DoctorCare PPM

Our Privacy Policy

1. Scope of Privacy Policy

This website is owned by DoctorCare PPM Ltd. Contact details can be found on this policy document and on the website.

DoctorCare PPM Ltd (“We, us, our”) are committed to protecting and respecting your privacy.

This document refers to personal data and this is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject), that is not already in the public domain.

This policy (together with our Terms of Website Use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Privacy is the confidentiality of your personal information and this is of paramount concern to us.

Please read this privacy policy carefully to understand how we process your personal data. By visiting https://doctorcareppm.co.uk (the “Site”), you indicate your agreement for us to use your personal information as set out in this Privacy Policy.

The Data Protection Act 1998 (DPA), Privacy and Electronic Communications Regulations (PECR) and The General Data Protection Regulations (GDPR) which is EU wide and far more extensive, seek to protect and enhance the rights of data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU. It should be noted that GDPR does not apply to information already in the public domain such as Companies House data.

We are registered with the Information Commissioner (ICO) as required under the Data Protection laws in the United Kingdom and we are committed to compliance with Data Protection legislation, The General Data Protection Regulations, Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (UK Regulations), medical confidentiality and NHS Information Governance guidelines.

For the purposes of the Data Protection Act 1998 and the General Data Protection Regulations (GDPR) (the “Act”) which is EU wide, the data Controller for DoctorCare PPM Ltd is Mrs Amanda Kayes, ICO Registration Number: ZA906104.

This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage, and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data.

1.1 Notification Privacy Policy changes and updates

We are continually improving our methods of communication and adding new features to this website so if we change our data protection practices we will notify you on this page.

2. Data Protection by Design and Data Protection Impact Assessments (DPIA's)

It is good practice to adopt a Privacy by Design approach and to carry out a Privacy Impact Assessment (PIA). As part of this process, we have installed the following systems within our business; upgraded IT hardware, Cloud based software solutions with encrypted communications, enhanced Firewall and Anti-Virus software to meet compliance with GDPR.

3. Who Are We?

DoctorCare PPM Ltd (DoctorCare Private Practice Management) provide secretarial, accounting and administration services to our clients who are medical Consultants, GP’s and Medicolegal Experts working in the private healthcare sector.

We are based solely in the United Kingdom.

4. What Personal Data May We Collect From You?

When we refer to personal data in this Policy, we mean information that can, or has the potential to identify you as an individual. Accordingly, we may hold and use personal data about you as a customer, or in any other capacity, for example, when you visit our website or speak to us, including but not limited to personally identifying information like Internet Protocol (IP) addresses. DoctorCare PPM Ltd may from time to time use such information to identify its visitors.

We may also collect statistics about the behaviour of visitors to our website.

Name
Address
Email Address
Photograph
IP Address
Location data
Online behaviour (Cookies)
Bank Account details

In you making initial contact with us, you consent to us contacting you to discuss your business requirements. We will only collect the information needed so that we can provide our Clients with the services we offer, we do not sell or share your data with third parties.

DoctorCare PPM Ltd acts on behalf of its Clients (the Medical Consultants, GP’s and Medicolegal Experts for whom we provide services) solely as Data Processors and in this capacity, we act on the instruction of our Clients who are also committed to the DPA & GDPR compliance.

5. Cookies

In order to collect the anonymous data , we may use session ‘cookies’ that remain in the cookies file of your browser until the browser is closed.

Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not.

We use several different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit https://www.aboutcookies.org or https://allaboutcookies.org for detailed guidance.

Our website is built on a Enfold templated WordPress platform. We participates in, and has certified its compliance with, the EU-US Privacy Shield Framework. By accepting the Cookie notice on our website we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)

6. Lawful Basis For Processing Any Personal Data

The law on Data Protection is derived from various pieces of legislation. These include the Data Protection Act and the General Data Protection Regulation (the ‘GDPR’).

The GDPR states that personal data (information relating to a person that can be individually identified) can only be processed if there is a legal ground to do so. Activities like collecting, storing and using personal information would fall into the GDPR’s definition of processing.

The GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful:

Processed lawfully, fairly and transparently.
Collected only for specific legitimate purposes.
Adequate, relevant and limited to what is necessary.
Must be accurate and kept up to date.
Stored only for as long as is necessary.
Ensure appropriate security, integrity and confidentiality.

6.1 Reasons to process your information

Generally, we rely on the following legal justifications or ‘grounds’;

Taking steps at your request so that we can enter into a contract with you to provide practice management, secretarial, administration, accounts and medicolegal support services.
We have an appropriate business need to process your personal information and such need does not cause any harm to you. We rely on this for activities such as quality assurance, maintaining our business records, monitoring satisfaction and responding to queries or complaints

By signing our Processing agreement and agreeing to the terms in this Privacy Notice, you consent to our using your personal information.

You can withdraw your consent at any time by phoning 0113 3882230 or emailing mandi@drcareppm.co.uk
A contract with you that we can only fulfil by using your personal information, e.g. to send you an item that you have requested or provide a service.
One legal ground for processing personal data is where we do so in pursuit of legitimate interests and those interests are not overridden by your privacy right. Where we refer to use for ‘appropriate business needs’, we rely on this ground.

7. Legitimate Interests Pursued By DoctorCare PPM Ltd.

To promote the Practice Management, Secretarial, Accounts and Medicolegal services offered by DoctorCare PPM Ltd and the provision of these services to our Clients.

8. Disclosure

DoctorCare PPM Ltd may pass on your personal information to third parties exclusively to process work on its behalf, such as IT technical support, Software support, analytics purposes and to subcontract secretarial service suppliers. We require these third parties to agree to process any information shared based on our instructions and requirements in accordance with this Privacy Policy, the DPA, GDPR or any other relevant regulations. We may disclose your personal information to meet legal obligations, regulations, or valid Government requests.

Personal Data collected for the following purposes and using the following services:

Third party sites include Analytics sites: Google Tag Manager; Google Analytics, WordPress.com; WordPress Stats; WordPress.com Single Sign On; Google Analytics for Firebase; Google Analytics with anonymized IP; Google Analytics Advertising Reporting Features; Google Analytics Demographics and Interests reports; Google Ad Manager; Google Ad Manager Audience Extension; YouTube Analytics and Reporting API; Google Optimize ; Google O

9. Retention Policy

The UK GDPR does not dictate how long personal data should be kept for and it is up to us to justify this based on our purposes for processing. The processing of your personal data will only be for the duration of any contract we have between you and DoctorCare PPM Ltd and continue to store only the personal data necessary to fulfil the current guidelines.

We will store data for up to 6 years after expiration of the contract between us in order to comply/meet our legal obligations to do so. Following this amount of time, we will confidentiality destroy both hard copies and electronic copies of your personal data.

10. Where We Store Your Personal Data

The data that we collect from you may be transferred to, and stored at, secure servers inside the European Economic Area (“EEA”). It may be processed by staff operating inside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site or systems, you are responsible for keeping this password confidential. You must not share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, and encryption software to transmit personal information.

11. Your Data Protection Rights

Under Data protection law, your rights are as follows:

Your right of access, rectification, erasure, restriction of processing, data portability and automated decision making/profiling
You have the right to ask us for copies of your personal information. Subject Access Requests (SAR) should be made in writing and you may ask for the following information:
- Contact details for the Data Protection officer/ responsible person.
- Purpose/ legal basis for the processing of your data.
- What personal data is collected, stored and processed about you?
- Who the data will be disclosed to?
- Data storage policies
- Details of your rights to correct, erase, restrict or object to processing.
- How to exercise your right to withdraw consent
- To request the transfer of personal data we hold for you to another organisation.
- Details of third-party source of information (if not supplied by us)
- To object to automated decision making and profiling – you will need to identify the grounds for this relating to your own particular situation in order to exercise this.

We do not charge a fee for the written request for exercising your rights. If you make a request, we have one month to respond to you.

Please contact Mrs Amanda Kayes via email: mandi@drcareppm.co.uk

Protection of your privacy relating to requests for data, will necessitate the need for proof of identity. The acceptable forms of ID when asked are as follows:

Photo driving licence or Passport; and
Utility Bill or Bank Statement (within 6 months of date of request)

Please note that emails that we send to you do not have any tracking attached.

12. Links To Other Websites

This website may contain hyperlinks to websites that are not operated by us.

These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. We do not control these websites and are not responsible for their personal data practices.

13. How To Complain

If you have any concerns about the use of your personal information/data by DoctorCare PPM Ltd, please write to us directly at:

DoctorCare PPM Ltd, FAO: Mrs Amanda Kayes, Nuffield Health Leeds Hospital, 2 Leighton Street, Leeds, LS1 3EB

Or via email: mandi@drcareppm.co.uk

You can also complain to the ICO if you are unhappy with how we have used your data or you have not heard from us within one month of an SAR. The ICO’s address is:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline number: 0303 123 1113 or visit ICO website: https://www/ico.org.uk

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.