulators such as the General Medical Council for example if you make a complaint, or the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate. We will ensure that we do so within the framework of the law and with due respect for your privacy.
From time to time we may also make information available on the basis of necessity for the provision of healthcare, but subject always to patient confidentiality.
In an emergency and if you are incapacitated, we may also process your personal data (including sensitive personal data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).
Your personal data rights.
Right of Access
You may wish to access a copy of the personal data we hold about you - known as a Subject Access Request. You can do so by ringing, writing to or emailing carole.orlebar@btinternet.com. We will respond to your Subject Access Request as soon as possible and, in any event, within the statutory 30 days. However, in the event that we need more information from you to verify your identity, which we must do to ensure we disclose your personal data to the right person, the 30-day response period will only commence from the time that we have validated your identity.
Right of Rectification
If you believe we have made an error as to the personal data we hold about you, please speak to Carole Orlebar who will be able to process the correction for you.
Right of Erasure
You have the right to request your personal data to be permanently deleted from our records and systems to avoid any further communication with you. Your request will always be considered in light of the legal bases that we hold, store and process your personal data and the purpose that we collected your data. Where the legal bases permits, we will carry out your instruction without undue delay. Please note, however, that where we have a legal or contractual obligation to hold your personal data, we may not be able to carry out your request, but we will explain this fully to you. Please address any request to delete your data to Carole Orlebar.
Right to Restrict Processing
Should you believe that we are processing your personal data in a way that you did not understand or agree to and wish to restrict such processing, please speak to Carole Orlebar.
Right to Portability
In the event that you wish to move your personal data that we hold on you to another organisation in the form of an excel or csv format, please contact Carole Orlebar who will be able to assist you.
Right to be Informed
You have the right to be informed about the collection and use of your personal data. This is commonly known as a ‘privacy statement’ or ‘privacy policy’. Our Privacy Policy is regularly reviewed in line with our business processes. You can ask for a printed copy of our Privacy Policy by contacting Carole Orlebar.
Right to Complain to the Information Commissioner’s Office (ICO)
You have a right to lodge a complaint with the Information Commissioner’s Officer (ICO) if you have a complaint with how you believe your personal data has been handled. For more information, please visit https://ico.org.uk/concerns