2. Types of Information Collected
We retain two types of information:
This is data that identifies you, or can be used to identify or contact you, and may include your name, address, email address, user IP addresses in circumstances where they have not been deleted, clipped or anonymised, telephone number, and billing and credit card information. Such information is only collected from you if you voluntarily submit it to us.
Like most web sites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our web site. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymised, browser types and other anonymous statistical data involving the use of our web site.
3. Purposes for which we hold your Information
We use the Non-Personal Data gathered from visitors to our web site in an aggregate form to get a better understanding of where our visitors come from, and to help us better design and organise our web site.
We will process any Personal Data you provide to us for the following purposes:
- a) to provide you with the goods or services you have ordered;
- b) to contact you if required in connection with your order or to respond to any communications you might send to us;
- c) to send you other 3fivetwo Healthcare Group information such as courses, newsletters or product releases that we feel may be of interest to you.
4. Disclosure of Information to Third Parties
We will not provide Non-Personal Data to third parties. We will not disclose your Personal Data to third parties unless you have consented to this disclosure or unless the third party is required to fulfil your order (in such circumstances, the third party is bound by similar data protection requirements). We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
Your Personal Data is held on secure servers hosted by our IT support companies locally. We will take all reasonable steps (including appropriate technical and organisational measures) to protect your Personal Data.
Our Privacy notice will be a statement and describe to our patients, carers, visitors, the general public and staff how we collect, use, store, retain and disclose the personal data and information that we hold.
The following Privacy Notice forms a part of our ongoing commitment to the fair and lawful processing of all personal data.
We are governed by the following guidelines and legislation:
Data Protection Act 1998
General Data Protection Regulations (GDPR) 2018
Access to Health Records Act 1990
Freedom of Information Act 2000
Public Records Act 1958
Copyright Design and Patents Act 1988
International Organisation for Standardisation (ISO) – Information Security Management
We are governed by The Regulation and Quality Improvement Authority (RQIA) and copies of current inspection reports are available via their website.
Our Health Care Professionals including Consultants, Doctors. Nurses, and support staff are also regulated and governed by appropriate professional bodies.
What information do we collect about you and why?
3fivetwo Group process personal information and data in order to enable us to support the provision of healthcare services to patients, maintain our own accounts and records, promote our services, and to support and manage our employees. We also process personal information about health care professionals that deliver services throughout the organisation.
We also use information to support and monitor our services to enable the delivery of high quality healthcare. This type of information will usually be provided in an aggregate or anonymised form, so that we cannot identify an individual.
3fivetwo Group may ask for and hold various details of personal information regarding yourself which will be used to aid in the delivery of appropriate care and treatment. The data collected may include the following:
- Basic Personal details such as your name, address, date of birth, email address, phone number, current General Practitioner (GP) details and next of kin and family details such as dependants
- Any contact we have had with you such as phone calls, emails and any appointments attended
- All details relating to any treatment and further care, including all notes and reports relating to your health
- All Healthcare results such as X-ray, CT or MRI results, blood tests etc.
- Information received from other people who may care for you such as healthcare professionals e.g. your GP or other treating physicians and/or relatives
- Any subscriptions or memberships i.e. sports club or trade union membership or payment plan subscription
- Marketing preferences and services, for example details of the services access or offered by providers
- Education, training, mostly frequently of clinicians such as GPs
- Employment details, for example for those that work for us either directly or are commissioned by us to provide a service
- Visual images, personal appearance and behaviour, for example if CCTV images are used as part of building security
- Responses to surveys, where individuals have responded to surveys about healthcare issues
- User IP addresses in circumstances where they have not been deleted, clipped or anonymised
- Any further information that you choose to tell us
The following may also be collected in certain circumstances:
- More sensitive personal data such as race, ethnic origin, political and religious beliefs, sex life, sexual orientation, genetic data and biometric data
- Further health related information such as whether or not you have a disability or other health conditions, such as allergies
The information and data described above is collected in a number of different ways and can include:
- Information directly given to us by yourself
- Information provided from other healthcare professionals such as treating consultants or your GP
- Information received from Northern Ireland Health and Social Care Trusts
- Marketing opt ins
- Completed satisfaction surveys
How your Information and Data is used:
- To ensure that you receive safe, effective and appropriate treatment
- To assist in decision making surrounding your care
- To ensure effective working with other organisations e.g. the Health and Social Care Trusts, who may be involved in your care
- To ensure that our services meet your current and any future needs
- To ensure that the care we provide is to the highest standard and can be reviewed as necessary
- To provide you with any goods and/or services that have been ordered
- To contact you with regards to any enquires that have been made
- Marketing activities for example to send you other 3fivetwo Healthcare Group information such as courses, newsletters or product releases that we feel may be of interest to you
- For Research and Audit purposes
- To prepare statistics on performance
- In order to train Healthcare Professionals and support staff
- To help us to establish, exercise, or defend legal claims
How your Information and Data is kept safe, confidential and retained:
To protect your confidentiality it is important to us that all of your information is kept safe and secure.
Information and data that is collected is kept within secure paper and electronic records. Access to these records is restricted to only those who require access.
The Data Protection Act 1998 and as of 25th May, GDPR, regulate the processing of personal information and data. The strict principles within these Acts govern our duty and our use of any data. 352 Medical Limited is registered with the Information Commissioner’s Office (ICO) and details of this can be found on their website:
Enter our registration number: Z1431766
The use of Technology allows us to protect personal data in various ways, including the restriction of access. When keeping your information safe, our guiding principle is that we are holding your data within the strictest confidence.
Everyone that works within 3fivetwo Group is subject to the Common Law Duty of Confidentiality, the Data Protection Act 1998 and GDPR 2018.
Information that is provided to us in confidence will only be used for the purpose that it was collected for, unless there are other circumstances which are covered by law.
All 3fivetwo Staff are required to undertake training in Data Protection/GDPR, Confidentiality, IT and Cyber Security and other specialist training dependent on job role.
Who will your Information and Data be shared with:
To enable us to fulfil our duties and ensure that the best care possible is provide we will need to share information about you with others. We may need to share your information with a range of other parties including Health and Social care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason, the organisation will have a duty to be able to tell you why they are contacting you.
Where appropriate and in accordance with local laws and requirements, we may share your personal data, in various ways and for various reasons, with the following categories of organisations:
- The RQIA
- The NHS
- The HSE
- Any of our 3fivetwo group companies
- Third party service providers who perform functions and tasks on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants)
- Third party outsourced IT and document storage providers where we have an appropriate agreements and protections in place
Where sharing patient information is shared with other organisations, an information sharing agreement will be drawn up to ensure that all information that is shared is done so in a way which complies with all relevant legislation.
Your right to withdraw consent:
You have the right to refuse and/or withdraw you consent to information sharing at any time. You will have any possible consequences of this fully explained to you. This could include delays in you receiving relevant care.
Contacting us regarding your Information and Data:
One of the main objectives of GDPR is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below.
Within 3fivetwo Group there is a senior person who has responsibility for protecting the confidentiality of all of your information.
Under GDPR this person is known as the Data Protection Office (DPO). They can be contacted with any queries relating to your Data and how this is being used.
Data Protection Officer
Under The Data Protections Act 1998 and GDPR any person may request access to the information (with some exemptions) that is held about them.
Data Subject Access Requests (DSAR):
Within the law you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
- You may be asked you to verify your identity, or we may ask you for more information about your request
- Where we are legally permitted or obliged to do so, we may decline your request, if this is the case you will receive an explanation why if we do so.
Right to erasure:
In some situations (for example, where your data has been processed unlawfully), you have the right to request us to "erase" your personal data.
Your request will be responded to within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree if certain limited conditions apply.
Once your request has been agreed, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. This will in turn minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
If your interests or requirements change, you can unsubscribe from part or all of our marketing content (for example marketing emails or newsletters) by clicking the unsubscribe link in the email, or emailing email@example.com
Right of data portability:
If you wish, you have the right to transfer your data from us to another data controller. We will be able to you help with this. This can be done by either directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
Right to lodge a complaint with a supervisory authority:
You also have the right to lodge a complaint with your local supervisory authority, details of which can be found below:
The Information Commissioner's Office: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel: 0303 123 1113; email firstname.lastname@example.org
How do we store and transfer your Information and Data internationally?
In order for us to operating in the most efficient way, it is possible that we may have to transfer or store your data internationally.
It is important to us to make sure that your data are stored and transferred only in ways which are secure. Therefore we will only transfer personal data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
- by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; or
- transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; or
- where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a Client of ours); or
- where you have consented to the data transfer.
•To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.
Terms and Conditions – KPH Diamond Club
The Services may change from time to time, at the sole discretion of Kingsbridge Private Hospital, and the Agreement will apply to your visit to and your use of the Website to avail the Service, as well as to all information provided by you on the Website at any given point in time.
This Agreement defines the terms and conditions under which you are allowed to use the Website and describes the manner in which we shall treat your account while you are registered as a member with us. If you have any questions about any part of the Agreement, feel free to contact us at email@example.com
You acknowledge that you will be bound by this Agreement for availing any of the Services offered by us. If you do not agree with any part of the Agreement, please do not use the Website or avail any Services.
If you are in any doubt as to whether you are eligible to receive any of the benefits offered in relation to your treatment, please ask the for clarification before your treatment is carried out. No benefits will be granted or applied retrospectively.
A. Diamond Privilege Card
You will be deemed to have accepted these Terms if you are issued a Card/Membership number
Kingsbridge Private Hospital may update these Terms from time to time and will notify Cardholders of such changes via the email or postal address provided to Kingsbridge Private Hospital. Cardholders who continue to participate in corporate scheme following such notification will be deemed to have accepted the updated Terms.
Kingsbridge Private Hospital reserves the right to refuse an application for any reason.
Cardholders must be a full or part-time employee of a company that is a member of the Kingsbridge Diamond Club Corporate scheme at the time of their Hospital appointment, in order to receive any of the Corporate benefits and may be required to provide evidence of such employment. You should keep Kingsbridge Private Hospital informed of any changes to your personal details by emailing: firstname.lastname@example.org
The Card is for the personal use of the Cardholder/member who is named and registered through the www.kingsbridgediamondclub.com website only. Only one Card will be issued per person.
None of the benefits granted by or in accordance with Kingsbridge Diamond Club are transferable, redeemable for cash, and no alternative benefits are available. The Kingsbridge Diamond Club Corporate benefits may not be used in conjunction with any other discount, benefit or offer.
Kingsbridge Private Hospital may withdraw or cancel a Card, refuse a benefit or remove a Cardholder from the scheme at any time for any reason by giving notice to the relevant Cardholder/member. Kingsbridge may withdraw a company from the scheme or terminate the scheme in its entirety at any time for any reason by notifying all Kingsbridge Corporate companies of the same. Cards must be destroyed by the relevant Cardholder when no longer valid for use.
Cards and associated benefits are valid for use at Kingsbridge Private Hospital and associated 3fvetwo Group companies only.
Cards are the responsibility of the relevant Cardholder, who must keep their Card safe.
Cardholders can choose to leave the scheme at any time by emailing email@example.com
These Terms, and any dispute or claim arising out of or in connection with these Terms shall be governed by, and construed in accordance with, the law of Northern Ireland and the courts of Northern Ireland shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with these Terms (including non-contractual disputes or claims)
These Terms do not confer any rights on any third party, whether pursuant to the Contracts (Rights of Third Parties) Act 1999, or otherwise.
B. Self-pay Outpatient diagnostics, tests, imaging and procedures
Each member shall be entitled to “Discounts” of up to ten percent (5%) off Fixed Price self-pay Inpatient or Day case surgery that is booked and carried out at a Kingsbridge Private Hospital. (price lists are available on request)
Each member must advise Kingsbridge Private Hospital when booking their appointment(s) that they are a Diamond Club member. Failure to do so may lead to the “Discount” becoming unavailable.
The Discount is not available to members whose treatment is being funded by any person other than the member (including but not limited to an insurer, the Cardholder’s employer or any other third party). Discounts are not applicable to consultation fees.
C. “Ask our GP a Question” online
NO DOCTOR-PATIENT RELATIONSHIP; NOT FOR EMERGENCY USE
Practitioners are GPs registered with the General Medical Council, who have committed to provide services in accordance with clinical best practice and applicable professional standards.
Please note that some of the content, text, data, graphics, images, information, suggestions, guidance, and other material (collectively, “Information”) that may be available on the Website (including information provided in direct response to your questions) will be provided by individuals in the medical profession. The provision of such “Information” does not create a licensed medical professional/patient relationship, between Kingsbridge Private Hospital and you and does not constitute an opinion, medical advice, or diagnosis or treatment of any particular condition, but is only provided to assist you with locating appropriate medical care from a qualified practitioner.
The Services are not intended for acute medical emergencies or situations that require immediate attention. Here are some examples:
Severe difficulty in breathing (shortness of breath)
Sudden, severe pain anywhere in the body
Moderate to severe burns
Convulsions or seizures
Sudden change in mental status (such as unusual behaviour, confusion, difficulty waking from sleep)
Head or spinal injuries
Serious limb impairment or broken bone
You have harmed yourself or intend to end your life
WE WOULD STRONGLY RECOMMEND THAT YOU CALL AN AMBULANCE IN THESE SITUATIONS.
Kingsbridge Private Hospital will endeavour to reply to members questions within 1 working day. In some circumstances this may not be possible in which case we will reply as soon as possible.
Any information you enter must be accurate and in English.
When you use the “Ask our GP a question” service, you are communicating with us electronically. We will communicate with you by e-mail as this is necessary to deliver the services to you.
Each member will have access to 5 questions per month via the kingsbridgediamondclub.com website.
“Get a GP referral” online
Practitioners are GPs registered with the General Medical Council, who have committed to provide services in accordance with clinical best practice and applicable professional standards.
Free GP Referrals that are obtained through the Kingsbridge Diamond Club for specialist treatment must be used within Kingsbridge Private Hospital.
It is your responsibility to confirm with your insurer in advance that your treatment is covered by your insurance policy and Kingsbridge Private Hospital will not obtain any such confirmation on your behalf.
E. Privacy and data protection
1. Kingsbridge Private Hospital will collect and may later use information about each member/Cardholder, including their registration details, information about their use of the Corporate scheme, their attendance and treatment at Kingsbridge Private Hospital and other information that the Cardholder gives to Kingsbridge.
2. By becoming a Cardholder/member you agree that Kingsbridge can contact you with news about Kingsbridge Private Hospital or information about other services that may be of interest to you. Kingsbridge Private Hospital will never release a members/Cardholder’s personal details