DATA PRIVACY NOTICE
This Data Privacy Notice provides detailed information about the types of personal data we may collect about you, what we do with that information and how we will store that information and keep it secure and safe.
2. Who are Midland Intensive Care Limited?
Midland Intensive Care Limited is a company which is incorporated under the laws of England and Wales under No. 09090125 and whose registered office is at Carleton House, 266 - 268 Stratford Road, Shirley, Solihull, B90 3AD.
The business of Midland Intensive Care is the provision of specialist medical staff to hospitals and clinics and the provision of ancillary activities.
Midland Intensive Care is a data processor for the purposes of the Data Protection Act 1988, the Data Protection Act 2018 (when it comes into force) and the GDPR.
3. Contacting Midland Intensive Care
4. Who is responsible for the management of data protection at Midland Intensive Care?
Dr David Green, MB ChB FRCA FFICM MBA is responsible for the management of data protection at Midland Intensive Care. He can be contacted using the contact details given in sections 2. and 3. above.
5. What sort of personal data do we hold and collect?
We hold the personal data which you give us by filling in forms on our website (www.midlandintensivecare.com) (the Website), in meetings or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register, log on or use the Website. The information you give or already have given us may include your name, address, e-mail address and phone number, personal description, qualifications and details of your employment history and a photograph.
6. Information that we do not hold
We do not hold any information whatsoever that would enable us to identify any individual patients treated by any specialist medical staff that we provide to any clinic or hospital. The clinics and hospitals that we work with have very strict rules in place to protect patient confidentiality and to ensure compliance with data protection laws. We fully comply with all such rules and ensure that any medical specialists used by us also fully comply with such rules. Further information relating to these issues can be obtained from our data protection compliance officer whose details are set out in section 4 above.
8. How do we use your personal data?
We will use this information to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us.
9. The legal basis on which Midland Intensive Care processes personal data
The law on data protection provides a number of different grounds that a company such as Midland Intensive Care can rely on to make its processing of personal data lawful.
Midland Intensive Care relies on the following four legal grounds to process personal data:-
You have consented to our using your personal data
We can collect and process your data with your consent.
This will be the case if you have provided your details to us historically for the purposes of our dealing with you.
Midland Intensive Care’s Contractual Obligations
In certain circumstances, we can process your personal data to comply with our contractual obligations.
Midland Intensive Care’s legitimate interests
The law states that in specific situations, Midland Intensive Care can process your personal data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
If complying with legal obligations upon us requires us to, we may collect and process your personal data.
10. How we protect personal data
We treat your personal data with the utmost care and take all appropriate steps to protect it.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We regularly monitor our computer systems for possible vulnerabilities and attacks and use state of the art firewalls and anti-virus software, which is regularly updated.
We use anonymisation and pseudonymisation techniques wherever possible to minimise the amount of personal data we hold.
11. Data Breaches
In the unlikely event that there were to be any unauthorised access to (or an event occurs that creates a real risk of any unauthorised access to) any personal data which Midland Intensive Care holds, then Midland Intensive Care will, if it considers that the such events give rise to a high risk of affected individuals being adversely impacted, notify the affected individuals as soon as reasonably practicable.
12. How long will we keep personal data?
Whenever Midland Intensive Care collects or processes your personal data, it will only keep it for as long as it is reasonably necessary for the purpose for which it was collected.
At the end of that retention period, your data will be deleted completely.
If we hold your data in relation to the performance of contractual obligations by you or us we will hold that data for at least six years after the obligations are performed for legal reasons to do with limitation periods for contractual and tort claims.
13. Who do we share personal data with?
Midland Intensive Care may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Midland Intensive Care or substantially all of its assets are acquired by a third party, in which case personal data held by it about the users of this Site will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of Midland Intensive Care or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
14. Where personal data may be processed
We will only process personal data within the EEA. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway.
If personal data is stored on a cloud based server that may be located outside the EEA. We would only use such a server if our contractual relationship with the cloud services provider ensured sufficient protection of personal data.
15. What are your rights over your personal data?
You have the legal right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing.
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- That any decision made based solely on the basis of automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision) is reviewed by a human being.
- A copy of any information about you that Midland Intensive Care holds at any time, and also to have that information corrected if it is inaccurate. To ask for a copy of information we hold about you please contact our Data Protection Officer, whose details are set out in paragraphs 2 and 3 above.
16. Third party websites
The Website may, from time to time, contain links to and from websites run by third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
18. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
19. Further Information