This Privacy Notice sets out details of how we, your treating clinicians responsible for your treatment, and our medical secretaries, may collect and use your personal data during the course of our professional relationship with you as independent contractors, and after this relationship has ended. Please take your time to read this Privacy Notice carefully.
In this Privacy Notice we use “we” or “our” or “ours” to refer to us as the clinicians at The Foot and Ankle Centre Tunbridge Wells, who are processing your personal information.
Data Protection Officer
The Foot and Ankle Centre Tunbridge Wells has appointed Clare Ritchie as Data Protection Officer ("DPO"). The DPO helps ensure that The Foot and Ankle Centre Tunbridge Wells complies with data protection law.
The DPO can be contacted by:
Telephone: 01825 713310
Post: Data Protection Officer, The Foot and Ankle Centre Tunbridge Wells, Spire Hospital, Fordcombe Road, Tunbridge Wells, TN4 0RD
If you would like further information about any of the matters in this Privacy Notice or have any other questions about how we collect, store or use your personal information, please contact the DPO using the details above.
The personal information which The Foot and Ankle Centre Tunbridge Wells holds about you will mainly relate to your medical treatment, but will also include other information such as financial data in relation to billing. The Foot and Ankle Centre Tunbridge Wells must comply with the data protection legislation and relevant guidance when handling your personal information, and ensure that any clinician, medical/administrative secretary working in The Foot and Ankle Centre Tunbridge Wells also complies with the data protection legislation. Your personal data must also be managed in accordance with all applicable professional standards including guidance from the General Medical Council and British Medical Association.
The Foot and Ankle Centre Tunbridge Wells will provide your treatment from a hospital/other independent provider and, in due course, it may be necessary for that hospital/other independent provider to also process your data. This could be where the hospital/other independent provider needs to arrange other healthcare services as part of your treatment, including nursing care and physiotherapy, or radiology services. In that case, the hospital/other independent provider will become a joint Data Controller in respect of your personal information and you will be provided with a copy of their Privacy Notice that sets out how they will manage that information.
What personal information do we collect?
1) General Personal Information
- Contact information (including your name, home address, personal telephone number(s) and personal e-mail address)
- Business contact information (including e-mail address and telephone number)
- Job title/occupation
- Date of birth
- Marital status
- Emergency contact information and next of kin
- Health insurance policy details
- Your GP
The list set out above is not exhaustive, and there may be other personal data we collect, store and use in the context of the professional relationship. We will update this Privacy Notice from time to time to reflect any notable changes in the categories of personal data that we process.
The majority of personal data that we process will be collected directly from you. In some cases third parties may provide additional personal data, for example referring medical practitioners or your insurance policy provider.
2) Special Categories of Personal Information (previously known as “sensitive personal data”)
Certain categories of data are considered by law to be ‘special categories of personal data’ and are subject to additional safeguards. These may include:
- Details of your current or former physical or mental health, including information about any healthcare you have received from other healthcare providers such as GPs, dentists or hospitals (private and/or NHS), and may include details of clinic or hospital visits, as well as medicines administered
- Details of services you have received from me
- Details of your nationality, race and/or ethnicity
- Details of your religion (if medically relevant)
- Details of any genetic data or biometric data relating to you
We will always treat information about an individual’s physical and mental health as confidential and it will only be shared with third parties when there is a specific and legitimate purpose to do so. We have implemented appropriate physical, technical and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In doing so we will comply with UK data protection law and all applicable medical confidentiality guidelines issued by professional bodies including the General Medical Council.
How will we communicate with you?
We may communicate with you by telephone, SMS, email and/or post, but will try and use your preferred method where possible.
If we contact you by telephone and the resultant call is directed to a voicemail/answering service we may leave a voice message, if appropriate, with limited detail as to the reason for the call and how to call back.
In order to provide basic administrative and appointment information we may communicate with you by SMS and/or unencrypted email. However if we are providing medical or sensitive information we will communicate with you by encrypted email, where you have expressed a preference in the patient registration to be contacted by email.
For what purpose is your personal data used?
- Taking appropriate steps at your request to set you up as a patient so that you can enter into a contract with The Foot and Ankle Centre Tunbridge Wells to receive healthcare services from us
- For the purposes of providing you with healthcare, supporting your medical treatment and supporting other healthcare professionals to provide services to you.
- To enable accurate billing, for account settlement purposes and maintaining accounting records
- For medical audit/research purposes*
- For communicating with you and resolving any queries or complaints you may have.
- To communicate with any other individual that you ask us to update about your care and also to update other healthcare professionals about your care**
- To comply with our legal or regulatory obligations, and to defend or exercise our legal rights.
*We may process your personal data for purposes of local clinical audit, carried out by The Foot and Ankle Centre Tunbridge Wells, in order to assess outcomes for patients and identify improvements that could be made for the future. We may also be asked to share information with UK registries that form part of the National Clinical Audit programme. We may do so without your consent, provided the particular audit registry has received statutory approval, and where the information will be provided in a purely anonymous form. If the data is not in an anonymous form we or the registry will seek your specific consent.
** We also participate in initiatives to monitor safety and quality, helping to ensure that patients are getting the best possible outcomes from their treatment and care. The Competition and Markets Authority Private Healthcare Market Investigation Order 2014 established the Private Healthcare Information Network (“PHIN’), as an organisation who will monitor the outcomes of patients who receive private treatment. Under Article 21 of that Order, we are required to provide PHIN with information related to your treatment, the nature of your procedure, whether there were any complications such as infection or the need for readmission/admission to a NHS facility and also feedback you provided as part of any PROMS surveys. PHIN will use your information in order to share it with the NHS, and track whether you have received any follow up treatment. The records that we share may contain personal and medical information. PHIN and The Foot and Ankle Centre, Tunbridge Wells will apply the highest standards of confidentiality to personal information in accordance with data protection laws and duty of confidentiality. Any information that is published by PHIN will always be in anonymised statistical form and will not be shared or analysed for any purpose other than those stated. Further details as to how PHIN uses information, including its Privacy Notice, is available at phin.org.uk.
How long do we keep personal information for?
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice and in order to comply with our legal and regulatory obligations. Under certain circumstances we may anonymise your personal data so that it cannot be used to identify you, and is therefore not personal data. We reserve the right to retain and use such anonymous data for any legitimate medical purpose including audit and research. (See above)
If you would like further information regarding the period for which your personal information will be stored, please contact the DPO for further details.
Under data protection law you have certain rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us via our Data Protection Officer.
Your rights include:
The right to access your personal information
- You are usually entitled to a copy of the personal information we hold about you and details about how we use it.
- Your information will usually be provided to you in writing, unless otherwise requested. If you have made the request electronically (e.g. by email) the information will be provided to you by electronic means where possible.
- Please note that in some cases we may not be able to fully comply with your request, for example if your request involves the personal data of another person and it would not be fair to that person to provide it to you. Such requests have to be considered on a case-by-case basis.
The right to rectification
- We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
The right to erasure (also known as the right to be forgotten)
- In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks that are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims
The right to restriction of processing
- In some circumstances, we must "pause" our use of your personal data if you ask us to. We do not have to comply with all requests to restrict our use of your personal information. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to data portability
- In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.
The right not to be subject to automatic decisions (i.e. decisions that are made about you by computer alone)
- There is no automated decision-making in relation to your treatment at The Foot and Ankle Centre Tunbridge Wells.
The right to withdraw consent
- In some cases we may need your consent in order for my use of your personal information to comply with data protection legislation. Where we do this, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting the DPO.
The right to complain to the Information Commissioner's Office
- You can complain to the Information Commissioner's Office (ICO) if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.
- More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
- Making a complaint will not affect any other legal rights or remedies that you have.
Your duty to inform us of any changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Updates to this Privacy Notice
We may update this Privacy Notice from time to time to ensure that it remains accurate. In the event that these changes result in any material difference to the manner in which we process your personal data then we will provide you with an updated copy of the Privacy Notice.
This Privacy Notice was last updated on: 12th October 2018.