What is Personal Data?
Personal data is:
Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 'Special categories' of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
What Information Do We Collect from Users of the Website?
We may collect, store and use the following kinds of personal data:
- information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type, referral source, length of visit and number of page views;
- information that you provide to us by filling in forms on the website for the purpose of seeking an appointment with one of our clinical experts or otherwise;
- any other information that you choose to send to us;
- if you contact us we may keep a record of that correspondence;
- detailed personal information such as age, sex, date of birth, and contact details (telephone numbers and email addresses).
Why does Total Health Collect and Store Data?
Total Health needs to collect, process and store personal data about you in order to deliver efficient and effective services.
Legal basis for processing
We often have two main legal bases for processing personal data. Firstly, where it is necessary for the purposes of the legitimate interests pursued by Total Health or by a third party to process your information. We can do that so long as we do not interfere with your fundamental rights or freedoms.
Secondly, because we have your consent (i.e. agreement) to us processing your personal information. Our customers are asked to give consent when signing up to use Total Health. Under the GDPR, consent is a legal basis for processing personal information. You can withdraw your consent at any time. This is explained further below in the section entitled 'Your rights under GDPR'.
To process personal data about criminal convictions or offences, we must have both a lawful basis for the processing and either legal authority or official authority for the processing.
The other reasons we can rely upon to process your personal information under GDPR is as follows:
- Where we are under a legal obligation or an obligation under a contract to process/disclose the information.
- Where we need to protect the vital interests (i.e. the health and safety) of you or another person.
- Some personal information is treated as more sensitive. The legal basis for processing these special categories of personal information is more limited. To lawfully process special categories of personal data, we must identify a lawful basis for the processing and meet a separate condition for the processing. The basis we can use these are:
- With your consent;
- Where we need to protect the vital interests (i.e. the health and safety) of you or another person;
- Where you have already made your personal information public;
- Where we or another person needs to bring or defend legal claims; and/or
- Substantial public interest grounds
Who the Personal Data Relates to
We collect and hold personal data about:
1. Patients - this includes current and former patients who have signed yup to the website;
2. Specialists - this includes current and former specialists who have signed up to the website.
We will minimise our holding and use of sensitive categories of personal information.
What use to we make of Personal Data?
We will use your data that is collected for the following purposes:
Protecting & Sharing Information
Total Health may make User Data available to successors in title to our business.
We may engage third party companies and individuals to facilitate our services, to provide the services on our behalf and to perform services related to administration of the services or the Site (including, without limitation, payment processing, maintenance, hosting and database management services). These third parties may have access to or be provided with your Data only to perform these tasks on our behalf. These third parties that operate through websites may have their own privacy policies. We encourage you to read the privacy policies and other terms of such websites before using the services.
Our staff only have access to your personal data when and if they need to use it to provide the service to you. We will also disclose information as required by law.
How long do we hold your Data for?
In most cases we hold the majority of your data for up to five years.
Your Rights under GDPR
Right to be informed: We will provide you with a privacy notice to tell you how we are using your personal data.
Right of access: You have the right to obtain access to your own personal data at any time so you are aware of and can verify the lawfulness of processing. Information will be supplied within one month of receipt of the request. This can be extended by a further two months where requests are complex or numerous. This will be provided free of charge unless you ask for multiple copies or the request is manifestly unfounded or excessive. We can also refuse your request if it adversely affects the rights and freedoms of others or is manifestly unfounded or excessive. You can make a subject access request by contacting firstname.lastname@example.org
Right of rectification: You have the right to have your personal data rectified if it is inaccurate or incomplete. If we have disclosed this to third parties, we will tell you if this is appropriate and we will inform them of the rectification where possible.
We must respond within one month, extendable by two months where the request for rectification is complex.
Right of erasure: You have the right to request the deletion of personal data where there is no compelling reason for its continued processing or if we are processing it in an unlawful manner – for example if we are using it for a different purpose than originally stated.
Right to restrict data processing: Under certain circumstances, you have a right to 'block' or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it. We can retain just enough information about you to ensure that the restriction is respected in future.
Right to data portability: You can obtain and reuse your personal data for your own purposes across different services. This right applies where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.
Right to object: You have the right to object to:
- If we process personal data for the performance of a legal task or our organisation's legitimate interests, you must have an objection on "grounds relating to your particular situation"
We must stop processing the personal data unless:
Right to Withdraw Consent at any Time: You may contact Total Health to request this. Although we may not be able to accept your request for certain types of data, please contact us if you wish to discuss this further.
Right to complain: about any matter relating to our service, including how we use your personal data:
While it is unlikely, we may be required to disclose your User Data by a court order or to comply with other legal requirements. We will use all reasonable endeavours to notify you before we do so, unless we are legally restricted from doing so.
Commercial Disposal to Third Parties
We will not sell, rent, distribute or otherwise make User Data commercially available to any third party without your prior permission.
If you complete one our contact forms requesting an appointment with one of our clinical experts we will not share your private information with anyone except the relevant medical professional. You are prohibited from posting or transmitting, to and from, the website any unlawful, threatening, defamatory, obscene, pornographic or other material which would breach any law.
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both “session” cookies and “persistent” cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognise you when you visit.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Using Your Personal Data
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
In addition, we may disclose information about you:
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
- to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
Security of Your Personal Data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal data. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You may instruct us to provide you with any personal information we hold about you. Provision of such information may be subject to the payment of a fee (currently fixed at £10.00).
Links to Websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites. The provision of a link to an external website does not constitute any authorisation to access material within that website. All information on this website, including links to other websites, is provided for information and convenience only. No endorsement of any other website by Total Health is expressed or implied by the presence of a link.
Please let us know if the personal information which we hold about you needs to be corrected or updated.
Exclusion of Liability
The service and materials on this website are provided "as is" and Total Health and the hosts of this website expressly disclaims any and all warranties, express or implied, to the extent permitted by law including but not limited to warranties of satisfactory quality, merchantability or fitness for a particular purpose, with respect to the service or any materials.
Except in respect of death or personal injury arising from negligence, Total Health and the hosts of this website hereby exclude liability for any claims, losses, demands or damages of any kind whatsoever with respect to any information and/or services provided on the Total Health website, including, but not limited to, direct, indirect, incidental or consequential loss or damages, compensatory damages or loss of profits or data whether based on a breach of contract or warranty, or tort (including negligence), product liability or otherwise.
The terms and conditions of use of the website shall be governed by English Law.