Terms & Conditions

Information Notice to Clients

Update to our Terms and Conditions 2018

May 2018

This information notice is in relation to The General Data Protection Regulation GDPR data protection compliancy, enabling Medicess Ltd to be fully compliant.

This is an amendment to your current Medicess Ltd Terms and Conditions. 

In line with the GDPR we are requested to comply with the following Privacy Terms.

Privacy Policy

Medicess Ltd is committed to ensuring that your/your client’s/your customer’s/the patient’s/the third-party subject’s privacy is protected. Should we ask you to provide certain information by which you can be identified when working with Medicess Ltd, you can be assured that it will only be used in accordance with this privacy statement.  This policy is effective as from Friday 25 May 2018.

Name and contact details of the Data Protection Officer

Financial Controller

T: 01256 341660

E: [email protected]

 

Why we collect and process your data:

We may process your personal data under several different lawful bases, such as:

  • Consent – we always ask for your consent to process your data in order to provide our specialist case management and rehabilitation services to you.
  • Contract – when engaging in our services we will put an agreement in place laying out our Terms & Conditions of Service.
  • Legal Obligation – we can be summoned to court and be required by law to provide personal information about you.
  • Vital Interests – we may have to share your health and personal details in a medical emergency, for example if you were unconscious and your support worker did not have immediate access to your information to provide to the emergency services.
  • Legitimate Interests – we may be required to share details about you for your safety or the safety of others, or to meet our regulatory requirements as a health professional, especially where the situation relates to a child. This basis also applies where it is in our interest as an organisation, for example sharing your information with a debt collection agency in order to obtain payment that is due to us. When processing under this basis, all data shared is safeguarded, relevant and limited to what is necessary and the parties’ interests are balanced against necessary interests, rights and freedoms.

How and what information is collected about you

We may collect the following information by email, telephone call, by post, questionnaires / forms, or in-person:

  • Name
  • Date of Birth
  • Contact details (phone, email, address)
  • Family members / Support Staff names and contact details
  • Personal health and lifestyle information, including reports and letters from healthcare professionals
  • Financial information – NI number, bank details, etc
  • Employer / Education provider information;
  • Details of Service Providers you are involved with, e.g. school, support workers, equipment providers, etc

 What we do with the information we gather and what it is used for

  • Professional record keeping of client information and to make informed decisions about your care and/or legal case;
  • Recording the immediate needs assessment.
  • Provision of case management and rehabilitation care;
  • Sharing your information with relevant parties when necessary.

Your Rights

Your rights are determined by the Lawful Basis under which we are processing your data.

  • If you have given your consent to us processing your data, you have a right to withdraw your consent to any further processing.
  • Unless we are operating under a Legal Obligation, you have a right to request your data to be erased from our records.
  • If we are operating under a Contract or Consent basis, you have the right to request your data be transferred to another organisation.
  • If we are operating under a basis of Legitimate Interests (ours, or that of the wider public), you have the right to object.

If you wish to withdraw consent, object or request a transfer or erasure of your data, please email [email protected].

We will always give you the opportunity to opt out of future marketing whenever we send you marketing material or you can opt out at any time by contacting us.

How you can access your information

You may request details of personal information which we hold about you under the General Data Protection Regulation.  If you would like a copy of the information held on you please write to The Data Protection Officer at Medicess Ltd, Riverview House, London Road, Basingstoke, Hampshire, RG24 7JL. 

There is no longer a charge for this service.

How long we keep your information for

The Regulation does not set out any specific minimum or maximum periods for retaining personal data. Instead, it says that: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 

See thi link: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-5-retention/.

Medicess Ltd will retain personal data for 7 years for adults and 7 years following their 18th birthday for children, unless upon review it is deemed necessary to retain it for a longer period.

 Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place highly secure electronic systems and managerial procedures to safeguard and secure the information we collect.

Right to Complain

If you have a concern about our information practices, you have the right to complain. You can do so by contacting the Information Commissioner’s Office on 0303 123 1113 or by visiting www.ico.org.uk.