4 Armed Health is committed to protecting any personal information that is shared with us or information that is provided to us by other organisations
The objective of this policy is to give a clear explanation of what personal information we collect and how we collect, use, and protect personal information.
WHAT IS PERSONAL INFORMATION?
Personal information is any information about you from which you can be identified such as your name, address, date of birth, credit card details, IP address, photo or video image, but it may also be anything that identifies you for example, your NHS number or biometric data.
For patients, some of this data will be sensitive and relate to their health and wellbeing, ethnicity and religious views.
4 Armed Health will only use your information in ways that you would reasonably expect. Sometimes we may undertake research, with your permission, to better understand people’s expectations about how their data will be used.
4 Armed Health will always consider the impact of processing your data before any action is taken to ensure that it has no unjustified adverse effects.
INFORMATION WE MAY HOLD ABOUT YOU
Your information will only be collected, stored, or processed where a specific purpose has been identified. This will fall into the following categories:
- Information required to provide you with Diagnostic and Screening services. Information and data held may include personal information such as name, address, contact details, date of birth, gender, ethnicity, and religious beliefs. next of kin, information about your health and wellbeing collected by 4 Armed Health and information received by us from other agencies and health and social care professionals involved in your care, emails, images, audio and video recordings, correspondence, assessments, plans and records of care and services received, appointments, bookings, incidents, surveys, recommendations, complaints and concerns.
- Personal information to support a contractual arrangement – for example, contracts of employment or other formal agreement.
- Information required to comply with legal obligations – for example, disclosure and baring service, vat records, payroll records.
- Information which you have provided us with your consent to process – for example, you may have given us your consent to send you marketing information.
- Information collected by our website – including the internet protocol (IP) address used to connect your computer and other information about your browser type, version, times, operating system and platform and Uniform Resource Locators (URLs or web addresses) clickstream to, through and from our site and browsing activity on our site.
HOW INFORMATION IS COLLECTED
Information you provide directly to us
Information is given to us directly when, for example, you become a patient or employee.
We will ask you to provide personal information. You may provide this on a form, during a discussion, over a web form or by other means.
The details we ask you for will be directly-related to the purpose for which they are required, for example:
- If you are a patient then your records may include sensitive personal data, including medical information.
Information collected electronically
You may provide information to us directly through our website. When you interact with the 4 Armed Health website it is helpful to be able to identify you to improve your experience. Like most websites 4 Armed Health uses ‘cookies’ to enable the website to recognise you when you return. A cookie is a small text file that transfers to your computer (or phone or tablet) and can help with things such as auto-filling your name and address in text fields.
By using the 4 Armed Health website you are confirming you agree to our privacy and cookies policies.
There is more information about how cookies work as an appendix to this document.
If you enter details onto one of our online forms and you don’t send or submit the form, we may contact you to see if we can help with any problems you may be experiencing with the form or with our website.
Our premises are monitored by CCTV or door access systems. For the purposes of security, images and videos may be retained for a limited period of time.
Information provided by third parties
Sometimes information will be provided indirectly through a third party, for example: from an organisation where you have given permission to share your data, or patient information may have been shared with 4 Armed Health through other agencies, health and social care professionals.
Information collected from public sources
4 Armed Health may collect information from public sources such as Companies House, social media profiles, newspapers and other published material. 4 Armed Health may also carry out research into population demographics, geographic data or other areas which may impact on our future screening and diagnostic delivery or identify potential areas of focus.
HOW WE USE YOUR DATA
The following gives examples of how data is used
- For the purpose of treatment and care
- To make sure we maintain our responsibilities for quality and accountability
- To inform the development of Screening and Diagnostic Services
- To raise awareness of the need for screening and diagnostics
- To maintain a relationship with you as a supplier of services
To ensure we contact supporters with the most appropriate communication we may profile your data by combining the information we hold with other sources of information or carry out other analysis techniques. This will enable 4 Armed Health to contact you in the most relevant way and provide an improved experience. If you do not want your data to be used in this way, then you can opt out at any time by emailing firstname.lastname@example.org or by telephoning 0207 846 5656.
We may record telephone conversations for the purposes of staff training or other development.
You have the right to ask us not to process your information in this way at any time. If you no longer wish to receive emailed or web based marketing information you can unsubscribe at email@example.com
HOW WE WILL CONTACT YOU
If you have told us how you prefer to be contacted, then we will use your preferred method to contact you. This may be by post, email, telephone, text or another method you have requested.
We will comply with the requirements of the data protection laws to ensure we do not contact you without your consent for the purposes of marketing calls by telephone, email or text message.
We understand people may give us their contact details for a variety of purposes but will only use them for marketing purposes if this was made clear at the time they were given, and we received your consent.
Patient information may be shared with other parties for the following reasons:
- For the purpose of treatment and care
- To make sure we maintain our responsibilities for quality and accountability
- To raise awareness for the needs of screening and diagnostics
- To provide information to regulatory bodies
We will always seek consent before identifiable patient information is shared for the purposes listed above.
NATIONAL DATA OPT-OUT PROGRAMME
From May 25th, 2018, any person aged 13 years or over, with an NHS number, can opt-out of having their confidential identifiable patient information being used for reasons other than their individual care and treatment If you wish to opt out or wish to find out more information about this, please go https://digital.nhs.uk/services/national-data-opt-out-programme
4 Armed Health does not sell personal details to third parties for the purposes of marketing. 4 Armed Health uses third party agencies who act under contract to carry out tasks on their behalf. This may include data cleaning, direct mail fulfilment services, database technical support from IT providers, data hosting, external secure archiving, and confidential record destruction. These providers, in addition to contractual commitments to 4 Armed Health, have the same obligations as 4 Armed Health under data protection legislation.
4 Armed Health may also engage third party medical or therapeutic professionals or other contractors or agency staff to work on site providing or supporting 4 Armed Health services. These third parties may be given access to personal information on the same basis as 4 Armed Health staff and will be contractually bound to the same standards of data protection and confidentiality.
Employee data made be shared with third parties for the purpose of occupational health assessments; consent will always be obtained for this. Payroll data will be shared with our payroll processing bureau and with Her Majesty’s Revenue and Customs.
Where possible, 4 Armed Health will always choose to anonymise data before sharing with third parties.
4 Armed Health may be required by law to share data to comply with legislation, for example, to safeguard an adult at risk of harm, as a result of a court order, a request from the police who are investigating a crime or an investigation from other authorities, for example, a tax enquiry.
SAFEGUARDS TO PROTECT YOUR PRIVACY
4 Armed Health takes data protection and information governance very seriously.
All 4 Armed Health staff receive formal training annually and are supported with resources, materials and advice to ensure that the organisation complies with the requirements of the various data management and protection legislation and best practice guidance. This includes the General Data Protection Regulations (EU) 2016, and National Data Guardian’s 10 Data Security Standards 2017.
All access to data is managed through role-based security to ensure access to systems and data is restricted only to those who have appropriate authority.
All 4 Armed Health mobile devices and servers are encrypted, and data is held in a secure data centre. On our website, if the web page starts with HTTPS or if you see a padlock symbol, your data should be encrypted when it is sent from your computer to its destination. If you do not see this symbol then it is not encrypted, and you should not send confidential, financial or sensitive data.
Software versions are updated to ensure they are supported, and 4 Armed Health deploys up-to-date virus protection systems
All data processes and systems at 4 Armed Health are risk assessed to ensure compliance with legal requirements and best practice. The process includes the identification of the legal basis by which information is processed. Depending on what this is, further steps are carried out to protect your interests; this may mean contacting you to obtain your specific consent.
4 Armed Health has a retention policy for all data stored or processed on 4 Armed Health systems. Information is only kept as long as it is required, or as long as there is a legal requirement to keep it. Information no longer required is disposed of in a secure manner.
In order to maximise the security around processing of financial transactions the 4 Armed Health website uses industry recognised secure payment processing companies to process payments. This means that whilst on the 4 Armed Health website you may be seamlessly passed over to a third-party payment portal to complete you transaction (e.g. PayPal or SagePay) – this may include the transfer of personal details you have already provided. We will always make it clear where this happens.
Where our website links you to sites hosted by other organisations, we will make this clear, so you know you are leaving the 4 Armed Health website. No personal data will be transferred over these links.
The majority of 4 Armed Health data is processed in the UK or the European Economic Area (EEA). Occasionally there may be a requirement to process non-care data outside of this zone. Where data is sent outside of the EEA we will ensure appropriate obligations are in place to give your data the same level of protection as it would have in the EEA. This may be through data sharing agreements, national agreements or confidentiality contracts. By providing your personal data to 4 Armed Health you agree to this transfer, storage and processing.
DEBIT AND CREDIT CARD INFORMATION
If you use your credit or debit card to pay for a transaction, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard. 4 Armed Health does not keep your payment details – all card details and validation codes are securely destroyed once the payment has been processed.
INAPPROPRIATE WEBSITE CONTENT
If you post or send any content that we believe to be inappropriate, offensive or in breach of any laws, such as defamatory content, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.
Your rights are important to us, we recognise that you have the following rights
- The right to be informed about your personal information we store and/or process
- The right of access to the information we hold about you and make a subject access request
- The rights of erasure or restricted processing
- The right of portability – you may be able to ask us to give information we hold about you to another organisation.
- The right to object to the way in which we store or process your information
- The right to object to any automated decision-making process that we may use
If you would like to exercise any of these rights, please contact the Data Protection Officer at firstname.lastname@example.org or telephone 0207 846 5656 or write to the Data Protection Officer at 4 Armed Health, Maple House, High Street, Potters Bar, Hertfordshire. EN6 5BS
For the purposes of Data Protection Laws, the Data Controller is:
4 Armed Health, Maple House, High Street, Potters Bar, Hertfordshire. EN6 5BS
Registration No: - 13033669
Where this document refers to we or us we mean 4 Armed Health
You may contact the 4 Armed Health Data Protection Officer at any time if you have any concerns or questions about how your data has been used. Contact can be made using the above details
If you are not satisfied with the way 4 Armed Health handles your request you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website at http://www.ico.org.uk
EQUALITY & DIVERSITY STATEMENT
4 Armed Health will ensure that the contents of this document are applied in a fair and reasonable manner that does not discriminate on the grounds of any protected characteristic as defined by the Equality Act 2010.
APPENDIX 1 – COOKIES
Examples of the sort of information that is collected via session cookies are provided below. This list is not exhaustive:
- The last search term that you used within the site
- Your preference in terms of accessible viewing options
- A unique ID to track your session from page-to-page, which is vitally important should you sign into the site
- Which page you are looking at within a multi-paged index of content, or search results.
Certain cookies are persistent, meaning that they last beyond your session, enabling an enhanced user-experience when you return to the site. Again, a non-exhaustive list of examples of the use of persistent cookies includes:
- The option to “Remember my username” when signing-in to the site
- The fact that you have voted in a poll, so that you are prevented from voting multiple times.
This site uses Google Analytics (www.google.com/intl/en_uk/analytics) to allow us to track how popular our site is and to record visitor trends over time. Google Analytics uses a cookie to help track which pages are accessed. The cookie contains no personally-identifiable information, but it does use your computer’s IP address to determine where in the world you are accessing the site from, and to track your page visits within the site.
What is a cookie?
- First and third-party cookies: whether a cookie is 'first' or 'third' party refers to the domain placing the cookie. First-party cookies are those set by a website that is being visited by the user at the time (e.g. cookies placed by www.4armedhealth.com).
- Third-party cookies: are cookies that are set by a domain other than that of the site being visited by the user. If a user visits a website and another entity sets a cookie through that site this would be a third-party cookie.
- Persistent cookies: these cookies remain on a user's device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
- Session cookies: these cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.
How to delete and block our cookies
Can I withdraw my consent?
If you wish to withdraw your consent at any time, you will need to delete your cookies using your internet browser settings.
For further information about deleting or blocking cookies, please visit: http://www.aboutcookies.org
How to turn cookies off
Internet browsers allow you to change your cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser. In order to understand these settings, use the 'Help' option in your internet browser for more details.
What cookies do we use and why?
To find out about specific cookies we use on this site, please see below for details.
The cookies used on our site are categorised as follows:
- Strictly necessary
'Strictly necessary' cookies let you move around the site and use essential features like posting feedback. Without these cookies, these services cannot be provided. Please note that these cookies do not gather any information about you that could be used for marketing or remembering where you've been on the internet.
We use these strictly necessary cookies to:
- identify you as being logged in to our site; and
- enable you to submit information via online forms such as registration and feedback forms.
Accepting these cookies is a condition of using the site, so if you prevent these cookies, we can't guarantee your use of our site or how the security on our site will perform during your visit.
'Performance' cookies collect information about how you use our site e.g. which pages you visit, and if you experience any errors. These cookies do not collect any information that could identify you and is only used to help us improve how our site works, understand what interests our users and measure how effective our content is.
We use Web Analytics performance cookies to provide anonymous statistics on how our site is used.
Some of our performance cookies are managed for us by third parties. However, we don't allow the third party to use the cookies for any purpose other than those listed above.
By using our site, you accept the use of 'Performance' cookies. Accepting these cookies is a condition of using the site, so if you prevent them, we cannot guarantee how our site will perform for you.
More information about cookies
Information about cookies: useful information about cookies can be found at: www.allaboutcookies.org
International Chamber of Commerce United Kingdom: information on the ICC (UK) UK cookie guide can be found on the ICC Web site section: www.international-chamber.co.uk/our-expertise/digitaleconomy