At Connect we are committed to ensuring the best standards of practice in all our activities. This extends beyond assuring the quality and safety of our clinical services, to ensure high standards of quality and safety in the way we handle and manage personal data.
In particular, our approach to data privacy and security is designed to protect the interests of:
- Our Patients
- Our Staff
- Individuals who interact with our website
Individuals from any of the above categories can be assured that the protection of privacy and confidentiality are given the highest priority, with all personal information being collected, held and used in strict compliance with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) 2018
Type of data and the legal grounds on which data is processed
As a Healthcare organisation we have a legal duty to collect and process information relating to the creation of medical records (patients) and personnel records (staff), as well as receiving inquiries (website) and conducting surveys. As such, we will ensure all personal data is collected, held and transferred (where required) in a lawful manner and in line with GDPR ‘good practice guidelines’.
Who controls the data we hold
Connect Health Ltd will be the Data Controller for the information we gather from you, although ultimately it is the individual themselves who have control of the data, in line with an ‘Individuals Rights’ (unless exceptional legal jurisdiction applies). In the majority of cases Connect Health employees will be the ‘data processors’, who collect, store, transfer and destroy the data, in line with appropriate guidelines or individuals expressed wishes (where applicable). This will only occur in line with the purpose for which the data is collected and will not be manipulated, transferred or destroyed without legal basis or an individual’s expressed wishes. No data will be transferred outside of EU borders.
How long will the data we hold to be kept for
Different types of data have different legal ‘retention periods’ that we abide by, such as medical records and personnel records retention periods. Personal data will be held for no longer than is necessary and will be destroyed appropriately when the data retention period has expired. Equally, individuals have the right to ask for their data to be destroyed or transferred elsewhere if they wish, at any time (providing no other laws prevent this from happening).
The rights of the individuals whose data we process (Data Subjects)
GDPR regulations allow individual ‘data subjects’ particular rights, the key ones being:
- Right to be informed– of how we fairly process your data
- Right to access– the data that is held on you
- Right to rectification– of any data felt to be inaccurate or incomplete
- Right to erasure– of your data (otherwise known as ‘right to be forgotten’)
- Right to restrict processing– to ‘block’ or prevent further processing of existing data
- Right to data portability– transferring data to another provider/data controller
- Right to object– to processing (inc profiling), direct marketing, and certain types of research
- Right to question automated decision making(eg for the purpose of profiling)
We will accommodate your wishes in line with your rights under GDPR as long as it is not contravened by any other relevant associated regulations.
Information collected through our website
We do not collect any personal information from visitors to our website other than information that is knowingly or voluntarily given. Anonymous information is collected, such as the number of visitors to the website in a given period but is purely statistical and cannot be used to identify an individual user.
Cookies are not used to collect any other information from visitors to the website. Visitors interested in requesting more information must provide contact details and the reason for their request. Visitors will not be contacted by us, unless such information is given, and contact is specifically requested.
We will never pass any personal information to any third party outside of our organisation (unless they are commissioned for data processing activities where we remain the ‘data controller’) without your consent.
We take appropriate measures to safeguard the information we hold from unauthorised access or improper use. Our data is stored in a secure, protected environment. Only users authorised by us have access to this data.
Integrity of Data
We take all reasonable measures to ensure that the information we hold is accurate. In particular, we use reliable collection methods and destroy or convert to an anonymous form, any out of date data. Individuals may request details of all personal information held by us so as to contest inaccurate or incomplete data, verify the information and have it corrected as appropriate.
Complaints & Concerns
Alternatively, you can raise an issue, if you feel we have in any way handled your personal data unfairly or inappropriately, with the Information Commissioners Office. Further details on GDPR and data protection laws can also be found at the ICO website.
Terms & Conditions