Two men in office having conversation

Privacy Notice 

We at HealthHarmonie take the protection of your personal data very seriously and strictly adhere to the rules laid out by data protection laws and the General Data Protection Regulation (GDPR).

This privacy notice aims to give you information on how we collect and process your personal data through your use of this site and to our business in general, including any data you may provide if you contact us for job opportunities or enquiries.

HealthHarmonie Ltd (Registered No. 4724733 in England and Wales), Suite B, Harborne Court, 67-69 Harborne Road, Birmingham, B15 3BU. Tel 0121 454 7779, email hh.governance@nhs.net ,  are the Data Controller. The Data Protection Officer at HealthHarmonie is Tim Bence Tel: 0121 454 7779 Email hh.governance@nhs.net

We have appointed a data protection officer (DPO) who is responsible for monitoring and providing guidance with our GDPR status. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the contact information laid out in this privacy notice.

Personal Data We Collect 

Your GP or other Health Care Professional will refer you into our service to provide specialist diagnostic services or consultant led care within the Community Services and Acute setting. Information which we may hold about you may include the following:

  • Details about you such as name, address, contact details, carer details

  • Any contact HealthHarmonie have had with you such as appointments and emails

  • Notes and reports about your health

  • Details about your treatment and care

  • Results of investigations such as ultrasound studies and laboratory tests, eye tests etc.

  • Relevant information from other health professionals

  • Your country of birth, nationality

  • Date of birth and gender

  • Passport details, national insurance number

  • Job title

  • Demographic information such as postcode, IP address and preferences and interests

 

To ensure that you receive the best possible care, your records are used to facilitate the care you receive. Information may be used to help protect the health of the public and may be used within our service for clinical audit to monitor the quality of care provided.

Some information may be used for reporting purposes. Where we use this information, strict measures are in place to ensure that individual patients cannot be identified.

Our Lawful Basis

We only collect and use personal information about you when the law allows us to. By the law, we are mainly referring to:

 

  • General Data Protection Regulation 2018

  • UK General Data Protection Regulation

  • Data Protection Act 2018

  • Human Rights Act 1998

 

Most commonly, we use your data with the following lawful basis:

  1. The data subject (you) have given consent to the processing

  2. Processing is necessary for the performance of a contract

  3. Processing is necessary for compliance with a legal obligation to which the controller is subject

  4. Processing is necessary in order to protect the vital interests of the data subject

  5. Processing is necessary for the purpose of the legitimate interests pursed by the controller or third party

Children’s Information

We understand that child data, much like health data is classed as highly sensitive and high-risk information and as a result we have ensured that extra security measures are in place to protect this type of data when HealthHarmonie Processes it. We have achieved this through stringent risk and Data Protection Impact assessment analysis. This also involves reviewing these periodically to ensure the security is constantly evolving to keep up with the latest threats and security innovations. 

We also ensure we have explicit consent from parents or guardians before the processing of child data commences.

Our Security

HealthHarmonie is committed to handling your personal information with high standards of information security. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

 

We have also ensured that all employees have enough information security training and we have developed a comprehensive suite of Information Security policies and procedures to ensure each aspect of the handling of personal data is done with security as our focus.

How Long Do We Keep Your Data For

We pride ourselves on ensuring that your personal data is retained for the period that HealthHarmonie needs it for and in line with applicable laws. All personal information we collect has a defined retention period, which is in-line with our retention policy. If you would like to find out how long your information is being retained, please contact our Data Protection Officer. When no longer required, data is destroyed securely and without undue delay.

Providing Your Information To Others

We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. Life or death situations) or where the law requires such information to be shared. This means we may be required to share your information, with the following organisations;

  • NHS Trusts and Foundation Trusts

  • Referring GPs

  • NHS Commissioning Support Units

  • Ambulance Trusts

  • Clinical Commissioning Groups

  • Police and Judicial Services

Your Individual Rights

In this Section, we have summarised the rights that you have under General Data Protection Regulation. Some of the rights are complex, and not all the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. Please note, not all these rights are absolute, and we can refuse to comply with rights in certain scenarios. If this is ever the case, you will be notified with all the relevant information.

Your principal rights under General Data Protection Regulation are:

  • Right to Access

  • Right to be Informed

  • Right to Rectification

  • Right to Erasure

  • Right to Restrict Processing

  • Right to Object

  • Right to Data Portability

  • Right to lodge a Complaint

 

You have the right to confirmation as to whether we process your personal data and, where we do, you may request access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but duplicate copies or requests deemed excessive may be subject to a reasonable fee (£10).

You as a data subject have the right to rectification, which will allow you as the data subject to modify/change any personal information to the purpose of ensuring that the information we process is update to date.

The right to erasure or right to be forgotten will allow you as the data subject to inform us that you no longer want HealthHarmonie to store or process your personal information. Please be aware that we may decline your right for several reasons, which are not limited to, having a lawful basis to process your information or us needing your information for the performance of a contractual obligation.

As a data subject, you have the right to stop any processing of your personal information. Please be aware that you must provide us with a legitimate reason for us to stop processing. Any request made that doesn’t conform to the GDPR will be rejected.

The right to data portability will allow you as the data subject to have your personal information securely transferred to another organisation for processing in a format that can be read by a computer.

International Data Transfers

In this section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

We may share personal information to third parties outside of the European Economic Area (EEA). If this was to change, HealthHarmonie would ensure that information security at the highest standard would be used to protect any personal information. This would include the use of encryption on transit and ensuring that data protection laws are being pursued.

All Information that is being transferred within the EEA will follow our strict Information Transfer Policy, which can be requested from in this policy.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Where we use third-parties outside of the EEA, we may use specific contracts approved by the European Commission, these are sometimes known as standard contractual clauses which give personal data the same protection it has in the EEA.

Complaints

We take any complaints about our collection and use of personal information very seriously. If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

To make a complaint, please contact our Data Protection Officer.

Alternatively, you can make a complaint to the Information Commissioner’s Office:

By Post:

Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

By Website: https://ico.org.uk

By Phone: 0303 123 1113 (Local rate) or 01625 545 745 (National rate)

HealthHarmonie are fully registered with the Supervisory Authority under reference number Z8352690. Full details can be found here https://ico.org.uk/ESDWebPages/Entry/Z8352690

Our Data Protection Officer

To ensure data subjects have a voice within the business, HealthHarmonie have appointed a Data Protection Officer (DPO) to ensure GDPR and Information Security compliance is continuously monitor and improved in accordance with the law. Our DPO is your main point of contact should you have any questions or issues with the way in which HealthHarmonie process your personal data. To contact our DPO you can use one of the following options:

Email: hh.governance@nhs.net

Post:

Data Protection Officer

SUITE B

HARBORNE COURT

67-69 HARBORNE ROAD
EDGBASTON
BIRMINGHAM
B15 3BU

This Notice

We keep this Privacy Notice under regular review. This Policy was last updated on 12/05/2021.

Amendments

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.