Privacy Policy
General Data Protection Regulation (GDPR)
What is GDPR?
GDPR is an European Union regulation which is intended to strengthen, unify and safeguard data for all individuals.
At Fitzwilliam Clinic, we are committed to ensuring the protection of your personal information. In accordance with GDPR guidelines, our aim is to have safeguards in place to protect your privacy and ensure that you feel confident about the security of the personal data which you provide to us.
Data Protection Privacy Notice
This privacy notice is to let you know how our clinic will look after your personal information. If we provide you with a medical or nursing service, then we will use your personal information in the ways set out in this privacy notice. Under data protection legislation, we can only process your personal information where we have a proper reason for doing so, such as:-
- it is in our legitimate interests to do so – for example a legitimate interest is when we have a reason to use your information to enable your consultant to provide treatment or care and order medical tests
- we are required to do so by law i.e a legal obligation
- you have entered a contract with us for a service – for example processing credit card payment
- in the public interest – where this has a clear basis in law
- vital interests – for example protection of life in a medical emergency
What Personal Data Do We Collect?
Personal data collected may include:-
- Patient’s name
- Title
- Date of birth
- Address
- Email address
- Emergency contact or next of kin information
- Information relative to your health i.e. allergies and past or present conditions
- Health + Care Number
- Contact telephone number
- Bank details
- GP name & address
- Private health insurance company, account number and authorisation code
- Medical records of your appointment/s and/or treatments at Fitzwilliam Clinic
Personal data is any information that is identifiable as belonging to you.
Fitzwilliam Clinic will request personal data from patients attending the clinic for an outpatient or theatre appointment, for the sole purpose of creating a medical file on the individual patient.
The personal information held on file may be shared with:
- The Consultant with whom the patient is attending
- The Medical Insurance Company with whom the patient is insured
- The Private Healthcare Information Network – we have a legal requirement under CMA Private Healthcare Market Investigation Order 2014 to provide data on some theatre procedures – when you attend the clinic, you have the option of anonymising this.
Why Do We Collect Data & Who Are The Recipients Of Data?
We collect data to provide details to the Consultant in charge of your care and to enable the Consultant to provide continuing care via the NHS / your General Practitioner.
Financial and health insurance data is collected for the purposes of payment for the services received.
Individual Rights Under GDPR
You have a number of rights under the data protection legislation in relation to the way we process your personal data, which are set out below:
- Right to be Informed – This is provided through the privacy notice on our website or is available via the Receptionist.
- Right of Access – You have the right to access your personal data and supplementary information. We will aim to respond to any request received from you within one month from your request, although this may be extended in some circumstances in line with data protection legislation. If you wish to obtain access to your file, you must write to us at the address below. Access to your data may incur a charge dependant on the volume of information requested to be copied as we are entitled to do so under data protection legislation.
- Right to Rectification – The right to ask us to correct your information if you think the information that we hold about you is wrong or incomplete. We will respond within one month.
- Right to Erasure – The right to object to our use of your information, or to ask us to delete, remove or stop keeping it if there is no need for us to keep it. This is known as the ‘right to object’, the ‘right to erasure’ or the ‘right to be forgotten’. There may however be legal or regulatory reasons why we need to keep or use your information.
- Right to Restrict processing – We may sometimes be able to restrict the use of your information so that it is only used for legal claims or to exercise legal rights. In these situations, we would not use or share your information while it is restricted.
- Right to Data Portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
- Right to Object – Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority. There is a contractual requirement when patients attend Fitzwilliam Clinic for their personal data to be processed in order to provide medical care and treatment. You may object to the use of your personal data being given to the Public Healthcare Information Network (PHIN) – this can be anonymised and is provided for in the theatre admission process.
- Right not to be evaluated on the basis of automated processing – patients who attend Fitzwilliam Clinic will not be evaluated on the basis of automated processing nor is any decision making automated.
How long will the data be retained?
Data will not be retained for any longer than is required.
We will retain your medical records for 7-10 years, as required by our insurance provider and as required by regulations (Access to Health Records Legislation (NI) Order 1993 and Records Management – Good Management Good Records. DHSS revised October 2015).
Cookies & Links From Our Website
We may also collect information from you through the use of cookies. Cookies are small files which are stored on your computer browser. The cookie law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet for example, you may have a pop-up message informing you that this site uses cookies in combination with an acceptance/decline box, and it will be your decision whether you wish to accept or decline the use of the cookie.
Our website may contain links to other websites. If you provide personal/sensitive data to a website to which we are linked to, we are not responsible for its protection and privacy. This privacy statement only applies to www.fitzwilliamclinic.com.
Contact details
If you wish to exercise any of the above, please write to:-
The Data Protection Officer
Fitzwilliam Clinic
70-72 Lisburn Road
Belfast
BT9 6AF