GDPR PRIVACY NOTICE
At Bespoke Medical Care Ltd we respect your privacy and are committed to protecting your personal data. Bespoke Medical Care Ltd has a legal duty to explain how we collect and process your personal data.
Purpose of this privacy notice
This privacy notice will inform you as to how we look after your personal data, your privacy rights and how the law protects you. Please note this website is not intended for children and we do not knowingly collect data relating to children.
Personal data or information means any data about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
It is important you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
Who is responsible for taking care of your data?
The Company, Bespoke Medical Care Ltd is the controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).
Changes to the privacy notice and your duty to inform us of any changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What information do we collect about you?
The following applies if you are a private individual and have a contract with us, or are a representative of an entity that has a contract with us or are have contracted us on behalf of someone for example, to prepare a medical report, prepare and attend a lecture and/or any other medical services we provide:
We may collect, use, store and transfer different kinds of personal data that has been provided either directly by you, or your contracted representatives, or other third parties, for example to prepare medical reports etc. The list below also applies if you are an entity/representative of an entity with whom we have a contract. The information referred to above includes the following:
- Identity Data – includes name, maiden name, last name, username, or similar identifier, title, date of birth, gender, marital status, employment status
- Contact Data – includes, billing address, delivery address, telephone numbers and email address
- Clinical Data- related to either you personally, or if you are an entity representing someone else, relating to your patient/person you are representing, current and past medical problems, other individuals involved in your care , treatment and medications, test results including Scans, X Rays and Operations, hospital stays and ANY other relevant information to enable us to deliver effective medical care.
- Details of all appointments, visits, emails, telephone calls.
- Financial data, including medical insurance details, payment card details, bank accounts details,
- Transaction Data- details about payments to and from you and other details of products and services you have acquired from us.
- Instructions from lawyers or their representative’s in relation to the preparation of any medical reports for you, including but not limited to third party information that is provided in relation to you, for the purposes of providing the medical report.
- Profile Data- includes purchases or orders made by you, your interest, preferences, feedback and survey responses.
- Usage Data – includes information about how you use our website, products or services
- Marketing and Communications Data- includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. This can be derived from your personal data but is not considered personal data in law as this data does not reveal your identity.
How is your personal data collected?
This can be by direct communications, post, phone, email or otherwise, or with your consent, by other indirect means and through third parties or your representatives. We can also collect data when you give us feedback, enter a survey, subscribe to our services or publications and request marketing to be sent to you.
We may also receive personal data about you from various third-party sources, including contact, financial and transaction data from providers of technical, payment and delivery services. We may also receive Identity and Contact Data from publicly available sources such as Companies House or the Electoral register.
When is your personal data collected?
We will collect information from private individuals and representatives of entities when they apply for, instruct, or use our services and correspond with us by email, phone, in person or otherwise
How is your personal information used?
- Your data will be used as part of your medical record with Bespoke Medical Care Ltd as a means of managing your medical condition, to provide on-going medical care to you, and where instructed, to assist in the preparation of medico-legal reports.
- Where we need to perform the contract, we are about to enter into, or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests ).
- Where we need to comply with a legal or regulatory obligation.
- We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
Change of Purpose
We will only use your personal data for the purpose it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If information is to be used for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note, we may process your personal data without your knowledge or consent, where this is required or permitted by law.
Maintaining Confidentiality and Disclosure of your personal data
We adhere to the General Data Protection Regulations (GDPR) as well as guidance issued by the Information Commissioner’s office (ICO). We are committed to maintain confidentiality and protecting the information we hold about you.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We not allow our third-party service providers to use your date for their own purpose and only permit them to use your personal data for specified purposes and in accordance with our instructions.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your rights to access, correct, erasure of your personal data and to restrict the use of personal information we hold, transfer personal information to a third party, object to processing personal data and/or withdraw consent to us processing your personal information
Under certain circumstances you have a right to access the information we hold about you and to advise us of any inaccurate data that is held. You can also request erasure of your personal information where there is no good reason for us to continuing to process it.
In certain circumstances, you may also object to or request a restriction of processing of your personal information, request a transfer of your personal information to a third party or withdraw your consent for us to process your personal information. In all cases, please note that we may not be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of the request.
No fee to access your personal data
Generally, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). Requests for personal data may take up to one month. If it is any longer, we will advise you.
However, we may charge a reasonable fee if we consider your request unreasonable, repetitive or excessive.
We will need to confirm your identity as part of our security measures to ensure personal data is not disclosed to someone who has no right to receive it.
How long is the information stored for?
Your medical records and all personal information will only be retained for as long as necessary to fulfil the purpose for which it was collected and processed, including for any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal date, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You can ask us or third parties to stop sending you marketing messages at any time.
Failure to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you, (for example to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but will notify you at the time if this is the case.
Third Party Links
This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control and are not responsible for their privacy statements. Therefore, we encourage you to read the privacy notice of every website you visit.
In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’. However, we would appreciate the chance to deal with your concerns before you approach the ICO so please do contact us in the first instance.
Your personal information will be held by Bespoke Medical Care Ltd. If you have any questions in relation to this Privacy Notice or if you would like to contact us, please email email@example.com or telephone 0207 12345 96