Privacy Notice and Consent Form for Patients (last updated Sept19)
Shilpa Dave Ltd (“We”, “Us”, “Our”) is committed to protecting information through appropriate controls, being transparent about what data we hold and how we use it, and about respecting Your privacy. “You” (“Your”) are Our patient to whom We provide services, or are considering entering into an agreement with us for the provision of Our services.
The rules on processing of personal data are set out in the General Data Protection Regulation (“GDPR”). The terms “Data Controller”, “Data Processor”, “Data Subject”, “Personal Data”, “Processing” and “Appropriate Technical and Organisational Measures” used below shall be interpreted in accordance with the GDPR.
This policy sets out the basis on which any Personal Data we collect from You, or that You provide to Us, will be processed by Us.
Shilpa Dave Ltd. is a company registered in England under number 10734587 whose registered office is Charles Rippin Turner, 130 College Road, Harrow, HA1 1BQ. We are the Data Controller.
The Personal Data we collect from you includes but is not limited to the following:
When you enquire about our services, We will request Personal Data such as your name, date of birth, email address and telephone numbers and information about you to help Us to register you to see a doctor and to contact You with further information such as results of tests and investigations. When you register with the Practice we will request detailed medical information relevant to you. This information is stored within a hosted practice management system Heydoc.
Mindspace c/o Heydoc
9 Appold Street
London EC2A 2AP
Heydoc is UK-based and GDPR compliant with a number of key features:
If You visit Our website and make enquiries through this portal, Your usage may be tracked by using “cookies” and other similar technologies to help Us make improvements to the websites and to the services We make available. Please see the Cookies section below for more information.
Where We receive or make phone calls on Your behalf, We will collect call data records including the calling line identity passed, the call date and time, the number dialled and the duration of the call, the names of the parties to the call, and any message or other information given during the call.
Where We receive or send emails on Your behalf, We may collect the names and email addresses of the third parties and any information contained therein.
If receive or send paper documents or other forms of communication on Your behalf, We may collect the names and addresses of the third parties and any information contained therein. When You access our web portal, We will collect information You enter into the portal and the IP addresses from which You access the portal. When You correspond with us by phone, email or otherwise, we archive these conversations in Google Suite a business suite hosted by Google.
Where We provide relevant services to You, such as referral to specialists or referral to allied health practitioners, We will provide You with these in encrypted format.
We will NOT at any time share any of Your information with any third party for the purposes of marketing, advertising, website testimonials without specific consent.
In compliance with GDPR Article 6 (“processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract”), We will use the Personal Data or purposes that include but are not limited to:
In compliance with GDPR Article 6 (“processing is necessary for compliance with a legal obligation to which the controller is subject”), We will use the Personal Data for purposes that include but are not limited to:
In compliance with GDPR Article 6 (“the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes”), if You have given and not withdrawn consent We may use the Personal Data for these purposes:
Whilst storing your data we will use Appropriate Technical and Organisational Measures to keep Personal Data secure and to prevent it being accidently lost, accessed or used in an unauthorised way, altered or disclosed. We will make reasonable efforts to ensure the data is accurate and up-to-date and will undertake to rectify any inaccuracies of which We become aware without delay. All Personal Data we store is stored in the European Economic Area.
We may monitor and record Your phone conversations with Us and use this information for training and quality purposes, to ensure any verbal instructions You give Us are properly understood, to enable Us to investigate complaints, and to meet Our legal and regulatory obligations. All recordings are encrypted and securely stored shortly after completion of the phone call and access to recordings is controlled and monitored.
We may share information with third parties:
Some of the organisations with whom we may share information may be outside the European Economic Area in countries that do not always have the same data protection laws as the UK. However, We will have contracts in place with them to ensure that Your information is adequately protected and We will remain bound by our obligations even when your personal information is processed outside the European Economic Area.
Where any data breach is identified that affects the information that We hold about or have processed from you, We will take urgent action in accordance with the GDPR and guidance issued from the Information Commissioner’s Office. If You identify any data breach that affects data We have passed to You, You must notify Us in writing immediately and provide full information about the data affected by this breach.
The time period that We will keep information for will vary depending on what the information is used for. Unless there is a specific legal requirement to the contrary, We will keep information in a form which permits identification of Data Subjects only for as long as it is necessary for the purposes for which We process it. Once the requirement to hold the data is complete, appropriate measures will be taken to delete the data in line with the terms of the GDPR. Any physical paper documents which enter Our possession and are no longer required will be destroyed by an ISO 27001 and NAID accredited data destruction organisation.
Automated decision making based on Personal Data is not used in Our business.
Data subject access request
Under the GDPR, a Data Subject has the right to request a record of the data held about him/her. To do this a request should be submitted in writing to the Practice Manager, Shilpa Dave Ltd, Kirby Chemist and Dental Centre, 52 High Street Teddington, TW11 8HD. We may ask the Data Subject to provide Us with proof of identity to make sure We are giving information to the right person.
Other rights of Data Subject
The GDPR gives Data Subjects a number of other rights including the right to request the correction or erasure of Personal Data, the right to request the restriction of processing of Personal Data, the right to request the transfer of Personal Data (to the Data Subjector a third party), and the right to withdraw Your consent to the processing at any time where consent is the lawful basis for processing.
Please note that the ways in which we collect, use and protect Personal Data will be reviewed periodically and may change from time to time. We will notify you by email should such changes occur.
If you have any questions about privacy issues, want Us to update Your marketing preferences, or amend information, please contact Us either by email at email@example.com or by post at Shilpa Dave Ltd., Kirby Chemist and Dental Centre, 52 High St Teddington, TW11 8HD.
In the first instance, please contact Us using the details above. If this does not resolve your complaint to your satisfaction, You have the right to complain to the Information Commissioner about the way in which we collect and use Your personal Data. Email https://www.ico.org.uk/concerns or telephone 0303 123 1113 or write to ICO, 100 College Road, Harrow, HA1 1BQ.
We are registered with the ICO reference number A8243139.
I agree to the collection and processing of my data in accordance with the terms and conditions detailed above.