Privacy Policy - Duality Heathcare

The pages on the website (the “website”) are published by Duality Healthcare Limited and its subsidiaries (“Duality Healthcare”, “us” or “we”) who are a Data Controller.

This Privacy Statement (the “Privacy Statement”) sets forth the commitment of Duality Healthcare to comply with applicable international, federal, state, and local laws and regulations protecting Personal Data that we process. This Privacy Statement applies to Duality Healthcare’s websites, social media pages, as well as other Duality Healthcareservices that display or refer to this Privacy Statement (together “Services”). Any person accessing, browsing or otherwise using the Services, either manually or via an automated device or program, shall be considered a “User.”

All Users are bound to the terms of this Notice and to any specific terms of use associated with the applicable Service. Your use of Duality Healthcare Services means you consent to the collection, use and disclosure of your Personal Data as described in this Privacy Statement.

“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. We recognise the importance of and are committed to respecting and protecting your privacy. This Privacy Statement applies to our collection and use of personal information through our website and through our offline business-related interactions with you, which, in the course of its ordinary business activities, Duality Healthcare may collect or receive.

The collection, storage, adaptation or alteration, transfer, use, deletion, and other processing of Personal Data will be governed nationally, internationally, and regionally by data protection laws and regulations, such as the UK Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR).

In our globalized marketplace, the laws and standards of many countries must be considered when undertaking the collection, storage and transfer of Personal Data. When in doubt, please consult an appropriate internal resource, such as Legal, Compliance or Human Resources.

Purpose for which we hold your information

Duality Healthcare will not collect any Personal Data about individuals, except where it is specifically and knowingly provided by them.

When you visit Duality Healthcare’s website, the web server may collect some basic information such as your internet service provider’s domain name, which pages you accessed on the site, and when. We may use this information only to analyse the use of our website to help guide improvements.

Data Protection Privacy Notice

This privacy notice is to let you know how our clinic will look after your personal information. If we provide you with a medical or nursing service, then we will use your personal information in the ways set out in this privacy notice. Under Data Protection Laws, we can only process your personal information where we have a proper reason for doing so, such as:

• It is in our legitimate interests to do so – for example a legitimate interest is when we have a reason to use your information to enable your consultant to provide treatment or care and order medical tests

• We are required to do so by law i.e. a legal obligation

• You have entered a contract with us for a service – for example processing credit card payment

• In the public interest – where this has a clear basis in law

• Vital interests – for example protection of life in a medical emergency

What personal data do we collect?

Duality Healthcare use information to support and monitor our services to enable the delivery of high-quality healthcare. This type of information will usually be provided in an aggregate or anonymised form, so that we cannot identify an individual.

Duality Healthcare may ask for and hold various details of personal information regarding yourself which will be used to aid in the delivery of appropriate care and treatment. Personal data is any information that is identifiable as belonging to you.

Duality Healthcare will request personal data from patients attending the clinic for an outpatient appointment, for the sole purpose of creating a medical file on the individual patient. The personal data held on file will be shared with the Consultant with whom the patient is attending.

When relevant, the medical insurance company with whom the patient is insured, we have a legal requirement to provide data on some theatre procedures – when you attend the clinic, you have the option of anonymising this.

Personal data collected may include:

• Patient’s name

• Title

• Date of birth

• Address

• Insurance Policy Number

• Contact telephone number

• GP name & address

• Private health insurance company, account number and authorisation code

• Medical records of your appointment at Duality Healthcare

• Bank details

• Email address

In addition, we may also ask and retain data for the following:

• All details relating to any previous, current or planned treatment and care,
including all notes and reports relating to your health

• All Healthcare results such as X-ray, CT or MRI results, blood tests etc.

• Marketing preferences relating to group services and products

• Education, training, mostly frequently of clinicians such as GPs

• Employment details, for example for those that work for us either directly or are
commissioned by us to provide a service

• Responses to surveys, where individuals have responded to surveys about
healthcare issues, service levels, training courses or other group company
activities

• User IP addresses in circumstances where they have not been deleted, clipped
or anonymised

• Payment information including card details

• Any further information that you choose to tell us

The following may also be collected in certain circumstances:

• Sensitive personal data such as race, ethnic origin, political and religious
beliefs, sex life, sexual orientation, genetic data and biometric data

• Further health related information such as whether or not you have a disability or other health conditions, such as allergies. Vaccination status. The information and data described above is collected in a number of different ways and can include:

• Information directly given to us by yourself by email, phone, letter etc.

• Information provided by a parent, carer or guardian

• Information provided from healthcare professionals such as treating consultants, your GP, dentist or physiotherapist

• Information received from Northern Ireland Health and Social Care Trusts

• Information provided by an employer, insurer

• Marketing

• Completed satisfaction surveys

• Registration or booking online for any of our or services.

• Voluntarily complete a customer survey or provide feedback on any of our website or via email

• Debt collection agencies or government agencies

• Use or view our website via your browser’s cookies. In order for us to provide your health assessment, care and/or treatment, we ask that you provide as much information to us as you can

You are of course free not to disclose information to us and you should only provide such information as you feel comfortable doing so. Please bear in mind, however, that if you are only willing to share limited information, we may not be able to provide you with a full health assessment or the full range of care and treatment (as applicable), and that could mean being unable to see you at the hospital or clinic (since we may not be able to share your information in the way required in order to provide your health assessment, care or treatment, or run our business (for example, billing) and comply with our legal obligations).

Disclosure of your Information to Third Parties

If you register for the alert service, you will need to provide your name and email address. This information will be held by third party providers and may be accessed by these providers from its premises for administration of the alert service.

The information disclosed will not be used for any other purpose. It will be stored securely and will not be shared with third parties. By registering for the alerts, you consent to this use of your name and email address.

We may also disclose your information if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order or other statutory or legal requirement. To enable us to fulfil our duties and ensure that the best care possible is provide we will also need to share information about you with others. We may need to share your information with a range of other parties including Health and Social care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason, the organisation will have a duty to be able to tell you why they are contacting you. Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons. We will share your medical information with those involved in your health assessment, care or treatment (such as doctors, nurses and physiotherapists) for medical purposes (including the provision of health assessments). Some of our nursing staff and the resident doctors in our hospitals are provided by specialist staffing agencies. Consultants (such as surgeons, anaesthetists and radiologists) and their medical secretaries. We try to ensure there is a single patient record for each patient who is seen at one of our facilities, whether as an inpatient, outpatient or day case and we ask consultants working at our facilities to ensure a copy of their records, including consultation records, is included in each patient’s records at the hospital. We may also share relevant parts of your medical information with your GP, Consultant, dentist, NHS hospitals, other private hospitals and the organisation paying for your treatment (for example your insurance company, embassy, employer or NHS commissioner). For our health assessment clients who come to us through their employer’s health assessment benefit scheme, please be assured that we will not share your medical information with your employer.

We may share information about you with anyone you have asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin). Where sharing patient information is shared with other organisations, an information sharing agreement will be drawn up to ensure that all information that is shared is done so in a way which complies with all relevant legislation.

When you visit Duality Healthcare’s website we use cookies, which are small pieces of information that allow them to maintain your connection to the website. This website may use cookies for detecting what kind of device you have in order to present content in the best way, for a language switch and/or for other purposes. These cookies do not collect or store any personally identifiable information. You can refuse the use of cookies.

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the website. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. How to refuse the use of cookies

You may refuse the use of cookies by selecting the appropriate settings in your browser. However, if you do this you may lose some useful functionality such as personalisation and ‘keep me signed in’ and ‘remember me’ features.

Security

The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services; any transmission is at your own risk. Once we have received your information, we will take reasonable steps to use procedures and security features to try to prevent unauthorised access, modification or disclosure.

If you communicate with us using a non-secure web platform, you assume the risks that such communications between us are intercepted, not received, delayed, corrupted or are received by persons other than the intended recipient. We will, however, take all reasonable steps (including appropriate technical and organisational measures) to protect your data.

In the event your personal data is accessed, lost, or stolen by an unauthorized third party, we will exercise commercially reasonable efforts to notify you to the extent required by law and disclose to you the personal data that was accessed/disclosed using the contact information provided to us or by other reasonable means.

Your rights

The privacy laws of some jurisdictions give individuals the right to access, amend or delete their personal information or, in some circumstances, to restrict the processing of their personal information.

If you would like to request a copy of your data or would like to change or erase all or any part of the information we hold about you, please contact us as via the ‘Contact Us’ section of the website. We may refuse to provide access and may charge a fee for access if the relevant legislation allows us to do so, in which case we will provide reasons for our decision as required by law.

Third-party services

This Privacy Statement does not address, and Duality Healthcare is not responsible for the terms of use, information or privacy practices of any third parties, including any third party operating any website or service to which our Duality Healthcare website links. The inclusion of a link on the Duality Healthcare website does not imply our or our affiliates’ endorsement of the linked website or service.

How long will the data be retained?

Data will not be retained for any longer than is required. We will retain your medical as required by our insurance provider and as required by regulations. The information about you that we hold and use is held securely and stored in paper format and on our secure servers. We retain your records for certain periods (depending on the particular type of record) under our retention of records policy. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including to support patient care and continuity of care; to support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate interests, and to meet legal requirements. Your records may be transferred to an off-site storage provider. Your records may not be retained in hard copy form where a digital copy exists. If you would like more detailed information on this, please contact our Data Protection Officer (contact details below).

Individual rights under GDPR

You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below.

1. Right to be Informed – This is provided through the privacy notice on our website and in the patient information file in the waiting room.

2. Right of Access – You have the right to access your personal data and supplementary information. We will aim to respond to any request received from you within one month from your request, although this may be extended in some circumstances in line with Data Protection Laws. If you wish to obtain access to your file, you must write to us at the address below. Access to your data will usually be provided free of charge, although in certain circumstances we may make a small charge where we are entitled to do so under Data Protection Laws.

3. Right to Rectification – The right to ask us to correct your information if you think the information that we hold about you is wrong or incomplete. We will respond within one month.

4. Right to Erasure – The right to object to our use of your information, or to ask us to delete, remove or stop keeping it if there is no need for us to keep it. This is known as the ‘right to object’, the ‘right to erasure’ or the ‘right to be forgotten’. There may however be legal or regulatory reasons why we need to keep or use your information.

5. Right to Restrict processing – We may sometimes be able to restrict the use of your information so that it is only used for legal claims or to exercise legal rights. In these situations, we would not use or share your information while it is restricted.

6. Right to Data Portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

7. Right to Object – Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority. There is a contractual requirement when patients attend Duality Healthcare for their personal data to be processed in order to provide medical care and treatment. You may object to the use of your personal data being given to the Public Healthcare Information Network – this can be anonymised and is provided for in the theatre admission process.

8. Right not to be evaluated on the basis of automated processing – Patients who attend Duality Healthcare will not be evaluated on the basis of automated processing nor is any decision making automated.

How is your information and data used?

• To ensure that you receive safe, effective and appropriate treatment

• To assist in decision making surrounding your care

• To ensure effective working with other organisations e.g.,the Health and Social Care Trusts, who may be involved in your care

• To ensure that our services meet your current and any future needs

• To ensure that the care we provide is to the highest standard and can be reviewed as necessary

• To provide you with any goods and/or services that have been ordered

• To contact you with regards to any enquires that have been made

• Marketing activities for example to send you other Duality Healthcare information such as courses, newsletters or product releases that we feel may be of interest to you

• For Research and Audit purposes

• To prepare statistics on performance

• In order to train Healthcare Professionals and support staff

• To help us to establish, exercise, or defend legal claims

• To collect payment

Who will your information and data be shared with?

To enable us to fulfil our duties and ensure that the best care possible is provide we will need to share information about you with others. We may need to share your information with a range of other parties including Health and Social care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason, the organisation will have a duty to be able to tell you why they are contacting you. Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of organisations:

• Regulators – RQIA, MHRA

• Commissioning bodies – NHS, HSE

• Government agencies – DVLA, HMRC, PSNI

• National databases

• Duality Healthcare Group employees and associates (see below)

• External companies necessary for the delivery of health assessment, treatment and care such as laboratories for blood or tissue testing and blood banks

• Other third-party service providers who perform functions and tasks on our behalf (including debt collection, external consultants, transcription services, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants)

• Card payment processing

• Third-party outsourced IT and document storage providers

We will share your medical information with those involved in your health assessment, care or treatment (such as doctors, nurses and physiotherapists) for medical purposes (including the provision of health assessments). Some of our nursing staff and the resident doctors in our hospitals are provided by specialist staffing agencies. Consultants (such as surgeons, anaesthetists and radiologists) and their medical secretaries. We try to ensure there is a single patient record for each patient who is seen at one of our facilities, whether as an inpatient, outpatient or day case and we ask consultants working at our facilities to ensure a copy of their records, including consultation records, is included in each patient’s records at the hospital. We may also share relevant parts of your medical information with your GP, Consultant, dentist, NHS hospitals, other private hospitals and the organisation paying for your treatment (for example your insurance company, embassy, employer or NHS commissioner). For our health assessment clients who come to us through their employer’s health assessment benefit scheme, please be assured that we will not share your medical information with your employer.

Consent

You may choose to opt in to receiving information about other services Duality Healthcare offers by social media, post or email. In this case, your consent or decision to opt in is entirely voluntary. Should you decide not to consent or opt in or should you change your mind at any time, you do not need to give a reason and your medical care and legal rights will not be affected. You can opt-out by clicking on the ‘unsubscribe’ button in all our marketing communications. Apart from this limited instance, we do not hold or share information about you based on (or at least solely on) consent.

Changes

Any changes to this statement will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

Duality Healthcare Data Protection Officer contact details:

Name: John McEvoy

Email: [email protected]

Phone: 028 308 33666 (Head Office)

Postal address:7 Savages Terrace Newry, BT35 6AT