Last updated (08 Aug, 2020)
This Privacy Policy lays out the basis on which we access, preserve, report and handle any personal data we receive from you, or that you send to us. Please read carefully the following to understand our views and practices about your personal data, how we intend to treat it and your rights about that data. By providing us with your personal data or using our services, websites or other online or digital platform(s) you agree or consent to the practices described or referred to in this Privacy Policy.
Information We Collect
At Dermedicare, we collect personal information to better care for you. Personal data is any information about a living, identifiable person. Your personal data is any information that can be attributed to you personally, including but not limited to your name, height, weight, date of birth, health conditions and medical care you receive or have received. Organisations which make use of personal information must do so in accordance with the provisions of the Data Protection Act. The Act applies to personal data held in both electronic and physical media.
We collect personal information from you when you:
- Register to be a patient and therafter when you interact with our services
- If you apply for a position with us, during the recruitment process.
- Use any of our services.
- Complete a survey form for us.
- Contact us by email, phone or social media.
- Engage in any of the interactive features of our Website.
Why We Collect Your Information
We use your records and information to:
- Provide you with the information, products or services you ask of us
- See to it that your care is safe and effective
- Work together for those providing you with care
- Respond to your requests when we are obliged to do so
- Check the quality of care you have received
- Ensure that our Website’s content is provided to you in the most efficient manner
Records are maintained in compliance with the Health and Social Care Department's nationwide guidelines and the Health and Social Care Records Management Code of Conduct 2016. In keeping up with this code of practice, records including confidential information are securely destroyed.
Lawful Basis for Keeping Your Information
In accordance with the data protection law, a lawful basis must be established to process your information. This lawful basis includes at least one of the following:
Having analysed and taken into account your interests, rights and freedoms, we collect your personal information for a variety of valid purposes as set out in this Privacy Policy.
Unless you agree otherwise, your personal information will only be used for the purpose for which it was intended and in accordance with our Privacy Policy, clinical records retention periods, applicable data protection laws, and clinical confidentiality guidelines.
Who We Share Your Personal Data With
We may share your information with staff in other organizations for the purpose of delivering or improving healthcare or in instances where there is a legal requirement for us to do so. Such organisations include but are not limited to:
- Health authorities
- Other NHS organisations
- General practitioners (GPs)
- Police
- Department for Work & Pensions
- Clinical commissioning groups
- Voluntary sector providers and private sector providers.
- Other NHS common services agencies such as primary care agencies
Security of Your Information
We do not sell your information to third parties, and we only share it with organisations that are involved delivering healthcare or supporting the delivery of your healthcare. Information is kept on our secure network and our emails are encrypted.
Use of CCTV
Records from CCTVs (video and audio recordings) may be used for the prevention and detection of crime. Images may be shared with the Police for the investigation of crimes. Where CCTV is in operation, we comply with all legislation - including secure storage
Your rights
You have the following rights in relation to your personal data
You have the right to withdraw consent you have previously given to us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent.
Please note that your rights are not absolute. There are instances in which they do not apply. However, we will inform you of instances in which they do not apply in our correspondence with you and let you know whether we will be able to comply with your request. If you want to exercise your rights in respect of your personal data, the best way to do so is to contact Dr Ash Al-Hadithi
How Do I Raise a Concern?
If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office, the UK's independent body set up to uphold information rights on 0303 123 1113 or visit their website (https://www.ico.org.uk)