What this Policy is about
At Invizo Limited (trading as the Children’s e-Hospital) we are committed to protecting any personal information which we may hold about you. This policy explains the types of information which we may collect and how we treat and use that information.
We comply with the various requirements set out in the Data Protection Act 1998 which regulate how personal information should be treated. Invizo Ltd is registered with the information commissioners office (registration number ZA120145)
What is meant by “personal data”?
For the purposes of the Data Protection Act 1998, personal data is information which relates to a living individual who can be identified from that information. Common examples of personal data used in day to day business activities include names, addresses, telephone numbers, email addresses and in some cases, CVs and salary or other payment details. Some information is considered to be “sensitive personal data” for the purposes of the legislation. This would include for example, information about racial and ethnic origin and mental or physical health.
The type of information that we may hold
The information which we may gather and hold about you will depend in part on how you use our website (www.e-hospital.co.uk). For example, if you are a member of the public and you send us your contact information in order to sign up to our health alerts then we will hold your name and contact details such as your email address. Similarly, if you contact us using the contact link on our website then we may retain any emails which you send to us and any personal information which is included in them. If at any time we provide to you any paid-for services, we will also hold transaction details.
The information which we may hold may be in computerised or in some cases, paper format.
We may also collect information about your use of our website as you browse and may use that information to personalise content. That information may not necessarily constitute personal information however and further information about this is provided in our Cookies Policy.
Certain functions on our website are reserved for use by medical professionals only and where they have registered with us for use of those functions. As part of using that functionality, we will also need to hold certain information about those registered users such as name, contact details, place of work, job title and qualifications.
From time to time, we may also invite people who are interested in working with us, to send relevant information such as a CV.
Please note that we do not hold medical records nor case specific information about patients. Any medical enquiries which are raised must always be raised on a non-named and generic basis only.
Your consent to our use of your information
By providing us with any personal information, you understand and agree to our using the personal data in accordance with this policy and for the purposes for which you sent us the information.
If you provide any personal data to us about any other person then you must have the express agreement of that person to disclose that information or should otherwise be in a position to disclose it for example, if you are a parent disclosing information about your child. You should only disclose personal data about any other person where you have the appropriate consent and authority to do so.
Similarly, if you are a minor (aged under 16 years) you should also have the permission of your parent or guardian before disclosing any personal information to us.
How your personal data will be used
We will treat your personal data securely and we have in place procedures to adhere to our obligations under Data Protection law.
The uses which we make of your personal data may include (though are not limited to), us using information to deal with queries and enquiries, administer and maintain records of any staff or contractors where relevant, provide services whether paid for or otherwise, send out our health alerts and other communications and generally, for the proper administration of our business.
We may also use your personal information to keep you up to date with services which may be relevant to you such as to tell you about any training events which we may be running and we may contact you by post, phone or in most cases, by email. If you decide that you no longer wish to receive information from us then you can let us know at any time by emailing us at email@example.com or follow the instructions on our health alerts or other communications.
From time to time, it may become necessary or appropriate to disclose your personal data to carefully selected third party organisations, for example where we use an external organisation to provide services such as IT systems support or external consultants who may help us in our core business function. If this is the case, we will only disclose your personal data in compliance with our obligations under the Data Protection Act which means that we will put the appropriate safeguards in place when disclosing any such personal data about you. Where we use third party IT service providers, this may include information being transferred outside the European Economic Area (EEA) for example, depending on where our service providers’ servers or computers are located.
We may disclose personal information in response to a legal process, for example, in response to a court order. We may also disclose data in response to a law enforcement agency’s request or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person or as otherwise permitted or required by law and in accordance with legal requirements.
We will retain the personal data on our records for as long as we have a business requirement to retain it.
A person about whom we hold personal data has a right of access to that information. This means that you may submit a request at any time and you will usually be entitled to a description of your data which we hold and the purposes for which the data is being processed. Any such requests should be made in writing and should be addressed to The Children’s e-Hospital, PO Box 748, Wetherby, LS22 9FS or via email address: firstname.lastname@example.org. We aim to deal with requests for access to personal information as quickly as possible but will ensure that such requests are dealt with within 40 days of receipt of your request unless there is good reason for delay. We reserve our right to charge a nominal amount (which the law prescribes) in some circumstances.
We also have an obligation to ensure that the information which we hold about you is accurate and up to date. You have the right to ensure that any inaccuracies in your personal data are corrected or removed. In order to assist us in ensuring that the information which we hold about you is accurate and up to date, please ensure that we are notified of any changes in your personal details (such as a change of email address) by contacting us at The Children’s e-Hospital, PO Box 748, Wetherby, LS22 9FS or at email@example.com.
Our data protection officer is Dr Tim Ubhi who will deal with any concerns you may have. If after raising your concern with us, you remain dissatisfied with the response then you have the right to raise a complaint with the Information Commissioner’s Office which is the organisation responsible for promoting and enforcing data protection compliance.
Changes to this policy
We reserve the right to amend this policy at any time and as we see fit and you are advised to check it regularly for any changes.