Data Protection Laws set out the obligations Minter et al Ltd has to you for the processing of your Personal Data. When we use or disclose your personal data we will comply with these Laws.
Your Persona l Data is data which by itself or with other data available to Minter et al Ltd can be used to identify you as an individual. Minter et al Ltd is the Data Controller. This Privacy Notice sets out how Minter et al Ltd will use your personal data. You can contact our Data Protection Officer (DPO) cmo@minteretal/ firstname.lastname@example.org or in writing to the Registered office at 42 High Street, Bridge, Kent CT4 5JX. if you have any questions.
The types of personal data we collect and use
We will use your personal data for the reasons set out below. We will collect most of this directly during the registration and/or admission process but there may be sources of personal data collected indirectly as set out later in this document. The personal data we use may include:
- your name, address and contact details, including email address and home and mobile telephone numbers. If you provide these details, we may use them to contact you unless you ask us not to. This could include emails, text or voicemail messages;
- date of birth and gender;
- your previous and current medical health records whether provided by Minter et Al or other third parties;
- the terms and conditions of your contract with us for the provision of healthcare and related services;
- your bank account and national insurance number if you are a ‘self-pay ’patient or the financial information of the company or individual who is responsible for the payment of invoices/bills relating to your care (e.g. insurer, sponsor or Guarantor);
- if your payment details are saved by you for future payments and stored when booking your first consultation of your debit or credit card. We will let you know if we intend to take a payment from this card before we do so;
- Information about your marital status, next of kin, dependants nominated and/or emergency contacts;
- Information about your nationality and entitlement to treatment in the UK;
- Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
- Information about medical or health conditions of your family;
- Information received in response to any surveys, complaints claims;
- Equal opportunity monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief; and
- Information about how you use our website.
- If you are employed by Minter et al we will also hold and process other information relating to your employment
- If you are a Consultant/ Doctor or other healthcare provider you are not employed by Minter et al but we will also hold and process other information relating to the clinical services you carry out. (You can obtain further information from the CQC Registered manager)
- This data may also include visual images, personal appearance and behaviour e.g if video consultations are monitored.
Minter et al may collect this information in a variety of ways. For example, data might be collected through Registration, questionnaires and forms; obtained from your passport or other identity documents such as your driving licence; from pre-appointment forms, online web forms completed by you at the start of your treatment; from correspondence with you; through the provisions of care process or through interviews, meetings or other assessments.
In some cases, the organisation may collect personal data about you from third parties, such as insurer providers, referral agencies, sponsors, checks permitted by law.
Providing your personal data
We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide care and treatment to you and receive payment for these services.
Monitoring of communications
Subject to applicable laws, we may monitor and record telephone calls, emails, text messages, social media messages and other communications in relation to our dealings with you. We will do this to ensure an appropriate standard of care, for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications networks and systems, to check for unlawful content, obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on our network and systems where necessary for these reasons and this is for our legitimate interests or other legal obligations.
Using your personal data and the legal basis for processing
We will process your personal data under Article 6 (1)b; Article 9 (2)h of the General Data Protection Regulations:
- To support the provision of your healthcare.
- To decide how best to provide treatment to you.
- As necessary to support the healthcare contract with you and to allow us to receive [full] payment for those services.
- To take steps at your request during the course of your treatment.
- To keep your records up to date.
We will process your personal data under Article 6 (1) f of the General Data Protection Regulations:
- As necessary for our own legitimate interests or those of other persons and organisations.
- For good governance, accounting, and managing and auditing our clinical and business operations both internally and by third parties.
- For surveys of patient experience and quality of care.
- To monitor emails, calls, other communications, and activities on HCA networks and systems.
- For market research, other surveys and analysis and developing statistics for improving clinical performance; and
As necessary to comply with a legal obligation:
- When you exercise your rights under data protection law and make requests;
• For compliance with legal and regulatory requirements and related disclosures;
• For establishment and defence of legal rights;
• For activities relating to the prevention, detection and investigation of crime;
• To verify your identity, make credit fraud prevention and anti-money laundering checks; and • To investigate complaints, legal claims and data protection or clinical incidents.
Based on your consent:
- With your next of kin or other nominated contact.
- If you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures; With third parties including pharmaceutical companies and Universities and other research bodies for scientific research.
- When we process any special categories of personal data about you at your request (e.g. my racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).
You are free at any time to change your mind and withdraw your consent. We will advise you if the consequence of doing so is that we cannot continue to provide full healthcare services to you.
Sharing of your personal data
Subject to applicable data protection laws we may share your personal data with:
- Clinicians and other healthcare professionals who provide treatment to you in our clinics.
- Other healthcare providers including your General Practitioner (GP) where we believe this will enhance the quality of your care. Let us know if you do not wish us to share information with your GP.
- Sub-contractors and other persons who help us to provide healthcare products and services to you;
- Companies and other persons including interpreters providing services to you as part of your extended care and post care follow-up
- Our legal and other professional advisors, including our auditors.
- Fraud prevention agencies, credit reference agencies, and debt collection agencies.
- Government bodies and agencies in the UK and overseas (e.g., HMRC who may in turn share it with relevant overseas tax authorities and with regulators including the Information Commissioner’s Office and Care Quality Commission (CQC)
- General Medical Council and other professional bodies.
- Courts, to com ply with legal requirements, and for the administration of justice.
- In an emergency or to otherwise protect your vital interests.
- To protect the security or integrity of our business operations and other patients.
- When we restructure or buy or sell our business or its assets or have a merger or re- organisation.
- Payment systems and providers; and
- Anyone else where we have your consent or as required by law.
Sharing of your personal data for scientific research purposes
Subject to applicable data protection laws and your explicit written consent we may share your personal data for the purpose of scientific research.
Sharing of your personal data for marketing purposes
Subject to obtaining your written consent and communications preferences we may use your contact details to send you newsletters and other information on new clinics, services and treatments which we think may be of interest to you. We will not sell your personal data to a third party without your written consent.
You are free at any time to change your mind and withdraw your consent. Please contact email@example.com with the subject title “Consent” This will not affect the healthcare services we provide to you.
Sharing of your personal data in order to receive payment for your treatment from your Insurer, sponsor or guarantor
We will contact the individual or company including your insurer and provide them with the information necessary to support our invoices for payment and to ensure that we receive full payment for your care. We may also contact them prior to your care to confirm that the treatment you are about to receive is covered by them and they are willing to pay for your care. We will also provide information necessary to support any audits carried out by insurers and sponsors.
How long do we keep your data?
Information will be kept in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care (2016). Information may be held for longer periods where the following apply:
- Retention in case of queries. We will retain your personal data as long as necessary to deal with any queries you may have;
- Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We will retain your persona l data after you have received healthcare services at our Facilities based on our legal and regulatory requirements.
Your rights under applicable data protection law
Your rights are as follows (noting that these rights do not apply in all circumstances):
- The right to be informed about processing of your personal data;
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
- The right to object to processing of your persona l data
- The right to restrict processing of your personal data
- The right to have your personal data erased (the “right to be forgotten”)
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”) ; and
- Rights in relation to automated decision making including profiling
You may exercise these rights by contacting us on firstname.lastname@example.org
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law ico.org.uk.
You can download a copy of this Privacy Notice on our website. Further information can be provided from our Data Protection Officer on email@example.com using FOA Data Protection Officer as the email subject.
This Notice may be translated into other languages on request.
Last Updated: August 2022