Privacy Policy
This Privacy Policy describes how we look after your personal data obtained when you visit our website and tells you about your privacy rights and how the law protects you. Please read this Privacy Policy carefully.
Introduction
We have developed this Privacy Policy out of respect for the privacy preferences and choices of our customers, prospective customers, and visitors to our website. We have established procedures to ensure that every reasonable effort is made to address your concerns.
We provide services to companies as well as individuals. In order to provide our products and services, we need to collect and process personal data.
We may update this Privacy Notice from time to time.
Who we are
We are University College London Hospitals NHS Foundation Trust
Our contact details
Name: University College London Hospitals NHS Foundation Trust
Address: Data Protection Officer, 2nd Floor, Maple House, Tottenham Court Road, London
W1T 7NF
E-mail: UCLH.IGQueries@nhs.net
ICO Registration Reference: Z8727593
The type of information we collect
We currently collect and process the following types of personal data:
- Contact Information: such as your name, address, e-mail address and phone number, as well as your employer’s details if you are contacting us on behalf of an organisation;
- Financial information: this includes bank information for payments and invoices;
- Customer and preference information: this includes any information given to us about how you would like to receive our services, any information you have given us about you or your business, history of purchases and related commercial activities, or any other communication between us;
- Website information: this includes your IP address, the region or general location where your computer or device is accessing the internet, browser type, operating system and other information about your use of our website, including a history of pages viewed. We also use cookies.
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
How and why we collect and use (process) your personal information
We collect your personal data in order to provide our products and services to you.
Most of the personal data we process is provided to us directly by you for one of the following reasons:
- You have purchased services from us;
- You have enquired about our services;
- You have raised a query or complaint.
Information is collected through your interactions with us through our website, email correspondence, telephone conversations or face-to-face meetings. For example, an online service request requires the collection of personal data for us to be able to respond promptly and correctly to the service request.
We also receive personal information indirectly, when you visit our website.
We use the information that you have given us in order to:
- Respond to enquiries about our services including quotes;
- Deliver of our services to you and any ongoing support;
- Keep a record of your relationship with us;
- Send you any correspondence and communicate with you in relation to the requested services;
- Send you news, product and services information where you have requested to receive this (please see below for further information on marketing messages);
- Comply with any of our legal obligations;
- Protect your vital interests;
- Response to or fulfil any requests, complaints or queries that you may have;
- Understand how we can improve our services or information, including our website;
- Generate reports on our work and service;
- Safeguard our staff, customers, suppliers and contractors.
Our lawful basis under applicable data protection legislation for collecting and processing your personal data is:
- Your consent (for example, if you have subscribed to receive information about our news, products and services by joining one of our email mailing lists). You are able to remove your consent at any time. You can do this by contacting us using the details above.
- We have a contractual obligation: This is where we have contract with you to provide our services, or where you have requested information from us such as a quote. We will use your personal information to meet our obligations to you within the contract.
- We have a legal or regulatory obligation.
- To protect your vital interests, or those of another individual.
- We have a legitimate interest: A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
Email mailing lists and marketing
We operate an email mailing list program to inform you about products, services and/or news we supply/publish. You can subscribe through an online automated process where you will be asked to give consent. You are under no obligation to subscribe to our mailing list in order to access our products or services. You can unsubscribe at any time through an automated online service, or if not available, other means as detailed in the footer of sent marketing messages. The type and content of marketing messages that you will receive, and if it may contain third party content, is clearly outlined at the point of subscription.
Email marketing messages may contain tracking beacons/tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
When and how we share information with others
We use some third-party providers to deliver our products and services. These third-parties act as processors on our behalf, and may only process your personal data in accordance with our instructions. We only allow third-parties to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide the requested services to us and to you.
We do not sell personal information to anyone and only share the personal information with third parties who are directly assisting us in delivering our services.
In particular:
1. We use third-party providers to help manage and maintain the security and performance of our websites, therefore some information is collected and processed on all visitors to our website by our third-party providers. The third parties also help us to generating reports about trends of visitors to our websites;
2. If you submit your personal data to us via our website or other means in order to receive quotes for our services or subscribe to marketing information from us, your personal data is processed by third parties on our behalf in order to respond to you;
3. We may sometimes engage third parties to mail responsive information to customers who request our services, newsletters, white papers, and other information about us and our services.
Any third party providing such services to us has contractually committed to use the data only for the intended purpose and has also agreed to securely process the data at all times. For email and other related services, we use established third-party cloud service providers who do not use or have access to your personal data for any purpose other than cloud storage and retrieval.
The personal data that we collect from you is stored in one or more databases hosted in the UK.
Cookies
When you access the Website small amounts of information, including small files known as cookies, are sometimes placed on your device. These cookies are essential for the operation of the Website.
We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://ico.org.uk/for_the_public/topic_specific_guides/online/cookies for detailed guidance.
Other websites
Our website includes links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. You should check the applicable Privacy Policy of such websites when providing personal data information on those linked websites. We do not track you when you cross to third-party websites.
Data storage and retention
Your personal data is stored by us on our servers, and on the servers of the cloud-based database management services that we engage. Unless your contract (being each individual terms and conditions you enter into/accept) or the law provides otherwise, we will not retain your data for longer than seven years. We will then dispose your information by securely deleting it from our virtual or physical records. Where the data cannot be deleted, it will be sufficiently anonymised to protect your personal information.
Data subject rights
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Please contact us at UCLH.IGQueries@nhs.net if you wish to make a request.
This Privacy Policy is intended to provide you with information about what personal data we collect about you and how it is used.
If you have any questions or complaints, please contact us at UCLH.IGQueries@nhs.net
You can also complain to the ICO if you are unhappy with how we have used your personal data at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk