Privacy and Cookies
Company number 11827398
Registered address: St Erme, Truro, Cornwall, United Kingdom, TR4 9BW
The company provides independent sector medical services. We have consulting rights for Dr Gray and Dr Davis in the Duchy Hospital Truro (Ramsay) and Nuffield Health Hospital Plymouth. It also provides education and training for healthcare professionals.
This Privacy Policy covers these services and our administrative and clinical staff. When working for and within other organisations we follow their policies.
This policy sets out how we use and protect any personal data that is provided to us (including personal data provided through the website www.stermemedical.uk (“Website”)). We are aware that this may contain some very sensitive information. We are firmly committed to respecting and protecting the privacy of all personal data received or collected, in strict adherence to Data Protection Legislation (defined below) and General Medical Council Guidance.
How to contact us
If you have any questions regarding your personal data and how we may use it, including any queries relating to this policy, please contact us at mike@stermemedical.uk or in writing to the address above. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Data Control
Our data protection and privacy measures are governed by the
(i) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then
(ii) any successor legislation to the GDPR or the Data Protection Act 1998 (“Data Protection Legislation”).
Where personal data is provided directly to us through use of the Website, email, or other means and we determine the way in which that data is processed, then we become the data controller of that information;
We are sometimes required to provide information regarding identity to other organisations. This might include clinic lists prior to hospital appointments, delegate lists for training events or requests for individual patient investigation or onward referral. The receiving organisation will then process this information according to their policies and act as data controller for that information.
Personal data and basis for collection
Personal data means any data or information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data which can be grouped together as follows:
Identity Data includes first name, last name, preferred name, title, and date of birth
Contact Data includes home address, email address, telephone numbers and preferred mode of contact.
Usage Data includes information about how our services are used. Examples might include enquiries through the Website, numbers of new and follow up patients seen.
Special Categories of data (as defined by Data Protection Legislation) include details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, information about health and genetic and biometric data. This is the core information we use to provide clinical services but is also a feature of governance. It demands high levels of security.
How is personal data collected?
We use various methods to collect personal data including:
Direct interaction: We are given information when contacted directly or during correspondence by post, phone, email or otherwise. This includes the information provided during consultations.
Enquiries information when made through the Website or by email.
Referral from other providers: We may receive personal data from other healthcare professionals when patients have asked for a referral to be made.
How we use personal data
Patients
Your data is used for your healthcare and the interaction between us (including billing processes).
It will be shared only in accordance with this function, but this may include arranging onward referral or investigation, providing required identity data to the hospital and sending clinical information to your GP if you have consented and requested us to do this.
We may contact you directly with appointment reminders, important information regarding medication or other matters judged to be in your medical interest.
Your information will not be shared with commercial organisations.
Other contacts
Your data will be used only for the purpose of the contact and to support the interaction between us (including billing processes).
It will be shared only in accordance with this function: this may include sending delegate lists to a training venue or accrediting body for educational purposes.
We may contact you directly with closely linked information such as training reminders, details of future educational events or changes in guidance.
Your information will not be shared with commercial organisations.
How we store personal data
Current records are stored in remote clinical and financial management systems. Data transfer is fully encrypted using the most secure cryptographic technologies available (256-bit level of encryption). Clinical data is physically stored on servers located in the United Kingdom which have achieved the highest level of security certification, as used by banks and government services. This is the same technology used for online banking and credit card transactions and is known to be the most secure system available.
We hold paper and security encrypted electronic records from the past.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Personal Data Retention
We retain personal data as follows:
1. Where we act as a data controller purely in connection with contact information, for as long as necessary to fulfil the purposes we collected it for;
2. Clinical data will be retained for seven years after last contact or as required by law.
Your Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
The right to be informed – this is information on what personal data we are processing and for what purpose.
The right of access – you have the right to be provided with copies of your personal data that we are processing as well as confirmation of the processing we are doing. You can do this by sending a “subject access request” to the contact details above for our consideration.
The right to rectification – if you think that the personal data, we hold about you is wrong you can tell us and we will fix it.
The right to erasure (also known as the right to be forgotten) – if you want us to permanently delete the personal data we hold for you then you can ask us to do so.
The right to restrict processing – if you do not like how we are using your personal data then you can let us know and we will stop processing it in that way.
The right to data portability – if you want us to pass your personal data on to someone else then please let us know. This transfer should not affect the integrity of or otherwise damage your personal data.
The right to withdraw your consent – you can withdraw your consent for us to process your personal data at any time by contacting us. We will stop processing your personal data at the point you withdraw your consent.
To exercise any of the above rights please email your request to mike@stermemedical.uk
Where you exercise your right to request access to the information we hold about you, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is repetitive or excessive.
Complaints
If you would like to make a complaint in relation to how we may have stored, used or processed your personal data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
External Websites
The Website may, from time to time, contain links to and from the websites of respected organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. We are not responsible for the content of external internet sites and you are advised to read the privacy policy of external sites before disclosing any personal data.
Use of cookies and tracking technologies by us
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Consent for cookies: We will assume that if you continue to use our site after reading this legal notice that you consent to the terms of our use of cookies during your visit to the website
Changes to this Privacy Policy
As and when necessary, changes to this Privacy Policy will be posted here. Where changes are significant, we may also email all our patients with the new details, and where required by law, we will obtain your consent to these changes.
Reviewed 06 July 2020
