Privacy Policy
Who we are?
We are Amicis Data trading as Clinical DPO are registered with the Information Commissioners Office as a Data Controller registration number ZA482973 We are specialist in Data Protection Services including provision of Data Protection Officer services.
Your Privacy
Your privacy matters to us and we are committed to the highest data privacy standards and patient confidentiality. To disclose this to you, our Privacy Notice includes the following:
- What data we collect from you.
- How and why we process it.
- Who we share it with and why.
We adopt the six core principles of data protection which are:
- Lawfulness, fairness and transparency – we process personal data lawfully, fairly and in a transparent manner in relation to you, the data
subject. - Purpose limitation – we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
- Data minimisation – we ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing
purpose. - Accuracy – we take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
- Storage limitation – we delete personal data when we no longer need it. Whilst the timescales in most cases aren’t set, we outline our retention strategy within this Privacy Notice.
- Integrity and confidentiality – we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Collection of your Personal Data
We collect your personal information via disclosure directly from you which might be via our website, telephone or face to face engagement.
We hold information relevant to contacting you in regard to the services which you have shown an interest.
As part of our Data Protection Officer services we also operate as a Data Processor to other Data Controllers and collect personal data on their behalf. We process this under the direct instruction of our Data Processing Agreement with each Controller, the details of which can be requested directly from them. Should you believe we are Processing your data on behalf of a Controller please contact us via dpo@clinicaldpo.com .
Categories and Type of Personal Data Collected and processed.
We collect contact details from you including:
- Name
- Address
- Telephone number(s)
- email addresses
In addition to this contact information we might process the following types of data in situations where we are required to facilitate a DSAR on behalf of the controller.
- Current and past relevant health and medication information.
- Examination results including retinal images.
- Relevant lifestyle information such as pastimes or work impacting on eye care.
We treat all personal data as sensitive but acknowledge that we also process special category data.
Child Data
Clinical DPO does not process Child Data as per Article 8 of the GDPR and Article 9 of the UK Data Protection Act 2018 when acting as the Data Controller. In our role as Data Processor we may process data child data on behalf of a Data Controller and directly under their instruction.
Reason for Data collection and processing activities.
Contact information is captured to enable us to contact you through various communication channels to facilitate the enquiry which you have made to our business.
Sharing of Personal Data
During the delivery of our service to you, we will share your data with other companies who are critical for the provision of our service to you and will be viewed as Data Processors. They are under contract with us and have provided sufficient guarantees that they will process your
data only as per the terms of that contract and throughout processing activities will ensure your data is protected using appropriate technical and
organisation measures.
A full list of processors is available from our Data Protection Officer but includes Zen Desk which is our help desk software provider which
hold data in the US under the EU-US Privacy Shield Framework.
Securing and Processing of your Personal Data
Your data is stored mainly within our software system provided by Zen Desk which is a cloud based software. They hold ISO 27001 and as part of our own due diligence our Data Protection Officer has reviewed security processes. A summary from Zen Desk can be viewed here https://www.zendesk.com/company/customers-partners/eu-data-protection/
Your data is also stored within local devices secured using passwords and user authentication or one central storage using AES-256 encryption.
In the unlikely event that we lose your data, or a device on which your data resides, or it is accessed by someone unauthorised, we have a duty to inform you immediately. If the loss or unauthorised access of your data has potential to cause you harm, we will also report this to the Information Commissioners Office; who are responsible for regulating data protection legislation in the UK.
https://ico.org.uk/
For any data which we are designated the processor for, we will inform the Data Controller without undue delay.
Our legal basis for processing your personal data?
We are required to identify one of six possible legal grounds for processing. These are:
- consent
- contract
- legitimate interests
- vital interests
- public task
- legal obligation
As all of our processing activities are crucial to the provision of the service which we enter into a contract with you to provide, we process your data based on that contractual relationship.
We could also process your data under our legitimate interests as all processing activities are essential for the provision of our service to you.
How long do we keep your personal data for?
We process three categories of personal data and retain this data for different periods of time.
Contact information is retained as long as the data subject is a customer of ours. Where the data subject has not used our services recently, and in the absence of a direct data subject request, we hold contact information for a period of 2 years from the last contact.
Your rights in relation to personal data
Under the GDPR, you have rights to access and control your personal data. These rights include:
- access to personal information
- correction and deletion
- withdrawal of consent (if processing data on condition of consent)
- data portability
- restriction of processing and objection
- lodging a complaint with the Information Commissioner’s Office
You can exercise your rights by emailing our Data Protection Officer on dpo@clinicaldpo.com
If you are unhappy with anything we have done with your data, you have the right to complain to the Information Commissioners Office.
To make a complaint to the Information Commissioners Office use the link below or call their hotline on Tel No.: 0303 123 1113.
https://ico.org.uk/concerns/
Use of cookies and other technologies
Our website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website onto their computer’s hard drive, they should take necessary steps within their web browser security settings to block all cookies from this website and its external serving vendors.
This website uses tracking software to monitor its visitors to better understand how they use it. The software will save a cookie to your computer hard drive in order to track and monitor your engagement and usage of the website but will not store, save or collect personal information.
How to contact us?
For all data protection matters or questions relating to how we manage your data, you can contact our Data Protection Officer via these means:
Data Protection Officer: Clinical DPO.
Phone Number 0203 411 2848
Email: dpo@clinicaldpo.com