Medical Solutions UK Ltd respects your privacy and will not share any of your personal details to third parties without your explicit consent.
It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.
We collect, use and are responsible for certain personal information about you. When we do so we are subject to the Data Protection Act 2018 and we are responsible as the controller of that personal information for the purposes of those laws.
Personal information we collect about you:
We process your personal and sensitive information solely for the purpose of providing you with access to our services and we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under the Data Protection Act 2018.
We may collect and use the following personal information about you and the patient, if different, including:
– your name and contact information, including your address, telephone number and email address;
– your date of birth; and
– if necessary, the name of the partner organisation who provides you with access to our services (e.g. your employer, insurer or membership group) and any access code, policy or membership number you may have.
This personal information is required to provide our services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing our services to you.
When we process sensitive personal information, we will only do so if:
– we have a lawful basis for doing so; and
– one of the special conditions for processing sensitive personal information applies e.g you have given explicit consent or under Article 9(h) of the GDPR.
How your personal information is collected:
We collect personal and sensitive personal information directly from you over the telephone, through our web app and/or online. We may also collect information directly from third parties e.g. insurance companies and other organisations which you are a member of.
All calls, consultations and electronic communications are recorded to protect the interests of all parties.
If you are happy to do so, we will also ask you to briefly describe the nature of your call and if appropriate, ask you to send images so that the doctor can better prepare for your consultation.
How and why we use your personal information:
Under the Data Protection Act 2018, we can only use your personal information if we have a proper reason for doing so. For example:
– to comply with our legal and regulatory obligations;
– for the performance of a contract with you or a third party or to take steps – at your request before entering into a contract;
– to collect feedback from you on our services;
– for our legitimate interests or those of a third party; or
– where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information. Our legitimate interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted to by law.
Who we share your personal information with:
We routinely share personal information with:
– third parties we use to help deliver our services to you
– other third parties we work with to provide services to you; e.g. insurance companies;
– other third parties we use to help us run our business e.g. website hosts;
third parties approved by you.
When you consent for us to do so, we may share your sensitive personal information with companies, organisations or individuals outside of Medical Solutions UK Ltd in order to provide you with additional services, if they are available to you.
These services include, but are not limited to:
– Private Prescriptions
– Private Fit Notes
– Private Open Referrals
We may also be asked by the partner organisation who provides you with access to our services to disclose relevant consultation records if you are in the process of making a claim or to facilitate continuity of care. Where we do not already have a lawful basis to share this information, we will seek your consent to do so.
In addition to the above, if the consulting doctor feels it is appropriate and with your consent, we will also share a copy of the consultation notes with your own NHS GP.
We only allow third parties to handle your personal information if we are satisfied they take appropriate measures to protect your personal information.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share anonymised or aggregated information with other parties, such as potential buyers of some or all of our business or during a re-structuring. The recipient of any information will be bound by confidentiality obligations.
We may share anonymised or aggregated information publicly and with our partners. For example, we may share information publicly to show trends about the general use of our clinical services.
You can withdraw your consent to future processing at any time, but this right cannot be applied to data already processed.
We will not share your personal information with any other third party.
Information that we may be obliged to process for contractual or legal reasons:
The partner organisation who provides you with access to our services may require us to share personally identifiable information to validate your eligibility or confirm that you have used the service.
You may have been referred directly to our services by a partner organisation as part of their contractual obligations to you, for the purposes of preventive or occupational medicine, the assessment of your working capacity, medical diagnosis or the provision of healthcare or treatment. Where this is the case, we may be obliged to share special categories of personal data with them in order that they can fulfil their contractual obligations to you.
We will share personal information with companies, organisations or individuals outside Medical Solutions UK Ltd if we have a belief in good faith that access, use, preservation or disclosure of the information is reasonably necessary to:
– meet any applicable law, regulation, legal process or enforceable governmental request;
– enforce applicable Terms of Service, including investigation of potential violations;
– detect, prevent or otherwise address fraud, security or technical issues; and/or
– protect against harm to the rights, property or safety of Medical Solutions UK Ltd, our partners, users or the public, as required or permitted by law.
WHERE DO WE PROCESS DATA?
We process data at our trading offices at Inspired, Easthampstead Road, Bracknell, Berkshire, RG12 1YQ and (under contract) at the sites of data processors and third parties appointed by us within the UK (see above ‘Who we share your personal information with’).
HOW DO WE KEEP DATA SECURE?
We take appropriate technical and organisational measures to maintain your personal information in a secure environment to prevent your personal information being accidentally lost or unauthorised access and use. Our partners are bound by contract to do the same. We limit access to your personal information to those who have a genuine business need to access it.
We use Transport Layer Security (TLS) to encrypt and protect email traffic generated as part of our normal service delivery and if you have access to and use the Request an Appointment or Message Doctor Services. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software and you have a responsibility to ensure that any email you send is within the bounds of the law.
We will notify you and any applicable regulator of any suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
HOW LONG WILL WE KEEP YOUR DATA?
Where we have been provided with your personal information for processing in order to establish your eligibility to use the services, we will only retain this information for as long as you are declared as eligible by the partner organisation who provides you with access to our services.
Where you have accessed the services we provide, we follow the current guidance on GP Patient Records retention which can be found here: NHS Digital. In all cases, your records will be retained for a minimum of 10 years from the date of last contact.
Cookies are small text files that are stored on your device (e.g. computer, smartphone or other electronic device) to allow websites to store information about you in relation to the site. We collect statistics from our online services using Google Analytics, allowing Medical Solutions UK Ltd to record visitor numbers, number of pages viewed and referral source. This data simply helps us to administer and enhance the sites and services provided.
You can manage your cookie preferences in your browser settings.
WHAT HAPPENS WHEN I FOLLOW LINKS IN THE ONLINE SERVICES
The owners of these sites may be independent from Medical Solutions UK Ltd and we do not endorse or accept any responsibility for their content or services they may offer.
Under the Data Protection Act 2018, you have several rights which may apply to the services we provide including the right:
– to ask us for copies of your personal information (the right of access).
– to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete (the right to rectification).
– under certain circumstances, to require us to delete your personal information (the right to be forgotten);
– under certain circumstances, to require us to restrict processing of your personal information e.g. if you contest the accuracy of the data (the right to restrict processing);
– under certain circumstances, to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party (the right to data portability);
– under certain circumstances, to object to our continued processing of your personal information e.g. processing carried out for the purpose of our legitimate interests (the right to object).
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
HOW TO MAKE A REQUEST
Should you wish to exercise any of your rights, if you have had a recent consultation you can make a request by calling the number you have been given to access the service.
Alternatively, you may request a copy of the information held about you by emailing DPO@medicalsolutions-uk.com or writing to: The Data Protection Officer, Medical Solutions UK Ltd, Inspired, Easthampstead Road, Bracknell, Berkshire, RG12 1YQ.
Please note that where we are unable to confirm or have reasonable doubts concerning the identity of the person making a request to exercise the rights above, we will require additional proof of identity (e.g. a copy of your driving licence or passport and a recent utility or credit card bill) and/or evidence of the requester’s authority to exercise these rights.
We will ask for information on the right you wish to exercise and the information to which your request relates.
If you make a request, we will respond to you without undue delay and in any event within one month of your request.
YOUR RIGHT TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information. However, if you are not happy with how we have processed your personal information, handled your privacy rights or responded to a complaint, you can complain to the Information Commissioner’s Office (ICO) who may be contacted at https://ico.org.uk/concerns or telephoning +44 (0)303 123 1113.
WHAT HAPPENS WHEN THIS POLICY CHANGES?
YOUR RIGHTS AND HOW YOU CAN REACH US
Links checked and policy last updated on 01 March 2019