Introduction

This policy is to inform the people using the services of Sterling Healthcare Group (SHG) of the data we collect, what we do with your information, what we do to keep it secure and who it is shared with. The document also outlines your rights and choices regarding your personal data and who to
speak to if you have any concerns regarding the management of your data at Ascot Rehab.

Sterling Healthcare Group is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our patients and users of our services that communicate (online or offline) with us, face-to-face, via medical companies, insurance companies, over the phone, or through our website.

Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the General Data Protection Regulation which is the governing legislation that regulates data protection across the EEA. This includes any replacement legislation coming into effect from time to time.

We reserve the right to change this privacy policy from time to time and we may provide you notice of these changes by any reasonable means, including by providing notice through our website. By continuing to access, browse or use the Site, you confirm your acceptance of the revised privacy policy. We strongly recommend that you periodically visit this page of the Site to review this privacy policy. This privacy policy was last updated on 01/11/2020.

Why Sterling Healthcare Group needs your data

Sterling Healthcare Group will only collect information that we require in order to direct, manage, and deliver the care you receive. Sterling Healthcare Group will process your contact details, demographic details, health details,insurance company details, medical information and contact we have had with you such as appointments and details of your inpatient stay. Sterling Healthcare Group needs this information in order to provide your medical care, to contact you regarding your treatment and your invoices, and to improve the quality of care we provide. We may ask for further information from you such as your occupation,religion, ethnicity etc. but only in circumstances where this information is deemed absolutely necessary for us to provide an appropriate service to you.

We may also collect IP addresses and cookies for the purposes of service and website improvements.

The law requires us to determine the lawful bases for processing your information under the Data Protection Legislation, which are as follows;

• We need to process this information in order to provide you with healthcare services
• We may also need to use your information for the purposes of establishing, exercising or defending our legal rights, for example in the event of a complaint.
• Where we do not have a legal obligation to process your data in a particular way, we have a legitimate interest to conduct general business processes and improve our services. When relying on our legitimate interests we conduct an assessment to ensure that this
  use of your data is fair, proportionate and in no way detrimental.

How we use your information

Sterling Healthcare Group will use your personal information we collect to:

• To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about;
• Make available, process and deliver our services to you;
• Provide appropriate care during our service to you, enabling medical staff to administer the right treatment;
• Process payments;
• Help answer your questions and solve any issues you have;
• Ensure our services can meet patient needs in the future by reviewing the care you have received, feedback provided and investigating complaints.

Who we might share your information with

Everyone working within healthcare has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential. If necessary, we may share your personal data with other organisations in the following circumstances:

• If the law or a public authority says we must share the personal data;
• If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud).
• In order to treat and manage your care we may need to share your data with:
  • Your GP, consultant, other healthcare professionals
  • Medical staff both sub-contracted to Ascot Rehab and external,
  • Insurance companies,
  • Embassies

Sterling Healthcare Group will not share any of your information with other third parties without a lawfulreason to do so unless; it is thought to be in the best interest of a child or vulnerable adult; if the health and safety of others is at risk; or if the law requires us to pass on information. In these
instances personal data will be shared on a need to know basis. The process of sharing will always be as secure as possible.

From time to time, Sterling Healthcare Group may employ the services of other parties for dealing with certain processes necessary for the operation of our website. However, sensitive personal information will not be shared, so neither you nor any of your devices can be identified.

How long we keep your information for

All personal data held by the hospital is kept on site and in a secure storage facility. Electronic data is protected by the use of access control, data encryption and a robust network security regime. Paper documents that include personal information are kept securely locked away.

Sterling Healthcare Group is required to keep medical records for the amount of time specified in the Records Management Code of Practice for Health and Social Care 2016. We will not retain your information for longer than is necessary.

Security

Sterling Healthcare Group place great importance on the security of all personal information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control.

We take security measures to protect your information including:

• Limiting access to our buildings to those that we believe are entitled to be there (by use of key access and alarms);
• Implementing access controls to our information technology;
• We use appropriate procedures and technical security measures to safeguard your information across all our computer systems, networks, websites and offices, including encryption on our central database, Practice Manager, firewalls and ant-virus software;
• Never asking you for your passwords;
• Advising you never to enter your account number or password into an email or after following a link from an email.

You rights regarding your personal information

You have rights when it comes to how we handle your Personal Data. These include rights to:

• (a) withdraw Consent to Processing at any time;
• (b) receive certain information about the Data Controller’s Processing activities;
• (c) request access to their Personal Data that we hold;
• (d) prevent our use of their Personal Data for direct marketing purposes;
• (e) ask us to erase Personal Data. This right is not absolute and will only apply if ARL is able to do so without breaking other laws that as a hospital we must abide by. If it is possible to erase your data it will be done so within one month of receiving your request.
• (f) rectify inaccurate data or to complete incomplete data;
• (g) restrict Processing in specific circumstances;
• (h) challenge Processing which has been justified on the basis of our legitimate interests or in the public interest;
• (i) request a copy of an agreement under which Personal Data is transferred outside of the EEA;
• (j) object to decisions based solely on Automated Processing, including profiling (ADM), although ARL has no automated decision process, we are obliged to inform you of this right;
• (k) be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedoms;
• (l) make a complaint to the supervisory authority;
• (m) in limited circumstances, receive or ask for their Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format.

We will verify the identity of any individual requesting data under any of the rights listed above (do not allow third parties to persuade you into disclosing Personal Data without proper authorisation).

You must forward any Data Subject requests to Marydelia Mitchell, General Manager, email: marydeliamitchell@sterlinghealtcaregroup.com

International Transfers

Sterling Healthcare Group process all personal data in the UK or EEA, however in exceptional circumstances we reserve the right to transfer your personal information to our service providers based outside of the EEA for the purposes described in this Privacy Policy. This may be if necessary when treating patients referred from overseas and/or patients referred by embassies. If we do this, your personal information will continue to be subject to one or more appropriate safeguards set out in the legislation.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

How we keep you updated on our products and services

Ascot Rehab Ltd do not undertake mass marketing activities to individuals. We will not contact you for marketing purposes.

Giving your reviews and sharing your thoughts

When using our website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our Services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

• Analytical/performance cookies. Specifically, we use Google analytics. They allow us to
  recognise and count the number of visitors and to see how visitors move around our
  website when they are using it. This helps us to improve the way our website works, for
  example, by ensuring that users are finding what they are looking for easily.

How to contact us

If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:

By email: Marydelia Mitchell, General Manager, marydeliamitchell@sterlinghealthcaregroup.com

By post: SHG, 171 Clarence Avenue, New Malden, KT3 3TX

Thank you for taking the time to read our Privacy Policy.