Venturi Healthcare (“we” or “us”) is committed to data protection and data privacy. With the General Data Protection Regulation (GDPR) becoming enforceable from 25 May 2018, we have undertaken a GDPR readiness programme to review our entire business, the way we handle data and the way in which we use it to provide our services and manage business operations.
We are committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold.
We have issued this notice to describe how we handle personal information that we process through the use of our website and other means including post, email and telephone. Including any data you may provide through our website when you use the “Contact Us” section of the website.
We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This notice sets out the personal data that we collect and process about you, the purposes of the processing and the rights that you have in connection with it.
If you are in any doubt regarding this notice, please contact us on 01772 321480 or Venturi Healthcare, Unit 10, Sceptre Court, Sceptre Way, Bamber Bridge, PR5 6AW.
Types of personal data we collect
Personal data, means information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The types of personal information we may process include, but are not limited to:
- Identification data – such as your name.
- Contact details – such as home and business address and telephone/email addresses
- Usage data – includes information about how you use our website and services.
- Technical data – includes internet protocol (IP) address and details received during the process of you using our website
- Job application details – employment history and CV
Purposes for processing personal data
We will only use your personal data when the law allows us to and to provide our services. Most commonly, we will use your personal data in the following circumstances:
- Where you have provided your Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
- Where we need to perform the Contract we are about to or have entered in to with you: the processing is necessary for a contract you have with the individual, or because they have asked us to take specific steps before entering into a contract.
Where we need to comply with a Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
Who we share your data with
We take care to allow access to personal data only to those who require such access to perform their tasks and duties, and to third parties who have a legitimate purpose for accessing it. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the data is used in a manner consistent with this notice and that the security and confidentiality of the data is maintained.
Transfers to third-party service providers
In addition, we make certain personal data available to third parties who provide services to us. We do so on a “need to know basis” and in accordance with applicable data protection and data privacy laws.
For example, some personal data will be available to our employee benefit plans service providers and third-party companies who provide us with employment law advice, health and safety support, payroll support services, expenses, tax and travel management services.
We may also disclose personal data to third parties on other lawful grounds, including:
- To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process
- In response to lawful requests by public authorities (including for national security or law enforcement purposes)
- As necessary to establish, exercise or defend against potential, threatened or actual litigation
- Where necessary to protect the vital interests of our employees or another person
- In connection with the sale, assignment or other transfer of all or part of our business; or
- With your freely given and explicit consent
Your data will be stored within the UK by Venturi Healthcare
National Data Opt Out
Individuals/Residents can choose whether their confidential patient information is used for research and planning.
Who can use your confidential patient information for research and planning?
It is used by the NHS, local authorities, university and hospital researchers, medical colleges and pharmaceutical companies researching new treatments.
Making your data opt-out choice.
You can choose to opt out of sharing your confidential patient information for research and planning. There may still be times when your confidential patient information is used: for example, during an epidemic where there might be a risk to you or to other people’s health. You can also still consent to take part in a specific research project.
Will choosing this opt-out affect your care and treatment?
No, your confidential patient information will still be used for your individual care. Choosing to opt out will not affect your care and treatment. You will still be invited for screening services, such as screenings for bowel cancer.
What should you do next?
You do not need to do anything if you are happy about how your confidential patient information is used. If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service. You can change your choice at any time.
To find out more or to make your choice visit nhs.uk/your-nhs-data-matters or call 0300 303 5678
Personal data will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this notice or as otherwise required by law. Generally, this means your personal information will be removed from our records seven years after the date it was collected unless different retention periods apply.
For instance, we will keep an employees data until the end or their employment, employment application, or work relationship with us plus a reasonable period of time thereafter to respond to employment or work-related inquiries or to deal with any legal matters (e.g. judicial or disciplinary actions), document the proper termination of your employment or work relationship (e.g. to tax authorities), or to provide you with ongoing pensions or other benefits.
For more information, please see our Data Retention Policy, which outlines our current document retention schedule.
You may exercise the rights available to you under data protection law as follows:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You can read more about these rights at:
You have the right to withdraw your consent for us to process your data at any time by contacting the People Services Department.
To exercise any of these rights, please contact the People Services
Failure to provide data
Where we collect personal data by law, or under terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter in to with you. In this case, we may have to cancel the product or service you have with us but we will notify you of this.
Venturi Healthcare have implemented appropriate security measures to prevent your personal data being lost, used or accessed in an unauthorised way, altered or disclosed. In addition we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in to place procedures to deal with any suspected data breach and will notify you and any applicable regulators of a breach where we are legally required to do so.
Issues and complaints
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed.
If you want to make a complaint about the way we have processed your personal information, you can contact the Information Commissioner’s Office in their capacity as the statutory body which oversees data protection law – www.ico.org.uk/concerns.
Updates to this notice
This notice may be updated periodically to reflect any necessary changes in our privacy practices. In such cases, we will inform you by sending a global emails and staff notice boards. We encourage you to check this notice periodically to be aware of the most recent version.
Please address any questions or requests relating to this notice to the People Services Department