Please read this privacy notice carefully as it explains how we comply with the General Data Protection Regulation (GDPR). The notice was published on 14th December 2018 and may be revised from time to time.
We are [operating company – including any ‘trading as’]. In order that we can respond to your enquiry, we need to collect and use information about you (“personal information”). Personal information is anything about you from which you can be identified, but it doesn’t include information from which your identity has been removed (i.e. anonymous data).
As a ‘controller’ of your personal information, we are legally responsible for making sure that your personal information is:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used for any other purpose;
- Relevant to the purposes we have told you about and only used for those purposes;
- Accurate and up to date;
- Kept only as long as we need it for the purposes we have told you about;
- Kept securely.
‘Lawful basis for processing’ your information
The GDPR says that we must have a ‘lawful basis’ for collecting and using your personal information. At this stage, in responding to your enquiry, we will rely on the lawful basis of consent under Article 7(1) to process your personal information.
Other lawful grounds for processing your data could apply in certain situations, such as where sharing your personal information is essential in order to protect you from harm (“vital interests”).
The information we collect about you
In order to respond to your enquiry, we need to collect the following personal information from you:
- Your name and contact details;
- The nature of your enquiry.
How we use your personal information
We will use your personal information to make contact with you. If, as a result of your enquiry, we need to obtain further personal information from you, we will provide you with a new privacy notice explaining that.
Sharing your personal information
We will not share your information with others unless we have a lawful reason for doing so.
Our company is part of City and County Healthcare Group. Although the group provides its services through a number of different companies, it shares a middle and senior management structure and back-office functions (such as finance and payroll). In order to respond to your enquiry, we may need to share your personal information as necessary within the management and back-office structure of City and County Healthcare Group.
We may also share personal information with law enforcement or other authorities if required by law.
We will not share your personal information with any other third party without first asking your permission and will never sell your personal information to anyone.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long your personal information will be kept
We will hold the personal information you have provided to us for as long as we are dealing with your enquiry. As explained above, if we continue to deal with you, we will provide you with new privacy notices describing how we will process your personal information thereafter.
Under the GDPR, you have a number of important rights. In summary, those include rights to:
- Fair processing of information and transparency over how we use your use personal information;
- Access to your personal information and to certain other supplementary information (which is provided in this privacy notice);
- Require us to correct any mistakes in the information we hold about you;
- Require the erasure (i.e. deletion) of personal information concerning you, in certain situations (although you should be aware that if you ask us to delete any of your personal information that we need in order to comply with our legal or contractual obligations, we may no longer be able to provide you with a service);
- Receive any personal information that you have provided to us in a format that would allow you to pass it on to a third party in certain situations;
- Object at any time to processing of personal information concerning you for direct marketing (although as we have explained, we will not use your data for that purpose);
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- Object in certain other situations to our continued processing of your personal information;
- Otherwise restrict our processing of your personal information in certain circumstances;
- Claim compensation for damages caused by our breach of any data protection laws.
You will find further information on each of these rights on the Information Commissioner’s website (www.ico.org.uk).
How to contact us
If you wish to exercise any of the above rights or have any other complaints or queries about this notice and our use of your personal information, you can contact us as follows:
Telephone: 020 7186 0500
By post: The Data Protection Officer
City and County Healthcare Group
3rd Floor, Caparo House
101-103 Baker Street
London W1U 6LN
Note that we may ask you to provide proof of your identity before we can discuss your personal information with you.
Your right to complain
If you have a complaint about the way we process your personal information, we would ask you to contact us using the details in the previous section.
We hope that we can resolve any concern you raise, but if you want to do so, you also have the right to complain to a supervisory authority in any European Union (or EEA) state where you work or live. In the UK, the supervisory authority is the Information Commissioner, who may be contacted at www.ico.org.uk/concerns/ or by telephone on0303 123 1113.
Do you need extra help?
If you would like this notice in another format (e.g. audio, large print or braille), please contact us (see ‘How to contact us’ above).”