Any questions regarding this policy and our privacy practices should be sent by email to [email protected]
We collect personal data from the following categories of people:
As set out in further detail below, we process two categories of personal data about you (where this applies):
When using our services, or considering using our services, we may ask for your contact details and other basic personal data including name, address, email, telephone number, date of birth, as well as medical records and other clinical, legal, financial and social information. This may be collected directly from you or passed to us by third parties who you have authorised to share this information with us, such as your GP, solicitor, or a family member.
Examples of clinical, legal, financial and social information we may request from you or third parties on your behalf include:
When using our website(s) or requesting further information through our “Contact Us” section you may be asked to provide your name, email address, mailing address, phone number, relationship to the patient or prospective patient, or other details to enable us to respond to you, as well as basic information regarding your enquiry.
When dealing with prospective referring professionals, as well as basic contact details, we may request your job title and area of specialism.
When dealing with prospective doctors, clinicians, employees and other individuals who wish to work with us, we request a number of pieces of information which are standard in a normal recruiting process in our industry, including, for example, basic personal data, CV, references, passport details, criminal record checks, DBS checks, GMC or regulatory body registrations, appraisals, CPD records, learning & development records, indemnity insurances details and occupational health records. Likewise, for doctors, clinicians, employees and other individuals who do work with us, we store the above-mentioned personal data, along with a photograph and biography details of such individuals, and we may display photographs and biographies on our website(s) for marketing purposes.
We collect information from you when you enter information on our website(s). We also collect information when you contact us directly by phone or email, or when we are instructed by a third party who you have authorised to share this information with us, such as your GP, solicitor, or a family member.
With regards to prospective referring professionals, we may collect your contact details from publicly available sources, such as your website(s).
With regards to prospective doctors, clinicians, employees and other individuals who wish to work with us, we may collect your contact details from publicly available sources, such as your website(s), or from third parties that you have authorised to share them, such as recruitment agencies.
We have to identify which legal grounds we are relying on when we process personal data. Please note that we may process your personal data on more than one lawful ground depending on the specific purpose for which we are using your data. Examples of the lawful grounds we rely on are set out below but please contact us at [email protected] if you need further details about the specific legal ground(s) we are relying on to process your personal data.
We may use the information we collect in the following ways:
Generally, we do not send any marketing or promotional communications to customers or patients.
We never sell the data we hold to any third parties or use the data to help third parties market to you in any way.
Your personal information is contained in secure networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
We use a cloud-based records system to keep all our patient and customer records in a secure environment. The system we currently use is Lumeon, the security of which is ISO-certified.
Where personal data is in hard copy, this is shredded as soon as possible. Where hard copy data must be retained, it is kept in locked filing cabinets, in locked offices.
We take care to ensure that your personal data and other confidential information is treated in the strictest confidence, and is only shared with others, both internally within Halcyon Doctors, and externally with third parties, on a need-to-know basis.
Personal data relating to patients, customers, doctors, clinicians, etc. may be shared internally in order to provide services to you. For example, we will have to provide your basic contact details and medical records to the doctor/clinician who has been assigned to you.
As part of the services we provide, we may be required to share certain personal data with third parties, for example:
Your personal data may also be shared with website hosting partners and other parties who assist us in operating our website(s), conducting our business, or serving our users, so long as those parties agree to keep the information confidential. We may also release information when its release is appropriate to comply with the law, enforce our policies, or protect ours or others’ rights, property or safety. Data may be shared through the use of standard email encryption i.e. email is encrypted whilst in transit by means of TLS where possible failing over to SSL or HTTPS if the recipient does not support TLS.
We are committed to our legal obligation to retain your personal data for only as long as is reasonably necessary. In some instances, we are required by law to retain certain personal data for a minimum period of time.
We are legally obliged to retain patients’/customers’ medical data, including deceased patients/customers, for a minimum period of seven years. Further, with regards to other personal data, it may be reasonable for us to retain it for some time, including potentially following the death of a patient, in the event that there are any regulatory requirements or legal issues, such as contentious probate.
In addition, we are legally required to retain certain personal data in relation to contracts that we are performing, for example in relation to employment contracts and patient/customer service contracts to allow us to perform those contracts.
With regards to prospective patients and customers, we may retain your contact details for up to two years as this is generally the maximum period during which an enquiry from a prospective patient/customer converts into an actual patient/customer. Any other personal data that has been provided to us at the enquiry stage is normally only retained for up to three months.
With regards to prospective doctors, clinicians and/or other employees, we will retain your personal data for a reasonable period following a decision by either party not to proceed with your engagement with Halcyon Doctors.
With regards to doctors, clinicians and/or other employees who provide services on behalf of Halcyon Doctors, we will retain your personal data for the duration of your engagement with us, and for a reasonable period after, for the purposes of responding to potential claims, HMRC enquiries etc.
The accuracy of your information is important to us. If you wish to review and/or correct the information that we hold about you at any time, please email us: [email protected]
You have the right to ask for a copy of the information we hold about you (we may charge for information requests to cover our costs in providing you with details of the information we hold about you).
You have a choice about whether or not you wish to receive communications from us. If you do not want to receive communications from us, then please notify us by contacting [email protected] Please note however, that if you choose to cease communications from us, this may have an impact on how we can continue to provide services to you.
In certain circumstances, and where this does not contradict with our legal requirements as described above, you have the right to have information that we hold about you deleted or destroyed and you can contact us at any time to request this by email: [email protected]