Principal Medical Limited (PML) processes information relating to individuals whilst carrying out daily business. Personal information or data that is processed includes information about current, past and prospective employees, patients, customers, clients, suppliers, professional advisers and other third party organisations. The collection and use of this information is regulated by the Data Protection Act 1998 (DPA) and by various other data privacy laws and regulations. Please read the Data Protection Act (updating in 2018, subject to parliamentary approval) for more information.
This privacy notice explains why PML collects information about you, how that information is used, how we keep it safe and confidential and what your rights are in relation to this. Personal Information in this privacy notice means any information about you or other people, in order to provide you with the most appropriate service.
Why we collect information about you:
We collect, store and process data for the purpose of providing healthcare services, running our organisation which includes monitoring the quality of care and service that we provide, maintaining accounts and records, promoting our services and to support and manage our employees.
In carrying out this role, we may collect information about you which helps us respond to your queries or secure specialist services. We may keep your information in written form and/or in digital form and may include:
- Details about you such as your name, address (including correspondence if different), telephone numbers, date of birth, contacts (next of kin), GP details.
- Further sensitive information may be collected such as your marital status, occupation, religion, email address, place of birth, ethnic origin and other information as required for
- Notes and reports about your health, treatment and care.
- Contact with you by our community or hub service teams e.g. visits, hub appointments.
- Financial details
- Employment and educational details
We also record incoming and outgoing telephone conversations in accordance with Article 6 of the general data protection regulations. CCTV recordings are also made to ensure patient and staff safety.
When you use our website, you may give us information about yourself as an individual by filling in forms, completing questionnaires or by corresponding with us by telephone or email. We also collect aggregate information on which pages web users’ access or visit, and information volunteered by the website user (such as survey information and/or site registrations). The information we collect is used to improve the quality of our service.
There are elements of this website which are password protected and in order for us to provide access to these areas, you give us personal information which identifies you individually such as your name and email address. By signing up to these sections of the website, you are consenting to sharing your information with us.
What do we do with personal information?
Personal information captured and processed in our clinical services is used to manage and assist the staff involved in your care, in ensuring that you are assessed and advised on the most appropriate care for you and is communicated and shared with all relevant health professionals.
It may also be used to:
- Remind you about your appointments and send you relevant correspondence
- Review the care we provide to ensure it is of the highest standard and quality, e.g. through audit or service improvement
- Support the funding of your care, e.g. with commissioning organisations
- Help to train and educate healthcare professionals
- Report and investigate complaints, claims and untoward incidents and report events to the appropriate authorities when we are required to do so by law
- Contact you with regards to patient satisfaction surveys relating to services you have used so as to further improve our services
Personal information captured for maintaining accounts and records, promoting our services and supporting and managing our employees is used purely for the purposes explained in the running of our organisation. We may process information about our:
- Business Contacts
- Professional advisers
Who personal information may be shared with:
We may have to share your information, subject to strict agreements on how it will be used.
PML provides health care services and personal information can be shared as part of providing your care with relevant consents. However, importantly, we can also share information about you where there is another legal basis to do so. Some of the organisations we may share information with are:
- Healthcare professionals and providers
- Social and welfare organisations
- Government and Local Authorities and Agencies
- Family, associates and representatives of the person whose personal data we are processing
- Clinical Commissioning Groups
- Suppliers and service providers
- Financial organisations
- Current, past and prospective employers
Security of Personal Information:
PML is strongly committed to protecting the privacy of individuals. When you provide us with personal information through our website or by other means of data capture, in the process of providing healthcare services and running our organisation, it will be treated in the strictest of confidence and in accordance with the Data Protection Act 1998.
We will only use information collected lawfully in accordance with:
- Data Protection Act 1998 (to be updated 2018 subject to parliamentary approval)
- Human Rights Act
- Common Law Duty of Confidentiality
- NHS Codes of Confidentiality and Information Security
- Health and Social Care Act 2015
- And all applicable legislation
PML ensures that personal information is held securely and takes appropriate technical and organisational measures; including restricting access to data and securing computers, with access control, through user names and passwords for electronically held personal information. For personal information held on paper, this information is held in locked facilities with restricted access and where permanently based for archive purposes, the records are held in secure external storage.
No personal information you give us will be passed on to third parties for commercial purposes. Our policy is that all information will be shared among PML members (and any third party) on a need basis, and according to legal regulations and appropriate consent. If we have to confirm or share information with other organisations, this will be in-line with a legal requirement to do so and only kept for as long as is required by law.
We will use your data to provide you with the services for which you have registered with us (e.g. to process job applications) and for the purposes described in this statement. If you have applied for a job with PML through our online application process, your personal information will only be held on our servers until the advertised role is filled. After that, we will only keep it electronically for a maximum period of six months unless you request otherwise.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password secure and confidential.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests. We may also share this information with third parties for this purpose.
What are your rights?
Since GDPR you have important rights to protect your personal data. You can access any of these rights by contacting us. The following is a summary of those rights:
- Right to be informed – individuals have the right to be informed about the collection and use of their personal data.
- Right of Access – you have rights to request access to the personal data we hold about y
- Right of rectification – you have the right to request the correction of inaccurate or incomplete information recorded in the record, subject to certain safeguards.
- Right to erasure – you have the right to refuse/withdraw consent to the storing of personal information and for it to be erased from our records if it is beyond the purpose for which it is collected and held.
- Right to restrict processing – where certain conditions apply, you have a right to restrict the processing.
- Right of portability – you have the right to request personal information to be transferred to others on certain occasions.
- Right to object – individuals have the right to object to the processing of their personal data in certain circumstances e.g. being used for direct marketing. Objections can be made verbally or in writing.
We will not be able to erase or cease processing personal information that is required to maintain our business purpose, we have a legal reason to keep it, or required to facilitate your contract with us.
If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything. Should you decide in the future that you want to opt out of receiving communications, or cease to be the point of contact for your organisation, please contact us on 01295 817667, at which point all of the personal data we hold for you would be deleted with the exception of information we may still be legally required to hold.
Change of Details:
It is important that you tell us if any of your details such as your name, address or email have changed or if any of your details are incorrect in order for this to be amended. Please inform us of any changes promptly so our records for you are accurate and up to date.
The Data Protection Act 1998 requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.
PML is registered with the Information Commissioner’s Office (ICO) to process personal and special categories of information under the Data Protection Act 1998 as a data controller. Our registration number is Z1066624 and our registration can be viewed online in the public register at: http://ico.org.uk/what_we_cover/register_of_data_controllers
Data Protection Officer:
- Please contact our Director of Finance and Performance: Carolyn Abbisogni
- PML, 3 Barberry Place, Bicester, Oxforsdhire, OX26 3HA
- Tel: 01295 981166
Any changes to this notice will be published on our website.
If you have concerns or you are not satisfied with our response or believe we are processing personal information not in accordance with the law you can complain to the ICO at:
- The Information Commissioner’s office, Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
- Phone: 0303 123 1113
- Fax: 01625 524 510
- Website: www.ico.gov.uk