We Fitfile Healthcare Ltd (also referred to as “we”, “us”, or “our”) are a registered company in England and Wales (Company no. 9480669).
Our registered address is Fearnley Tregay Lane Liskeard Cornwall PL14 6RQ.
THE PURPOSE OF THIS NOTICE
This Notice is designed to help you understand what kind of information we collect in connection with our products and services and how we will process and use this information. In the course of providing you with products and services we will collect and process information that is commonly known as personal data.
This Notice describes how we collect, use, share, retain and safeguard personal data.
This Notice sets out your individual rights; we explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
WHAT IS PERSONAL DATA?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
Personal data may also contain data relating to criminal convictions and offences.
PERSONAL DATA WE COLLECT
As a healthcare provider we will have information or data that is classified as Special Category Data under the General Data Protection Regulation (GDPR).
Personal data: name, age address, telephone number, email addresses. This data is held securely and for the purpose of making contact with you. We do not share any data unless you have specifically requested and consented.
Medical record: As a patient we have a record of your visit to to clinic, your disclosures of medical conditions and medications taken. The record will include a summary of treatment given during your visit. We do not share any data unless you have specifically requested and consented.
We process this special category data under section GDPR; processing is necessary to protect the vital interests of the data subject. Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional.
We will collect your personal data when you visit our website, where we will collect your unique online electronic identifier; this is commonly known as an IP address.
We will also collect electronic personal data when you first visit our website where we will place a small text file that is commonly known as a cookie on your computer. Cookies are used to identify visitors and to simplify accessibility, and to monitor visitor behaviour when viewing website content, navigating our website and when using features.
Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
As a provider of insurance and/or finance services, we will process the following categories of data:
• Personal data such as an individual’s name, address, date of birth, gender and contact details.
• Special categories of personal data such as health and injury (physical and physiological).
If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about our processes or further details on how we collect personal data and with whom we share data with, please contact us by email [email protected]
WHY DO WE NEED YOUR PERSONAL DATA?
We will use your personal data for the performance of our contract with you, and provide you with treatment and medial rehabilitation advice, to process your visit, to administer your care, to respond to any requests from you about services we provide and to process complaints. We may also use your data to perform statistical analysis on the data we collect, for financial planning and small business forecasting purposes.
We will use the special category data we collect about you for the performance of our contract with you which is deemed to be necessary for reasons of substantial public interest. This allows us to provide healthcare treatments.
In purchasing our services you should understand that you are forming a contract with us. If you request contact related to the services we provide, we consider ourselves as having a legitimate business interest to provide you with information about those services. You may request to be withdrawn from all such contact at any time.
Our retention periods for the personal data is subject to conditions under our Health Professionals Insurance Policy and The Statute of Limitation in the UK. As such our records shall be kept for at least 7 years following the last occasion on which treatment was given.
For all complaints and malpractice claims we willretain your personal data at the end of any contractual agreement indefinitely. Where you make a complaint we will retain the data for 10 years. This data will be retained for our protection. Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data.
The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interestsfor statistical analysis (profiling) and product development and marketing purposes.
Sometimes we may need to retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
- The right to be informed about the personal data being processed;
- The right of access to your personal data;
- The right to object to the processing of your personal data;
- The right to restrict the processing of your personal data;
- The right to rectification of your personal data;
- The right to erasure of your personal data;
- The right to data portability (to receive an electronic copy of your personal data);
As mandated by law we will not charge a fee to process requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact us by email [email protected] or in writing to Fitfile Healthcare Ltd
Fearnley Tregay Lane Liskeard Cornwall PL14 6RQ.
PROTECTING YOUR DATA
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data to agreed authorised third parties.
DATA PRIVACY REPRESENTATIVE
To ensure data privacy and protection has appropriate focus we have a nominated Data Privacy Representative who is Andrew Burdon, who may be contacted at: [email protected]
If you are dissatisfied with any aspect of the way in which we process your personal data please contact us. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
HOW TO CONTACT US
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact us at Fitfile Healthcare Ltd
Fearnley Tregay Lane Liskeard Cornwall PL14 6RQ
Tel: 01579 344244 email: [email protected]