Below we have set out what happens when we collect personal information from you and our commitment to you in maintaining your privacy.
Data Controller means the person or organisation who determines the purposes for which and the manner in which any personal data is processed. For the purposes of this policy, we, Compass Wellbeing CIC are the Data Controller.
Our Data Protection Officer (DPO) is Azom Mortuza who can be contacted at firstname.lastname@example.org. If you have any concerns about your handling of your personal information or feel that we have not complied with our legal obligations and/or this policy, you can contact the DPO.
What information do we collect about you and how?
We collect information about you in a number of ways:
- We collect information directly from you when you submit your data to us. This type of information will include, but not be limited to, your name, address, date of birth, gender, medical information and health records, details about your racial or ethnic origin, pictures or other images, copy passports, NHS numbers, and financial information.
- We may collect this information when you fill in our forms, contact us via our website, telephone, email or write to us or are in touch with us some other way.
- We may collect information from you when you complete our feedback or satisfaction forms.
- There may be automatic collection of information when you use our website by filling in any of the forms on our website.
Our legal basis for handling this data is what is referred to as “legitimate interests”. In other words, processing personal information about you is necessary for the purposes of our legitimate interests in ensuring we provide to you the physical, emotional and social health services you have asked us to provide to you, as well as managing our services and resources. If we do not collect and handle the personal data you provide to us, we will not be able to provide to you our health care services.
A lot of the information we collect from you is what is described as sensitive personal data, for example, information that relates to your health, any disabilities you may have, your medical records or information relating to your racial or ethnic origin. We need this type of information because it is necessary for us to collect and process this type of data to enable us to provide to you the health care services you have asked us to give you.
Where we collect any personal information relating to children (below the age of 13) we will obtain the consent of the person with parental responsibility over the child before we process their personal information.
Website usage information is collected using cookies.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is then used to track visitor use of the website and to create statistical reports on website activity. For further information about cookies, please see our Cookies Policy.
You can set your browser not to accept cookies but this may cause problems with the functionality of the on-line booking system as a result.
How we use the information about you and who we share your information with
We use your personal information in a number of different ways, all with the aim of providing to you the physical, emotional and social health services you have asked us to provide to you. Our services may involve providing you with:
- medical treatment and other health care services;
- counselling through talking therapies;
- help and guidance on school health and the improvement of the wellbeing of local children and young people by encouraging healthy lifestyles, promoting emotional health and wellbeing and by providing support, prevention, intervention education and advice in schools and community settings;
- access to the Family Nurse Partnership, a voluntary home visiting programme for first time young mums.
Our work for you necessarily requires us to pass your information to various third parties which we identify below. If we do have to share your data, we will only do so where it is necessary and proportionate and our disclosure complies fully with our legal obligations. We also take steps to ensure that the recipient will hold secure your personal information.
In particular, we may forward your personal data to:
- Any third party contractors/service providers (including their sub-contractors) that provide a service to us or act as our agents, on the understanding they keep the information confidential. These include, but are not limited to, any third parties that process information on our behalf (e.g. internet service and platform providers, technical support functions and IT consultants who may assist us from time to time)
- Our professional advisers for our business purposes, including (but not limited to audits)
- Health professionals and/or other professional bodies and agencies to whom we may need to disclose certain information, taking into account our legal obligations, for example the Nursing and Midwifery Council. We have also signed up to the Information Sharing Agreement for Integrated Care to seek to ensure further control and appropriate sharing in respect of patient information
- Insurance companies or regulatory authorities so as to comply with any legal and regulatory issues and disclosures;
In particular, patient-identifiable information may be disclosed to third parties only in accordance with the principles laid down by NHS England in its Information Sharing Policy (in which high level procedures for sharing personal information are set out). These can also be referred to as the “Caldicott” principles and which require us to:
- Justify the purpose for using the information;
- Only use it when absolutely necessary;
- Use the minimum that is required;
- Access should be on a strict need to know basis;
- Everyone must understand their responsibilities
- Understand and comply with the law.
We never share your information for marketing purposes with companies outside of our group.
Access to your information, correction and deletion: your rights
Data protection laws give you certain rights in relation to the data we hold about you.
You have the right to be informed about the information we are processing.
You have the right to access the personal data that we hold about you. You therefore have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us at the following address: Steel’s Lane Health Centre, 384-398 Commercial Road, London, E1 0LR.
We shall respond promptly to any such request and in any event, within one month from the point of receiving the request and all necessary information from you. In very limited circumstances, we may make a small charge for this service. Our formal response will include details of the personal data we hold about you, including the following:
- Sources from which we acquired the information;
- The purposes for processing; and
- The persons or entities with whom we are sharing the information.
You also have the right to move, copy or transfer your personal information (this is known as “data portability”).
We want to make sure that your personal data is accurate and up to date. You may ask us to correct or remove without delay any information about you that you think is inaccurate by emailing us at email@example.com or writing to us at the above address. In addition, we may contact you from time to time to verify our information about you is up to date and accurate.
You have the right to seek a restriction of the processing of your personal data in certain circumstances. Further, you have the right to lodge an objection if you feel that one of the grounds relating to your particular situation apply. When you exercise your right to object, we must stop any processing unless we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Should you wish for us to completely delete all information that we hold about you, you should contact the Data Protection Officer by email to firstname.lastname@example.org.
It is our policy to delete your information once it is no longer required by us. Until then, however, we need to retain your data to enable us to fulfil our physical, emotional and social services to you, whilst also taking into account our need to meet any legal, statutory and regulatory obligations with which we are bound to comply.
You will have the opportunity to opt out or update or delete personal data at any point should you need to do so and details are set out in this policy as to how to achieve this.
Our need to use your personal information will be reassessed on a regular basis and we will dispose of personal data which we no longer require.
Transferring your information outside of Europe
We currently do not transfer your personal data outside of the European Economic Area (EEA). If in the future we transfer your personal data, in accordance with the terms of this policy, outside of the EEA, we will only do so with your express consent (after having been informed of the possible risks of such transfers), unless the transfer is necessary in order to protect your vital interests or where you are physically or legally incapable of giving consent.
If you use our services while you are outside the EEA, your information may be transferred outside the EU to give you with those services.
How to contact us
- By email at: email@example.com
- Or write to us at: Steel’s Lane Health Centre, 384-398 Commercial Road, London, E1 0LR