Privacy

We take your privacy very seriously. Please read this privacy policy carefully: it sets out important information about who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and the regulators should you wish to.

1. Who we are

HD Clinical Limited is a software company based in the UK. In this document, ‘we’ and ‘us’ are used to refer to HD Clinical Limited. You can see where we are based and how to contact us in the Contact Us section below.

We design, develop, sell and maintain software for healthcare. We therefore have relationships with many individuals and organisations. We also operate and maintain the website www.hd-clinical.com.

We collect and use certain information about you and the other individuals and organisations with whom we have contact. We therefore have responsibilities for that information and are regulated under the General Data Protection Regulation (GDPR).

The GDPR applies across the European Union (including the United Kingdom) and we are responsible as ‘controller’ or ‘processor’ of that personal information for the purposes of those laws.

The person responsible for how we handle personal information is the Data Protection Officer. You can contact the DPO at any time using governance@hd-clinical.com

2. Personal information we collect and use

Personal information provided by you

In operating our business, we collect information when you provide it to us, such as your name, job title postal address, email address and phone numbers.

This also happens if you apply to work for us or work for us for any period of time. Here, personal information we gather may include your contact details, bank account information, employment history, skills and qualifications contained in your CV and other documents, your marital status, nationality, NI number and job title.

Personal information provided by third parties

Occasionally we may receive information about you from other sources (such as referees), which we will add to the information we already hold about you. If you apply for a job with us, we may receive information from the people who provide references.

Sensitive personal information

We will not usually ask you to provide sensitive personal information. We do not anticipate any need to record sensitive personal information as a routine part of running our business. We will only collect your sensitive personal information with your explicit consent on each occasion.

Patient data

We design, develop, deploy and maintain software for healthcare. Our software is deployed and operated on and in environments owned and operated by our customers (i.e. Hospitals). In operational use, our software will contain sensitive personal and patient data but we do not store, hold or retain this data.

We are therefore a ‘processor’ of data but not the ‘controller’. Any access to patient data is limited by need and is usually restricted to the operational requirements of supporting the operational software. We take all reasonable steps to avoid accessing, viewing or otherwise interacting with patient data. We do not store or retain patient data.

Children

We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.

3. How and when we collect information

We gather information in a variety of ways.

We gather information directly from you.  Examples include telephone conversations, emails, using the contact form on our website, correspondence and meetings.

Our website also uses cookies (see “Use of cookies” section below) and collects IP addresses (which means a number that can uniquely identify a specific computer or other device on the internet).

We do not monitor and record telephone conversations with you, but we might retain notes about the call. We do retain email conversations (‘chains’) between you and us.

Use of cookies

A cookie is a small text file which is placed onto your computer (or other electronic device such as a mobile telephone or tablet) when you use our website. We use cookies on our website. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify you individually. We use analysis software to look at IP addresses and cookies to improve your experience as a user of our website. We do not use this information to develop a personal profile of you. If we do collect personally identifiable information, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.

For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.

4. Reasons we can collect and use your personal information

The GDPR sets out a number of lawful bases for collecting and using personal data. Differing lawful bases apply to collecting and using personal data in different situations. We explain our policy below:

Contracts

Where you make enquiries about purchasing products or services from us, and before you become a customer or user of our products and services, we need to collect personal information about you so that we can take steps to enter into a contract with you and / or provide products and services to you.

Once you have become a customer or user of our products or services, we need to collect and use personal information to provide the products and services to you. We are entitled to be paid for the products and services we provide under any contract, for which we require contact and other personal details.

This includes collecting and using your personal information to:

  • Enable us to respond to enquiries made by you
  • Provide quotations and other documents necessary for you to make a decision about us
  • Enter into a contract with you to provide the products and services
  • Maintain contact with you to manage the performance of the contract with you
  • Contact you to provide information to you about the product(s) and service(s)
  • Generate invoices and other financial documents and receive payment
  • Resolve disagreements or disputes should they arise

Employment

If you apply for a job with us, we will collect and use personal information to process your application and check references.  If you take a job with us, we will collect and use your personal information to enter into an employment contract with you and to administer the employment relationship, including making payments to you, accounting for tax, ensuring safe working practices, monitoring and managing staff access to systems and facilities, monitoring absences and performance and conducting assessments.

Legal obligations 

We collect and use personal information from our customers and staff to comply with our legal obligations.

Legitimate business interests

Our priority is to make sure we deliver a high quality service and to follow up effectively on enquiries, although we are aware that not all enquiries will lead to a business relationship or contract.

We collect personal information to:

  • Enable us to respond to enquiries made by you
  • Analyse the behaviours of visitors to our website (i.e. pages viewed, information viewed)
  • Provide quotations and other documents necessary for you to make a decision about us
  • Enter into a contract with you to provide the products and services
  • Maintain contact with you to manage the performance of the contract with you
  • Contact you to provide information to you about the product(s) and service(s)
  • Generate invoices and other financial documents and receive payment
  • Resolve disagreements or disputes should they arise

Who your information might be shared with

We may disclose your personal data to / with:

  • Obtain an employment reference from named referees
  • Any person or agency where we are required by law to do so
  • Provide quotations and other documents necessary for you to make a decision about us
  • Providers of services including email virus scanning:

5. Keeping your personal information secure

We have appropriate security measure in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.  We limit access to your personal information to those who have a genuine business need to know it.  Those people processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We will use technical measures to safeguard your personal data, for example:

  • Keep data only when required
  • Limit access to data to personnel needing to access it
  • Store data in systems that are password protected

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory body of a suspected data breach where we are legally required to do so.

While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How to contact us’ below).

Our website contains links to websites and applications owned and operated by other people and businesses. These third party sites have their own privacy policies and use their own cookies and we recommend that you review them before you provide them with personal information.  They will tell you how your personal information is collected and used whilst you are visiting these other websites.  We do not accept any responsibility or liability for the content of these sites or the use of your information collected by any of these other sites and you use these other sites at your own risk.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

TRANSFERS OF YOUR PERSONAL INFORMATION OUT OF THE EEA

We will not transfer your personal data outside of the EEA or to any organisation.

6. How long do we keep your personal information?

We will usually hold your personal information as a customer or employee on our system for the period we are required to retain this information by applicable UK law, currently 6 years from the end of our contract or 6 months after any unsuccessful job application, unless you have told us you want us to delete the information earlier (see section “What rights do you have” below).

What rights do you have?

Under the General Data Protection Regulation you have a number of important rights. These include the following rights:

  • request a copy of your information which we hold (subject access request)
  • require us to correct any mistakes in your information which we hold
  • require the erasure of personal information concerning you in certain situations
  • require us to stop contacting you for direct marketing purposes
  • object in certain other situations to our continued processing of your personal information
  • restrict our processing of your personal information in certain circumstances
  • receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable  format and have the right to transmit those data to a third party in certain situations.

Further information on each of these rights is available from the Information Commissioner’s Office.

If you would like to exercise any of these rights, email, call or write to us (see How to contact us below). We might require proof of your identity and will require you to confirm the information to which your request relates.

We will not charge any fee for any of these services in most cases.

Rights relating to direct communications and marketing

We will also update you about our activities and promotions which may be of interest to you. If you would like to stop receiving these communications, you can opt out at any time. The easiest way to do this is to click on the “unsubscribe” button at the bottom of the email.

See ‘What rights do you have?’ below for further information. If you ask us to stop contacting you in this way, you can also ask us to start again at any time.

Other communications

If we propose to use your information for any other uses we will ensure that we notify you first. If we need your consent to use your information for these other purposes, we will give you the opportunity to opt in or to refuse.  If you opt in, you will be able to opt out at any time.

7. How to contact us

We hope that this policy is useful and clear. If you have any query or concern about the way we handle your personal information, you can contact us at any time without charge.

Ways to contact us

Email:         governance@hd-clinical.com
Telephone: 01279 874 567
Post:          HD Clinical Limited, Thremhall Park, Start Hill, Bishops Stortford, CM22 7WE

If you email or write to us, please mark your correspondence for the attention of the Data Protection Officer. If calling, please ask for the Data Protection Officer.

The General data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority I the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113

8. Changes to this policy

This Privacy Policy was published on 25-May-2018 and last updated on 25- May-2018. We may change this Privacy Notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.

If you would like this policy in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us?’ above).

 

Secured By miniOrange