Nuffield Health ("We") are committed to protecting and respecting your privacy.
This policy (and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act, the data controller is Nuffield Health with registered address at: Nuffield Health, Epsom Gateway, Ashley Avenue, Epsom, Surrey, KT18 5AL a Registered Charity Number: 205533 (England & Wales), a Charity Registered in Scotland Number: SC041793 and a Company Limited by Guarantee Registered in England Number 576970.
When we refer to “personal information” in this policy, we mean information that could or has the potential to identify you as an individual or provides information about you. Accordingly, we may hold and use information about you as a customer, a patient, or in any other capacity, for example, when you visit our websites, complete a form, access our services or speak to us.
Security of your personal information
We endeavour to protect all information we hold about you by ensuring that we have appropriate security measures in place to prevent unauthorised access, information being lost, destroyed or damaged. We conduct audits to monitor our compliance to Information Security and data protection.
In the usual course of our business, we may use third party organisations to support the essential delivery of our services. This may be to support IT systems in which your information is stored, or for the purposes of debt collection, transportation and storage of information and confidential destruction.
Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under the Data Protection Act.
Personal information you provide to us is held on a secure server in locked information centres and is encrypted wherever possible. Information is kept for as long as is reasonably necessary. Some IT service providers may host data in servers located outside of the EEA using cloud solutions. Where this is the case we have implemented appropriate security to protect the personal information you disclose to us from loss, misuse, unauthorised access, disclosure alteration and destruction.
Information collected when you contact us to enquire about our services
When you contact us to enquire about a service or a product, we will collect personal information about you to enable us to provide you with the information that you have enquired about. Information collected will be kept securely and only accessed by those individuals responsible for ensuring you are provided with the correct information about our services.
In the interests of training and continually improving our services calls to Nuffield Health and its agents may be monitored or recorded. Private calls to and from patients in our hospitals are not recorded.
Health Information collected during treatments and services
Where sensitive clinical information is collected it will be kept confidential and secure and will only be disclosed to and received from those individuals involved with your treatment or care, or to their agents and, if applicable, to any person or organisation who may be responsible for meeting your treatment expenses or their agents. Information may be provided to external service providers and regulatory bodies for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.
Research - Nuffield Health participates in national audits and initiatives to help ensure that patients are getting the best possible outcomes from their treatment and care. Nuffield Health will use your personal data in order to monitor the outcome of your treatment by us and any treatment associated with your care, including any NHS treatment. The highest standards of confidentiality will be applied to your personal data in accordance with data protection law and confidentiality. Any publishing of this data will be in anonymised statistical form. Anonymous or aggregated data may be used by Nuffield Health, or disclosed to others, for research or statistical purposes and registered with such bodies.
Fair Processing Information for patients treated and discharged in 2012
On 10 May 2013, the Secretary of State for Health gave permission to the Private Healthcare Information Network (PHIN), of which this hospital is a member, to conduct a pilot exercise to evaluate the potential benefits of linking records of private treatment to records of any subsequent NHS treatment. The exercise is expected to demonstrate potentially important improvements to the measurement and management of clinical quality, to facilitate enhanced regulation of the private healthcare industry, and to provide better information to support patients’ choices. The exercise will look for any instances where patients in private hospitals subsequently needed unplanned care in an NHS hospital.
The pilot exercise will involve around 650,000 patient records from around 150 private hospitals, including some from this hospital.
All clinical data will be processed anonymously, with any information which could identify individual patients removed. However, in order to first identify any records held by the NHS matching those for patients treated privately, basic personal data (name, date of birth, postcode, treatment date and, where available, NHS Number) will be notified to the Health & Social Care Information Centre (the Government body responsible for holding and processing information for the NHS) for one-time use. This data will not be retained by HSCIC after processing.
The use of this data will benefit future patients.
If you were admitted for treatment at this hospital in 2012 and would prefer that your information should not be used for this study, please send an email to the address below, or ask a member of the hospital’s administrative staff to do so on your behalf. If your data is included, we will make every effort to withhold it.
Information entered onto the Nuffield Health website
The Nuffield Health website is controlled and owned by Nuffield Health referred to in this privacy statement as ‘we’, ‘us’ or ‘our’.
The site is intended for use by residents of the United Kingdom.
What personal information do we collect from you when you access our website and when?
We may collect and process personal information when you:-
- register to use our website
- enquire about any of our services or treatments
- register or book to receive any of our services or treatments
- fill in a form
- complete customer surveys on our website
- post material on the site
- participate in a competition or promotion sponsored by us.
- if you contact us, we may keep a record of that correspondence.
We may also collect sensitive information about you related to your health that you have entered into a web form, emailed via our website or relayed in a telephone call to our call centre. Please note that information sent through a web form enquiry or via email is normally unprotected until it reaches us.
The security of Information entered via the Website & Where We Store Your Personal Data
Data transmission over the internet is not completely secure and we cannot guarantee the security of your personal information or other data transmitted to or from our website; any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
How do we use your personal information provided through our website?
Your personal information will be kept confidential and secure and only used in connection with Nuffield Health services for the purpose for which it was collected and in accordance with our requirements under data protection legislation and clinical confidentiality guidelines. Sensitive information related to your health will only be used: to enable our employees to provide you with information and services appropriate to your interests and preferences, or to enable contracted service providers to provide you with services relating to our communications with you or in connection with any medical treatment which you may be receiving or seeking advice. Any personal information you provide will be held for as long as is reasonably necessary having regard for the purpose for which it was collected.
We may use your personal data for some or all of the following reasons:
- To provide various Nuffield Health services and to allow you to ensure that content from our site is presented in the most effective manner for you;
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- To carry out our obligations arising from any contracts entered into between you and us;
- To allow you to participate in interactive features of our service, when you choose to do so;
- To notify you about changes to our service.
What do we do with any non-personal information collected when accessing the website?
Other non-personal information which you submit may also be collected to enable us to better understand our customers, improve our website, general marketing and to help provide a better experience of our services. We may also use other companies to set cookies on your website and gather cookie information for us – please refer to the information detailed below. From time to time we may also analyse Internet Protocol (IP) addresses or other anonymous data sources too.
Recent Changes in European Legislation
In line with recent changes in European legislation, UK law now requires website operators to ask for a website user’s permission when placing certain kinds of cookie on their devices for the first time.
Where consent is required, the law states that it should be “informed consent”. This increases the onus on websites to ensure that visitors understand what cookies are and why website operators and others want to use them.
Here at Nuffield Health we are committed to providing the best digital service to our visitors whilst protecting their privacy, and are happy to share our position on the recent changes in Cookie law.
What are Cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience.
They can also help to ensure that adverts you see online are more relevant to you and your interests.
Category 1 Cookies
These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.
User consent is not required for the delivery of those cookies which are strictly necessary to provide services requested by the user.
Nuffield Health collects these types of cookies.
Category 2 Cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
Nuffield Health collects these types of cookies by functional use in clause 2.1 . By using nuffieldhealth.com you agree that we can place these types of cookies on your device
Category 3 Cookies
These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
These cookies are used to remember customer selections that change the way the site behaves or looks. It might also include cookies that are used to deliver a specific function, but where that function includes cookies used for behavioural/targeted advertising networks they must be included in category 4 as well as this category.
Nuffield Health collects these types of cookies by functional use in clause 2.1. By using nuffieldhealth.com you agree that we can place these types of cookies on your device
Category 4 Cookies
These cookies are used to deliver adverts more relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
Nuffield Health do not collect these cookies, and will endeavour to obtain clear and informed user consent depending on the purpose for which the category 4 cookies are to be used.
Definitions supplied by the International Chamber of Commerce ‘ICC UK Cookie Guide’ April 2012.
For more information on Nuffield Health’s position on the recent changes to the Cookie Law contact us: Nuffield Health Digital Marketing Team, Nuffield Health, Epsom Gateway, Ashley Avenue, Epsom, Surrey, KT18 5AL
For information on how to delete cookies, please refer to: http://www.wikihow.com/Clear-Your-Browser's-Cookies
If you have consented to our processing your personal information for marketing purposes we may send you information about our Nuffield Health products and services which may be of interest to you.
You have the right to ask us not to process your information in this way at any time. If you no long wish to receive web based marketing information you can unsubscribe by firstname.lastname@example.org. For non-web based marketing information please write to:
Data Protection Officer
Third Party Websites
Information may be disclosed to others with a view to preventing fraud or to assist in police investigations in line with the Data Protection Act.
Nuffield Health premises are surveyed by CCTV for the purpose of security and images and videos may be retained for a limited period.
Accessing and updating your information
You have the right to access information held about you. Your right of access can be exercised in accordance with the Data Protection Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. At any time you can request a copy of the information that we hold about you, including copies of your medical records (where relevant), by contacting:
Data Protection Officer
If your details change or are incorrect please let us know.
Changes to our Privacy Statement
If you have any questions in relation to our privacy statement please contact:
Group Information Governance Manager