Corporate Transparency Statement: Your Data’s Journey through Nuffield Health 24/7
What information will you be asked to provide
In order to provide you with access to Nuffield Health 24/7, we require specific data to be provided by you. This will include:
Your email address; and If you access the 24/7 service by submitting your personal data via an online form, you will also be asked to provide:
your company name and employee ID.
Where we may collect your information from
We may collect your information one of 2 ways , outlined below:
- We will either receive your personal data direct from your employer; or
- Your employer will make you aware of the 24/7 service and you will enter your personal data into an internet based form (Microsoft forms) which is sent to Nuffield Health.
Why we need this information and how we might use it
We need to collect the information that we have outlined above for the following purposes:
Your name and email address will be stored in Nuffield Health’s IT systems for the purposes of:
- identifying you;
- creating an account for you;
- managing your access to the platform;
- processing required in connection with providing the service e.g. verifying how many employees have signed up to the service; billing your employer based on the number of employees signed up to the service etc… wherever possible this will be done using anonymised data (which means you won’t personally be identifiable from it);
- For employees accessing the 24/7 service via the second option above - your employer name and employee ID will be used to verify you as a corporate customer.
Who your Personal Data may be shared with
Fair and Lawful Processing
Each organisation is required to demonstrate that they are processing personal data fairly and lawfully, to do this we must have a ‘lawful basis for processing’ personal data.
For the purpose of managing access to Nuffield 24/7, Nuffield Health will mainly be processing data based on the following lawful basis for processing:
- Article 6 (1)(b) Processing is necessary for the performance of a contract to which the individual is party or in order to take steps at the request of the individual prior to entering into a contract.
- Article 6 (1)(f) Legitimate interests: the processing is necessary because of a legitimate interest or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
What does this actually mean?
In order to provide you with the level of support agreed to in our contracts in a safe and effective way we need to process the data discussed, and as such, we are doing so lawfully. This means we may not always ask your consent each time we use your data if what we are doing is linked to providing you with the service or to carrying out something you have asked us to do.
Your rights in respect of your Personal Data
The law gives you certain rights in respect of the information that we hold about you. Below is a short overview of the key rights available to you
- Data Subject Access Request - with some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you. Where the data is data that you have given to us, you have the right to receive your copy of it in a common electronic format, and to provide copies of it to other people if you wish (Right to Data Portability).
- Right to Rectification - you have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion, such as assessments of performance or fitness to work.
- Right to Erasure - in some limited circumstances, you have the right to have personal data that we hold about you erased (the “right to be forgotten”). Right to Restrict Processing - you also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, for example if you contest its accuracy or where we are processing it on the basis of our legitimate interest and you contest our assessment that our interest overrides your rights. The above is not a complete and exhaustive statement of the law.
How long we will keep your Personal Data for
Nuffield Health will retain your personal data (as outlined above) in accordance with our retention policy. You have the ability to exercise your right to erasure, which we will consider and advise whether it is possible to comply, and if not, provide you with reasons.
Vimeo will retain your personal data at least for the duration that you use the NH24/7 service and you will have the same rights over your personal data processed by Vimeo, as you do with personal data processed by Nuffield Health.
For further information
If you are not satisfied with how we handle your personal data or would like to exercise one of your rights in relation to your data, you can contact the Data Protection Officer on firstname.lastname@example.org Should you remain dissatisfied you have a right to complain to the Information Commissioner’s Office on 0303 123 1113 or through their website https://ico.org.uk/
A registered Charity Number: 205533 (England & Wales), a Charity Registered in Scotland Number: SC041793 and a Company Limited by Guarantee Registered in England Number: 576970, VAT No GB 564 29 1137