This privacy notice applies to anyone who interacts with One Heart Clinic about our services in any way (for example, by email, through our website, or by phone)
We will adhere to data protection law which states that the personal information we hold about you must be:
If you have any questions.
If you have any questions about how we handle your personal information, please contact us at [email protected]
We collect personal information about you through our registration process and throughout your care journey with us. This may be from you directly or from other healthcare providers involved in your care (such as your consultant, GP, and facilities where you have previously been a patient). We may also collect certain information from other companies such as insurance companies.
Any information you provide to us through online forms or by email etc, will be deemed that you consent for us to process such information in order for us to adequately respond with accurate information. Any information you provide on behalf of someone else will be deemed that you have their consent to do so.
Personal date means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We will collect, store, and use the following categories of general personal information about you as you would expect:
There are also special categories of more sensitive personal information for example:
We will only use your personal information when the law allows us to. Most commonly in the following circumstances:
We may also use your personal information in the following situations, which are likely to be rare:
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. One Heart Clinic is registered with Cyber Essentials and aim to comply with the standards set out in the National Data Guardian’s Data Security Standards.
We will not keep your personal data for longer than is necessary. Data retention is guided by the NHS Records Management Code of Practice and by the Department of Health.
The situations in which we will process your personal information are listed below.
We may have to share your data with third parties where we have a lawful justification for doing so. Such a lawful justification may include that the sharing is necessary for the provision of healthcare services, that we have your consent to do so or that we have a legal or regulatory obligation to fulfil.
Third parties with whom we may share your data include any of the following:
Our third-party service providers (data “processors” who support our services and only process your personal information on our instructions and subject to specific contractual obligations) – for example:
Patient administration system – to process data about your appointments
Payment processing system – to process data about your payments for the services
Picture Archiving and Communication System (PACS) – to allow imaging/radiology reporting
Other third-party data “controllers” (who will have their own privacy notices that will apply to their use of your data), for example:
All third parties are under an obligation to treat your information confidentially, to have in place appropriate security measures and to treat your data in accordance with the law.
In the ordinary course of the provision of our services we do not expect to transfer any of your personal data outside the EEA. In the event that we need to transfer your personal information outside the EEA, we will only do so lawfully, and you can expect a similar degree of protection to your personal information as you would expect in the UK. We can provide more information about this if you would like us to in the event that any transfer of data is contemplated.
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct, or request erasure of your personal information, object to the processing of your personal data, request the restriction of processing or request that we transfer a copy of your personal information to another party, please contact us at [email protected]
Please note: Other than your right to object to us using your information for direct marketing, your rights are not absolute. This means they do not always apply in all cases, and we will let you know in our correspondence with you how we will be able to meet your request relating to your rights.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. We have 21 days to respond to requests relating to automated decisions. For all other requests we have one month from receiving your request to tell you what action we have taken.
If you have any questions, comments, complaints or suggestions relating to this notice, or any other concerns about the way in which we process information about you, please contact the Registered Manager via [email protected] You can also use this address to contact our Data Protection Officer.
You also have a right to make a complaint to your local privacy supervisory authority. Our main establishment is in the UK, where the local supervisory authority is the Information Commissioner’s Office (ICO):