This document is aimed at GPs and AHPs receiving marketing communications from New Victoria Hospital. It is an explanation of why we collect your personal data, how we store, how long we keep it and who we share it with. The document also outlines your rights regarding your personal data and who to speak to if you have any concerns regarding the management of your data at the hospital.
Why we process your personal data
In order to provide information to you about our services, New Victoria Hospital will record and process your contact details. We process your personal data primarily on the basis of Legitimate Interest.
A copy of our Legitimate Interests Assessment is available on request as part of our commitment to managing your information rights. Please contact the Data Protection Officer if you require to see this.
What we do with your data
By processing your Personal Information under Legitimate Interest, you will receive any information you requested, as well as allowing us to send you appropriate and useful communications. This includes but is not limited to hospital communications regarding:
Events such as Free GP & AHP Educational Seminars with presentations by Consultants holding practising privileges at the hospital (CPD points provided).
News of services, consultant procedures, events etc.
You can stop receiving our marketing communications by following the Unsubscribe instructions included in every email.
Where and how we collect and keep your data
Submitted personal details: When you sign up for events or communications on the website, liaise with our marketing team, send us an email, or communicate with us in any way, you are voluntarily giving us information that we collect. That information may include your name, physical address, email address, IP address, phone number, as well as details including occupation and location. By giving us this information, you agree to this information being collected, used, disclosed, transferred within the United Kingdom (to our data storage centre in England) and stored by us.
Purchased personal details: We may occasionally subscribe to databases that provide personal data for GPs/AHPs. We take steps to ensure that such third parties are legally permitted to disclose such information to us. In these instances we will inform you of the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; the categories of personal data concerned. This information will be provided to you at the latest, at the time of our first communication to you.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
All personal information is kept on site and in a secure storage facility. Electronic data is protected by the use of access control, and a robust network security regime. Paper documents that include personal information are kept securely locked away.
How long will we keep your personal data
We will only store your data, until such time as we are informed that your email address is redundant or you no longer wish to receive emails from us.
Who we share your personal data with
If required, New Victoria Hospital will share your information with our Consultants. Such instances could be following Consultant educational events that you attend
We may from time to time provide anonymised information of a general nature to third parties – for example, the number of individuals visiting our website or completing a registration form, but we will not use any information that could identify those individuals.
We will not share any of your information without a lawful reason to do so. The process of sharing will always be as secure as possible. We do not share any information with organisations outside the European Economic Area.
Your rights regarding your personal data
The General Data Protection Regulation allows you the following rights:
- The right to be informed about what personal data we keep, where and how we process it and who we share it with. We provide this information to you in our registration form where we request your permission to process your data and in this document.
- The right to access a copy of your personal information verbally or in writing. If you do request a copy of your information we will provide it to you in an electronic or paper format within one month of you requesting the information. We will not charge you for providing this information.
- The right to rectification of your personal data held by the hospital. If you request a change to your data we will make the changes within one month of your request.
- The right to have your data erased. This right is not absolute and will only apply if we are able to do so without breaking other laws that we need to abide by. If it is possible to erase your date we will do so within one month of us receiving your request.
- The right to restrict us processing your data.
- The right to data portability. This right applies to the data you have provided to us. If you request a copy of your personal information for your own purposes we will give you the data in either paper or electronic format.
- The right to object to the hospital processing your personal data. You have the absolute right to object to the hospital using your personal data for direct marketing purposes.
- Rights related to automated decision making including profiling. This right relates to processes where decisions are made solely by automated means without any human involvement. Although the hospital has no automated decisions process we are obliged to inform you of this right.
What we do to ensure your personal data is secure
New Victoria Hospital is registered with the Information Commissioner’s Office (ICO) as a data controller. Our registration number is Z7354295.
In order to keep your data secure we abide by, and are accredited for the following standards:
ISO27001 (includes an annual external audit by the British Assessment Bureau).
NHS Data Protection Security Toolkit (includes an annual review)
Payment Card Industry Data Security Standards (PCI DSS) (includes an annual review)
Our quality management system is ISO9001 accredited annually.
Reporting concerns regarding our management of your data
If you have any concerns regarding our management of your data please make us aware by contacting our Data Protection Officer. You have a right to make a complaint to the ICO at any time.
Data Protection Officer: firstname.lastname@example.org