Introduction
This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.
It sets out:
- Who we are and our contact details
- The type of personal information we collect
- How we get personal information and the lawful basis that permits its use
- How we store your personal information (retention)
- Your data protection rights
- How you can complain if you believe we have failed to maintain your rights and our commitment to you outlined in this notice.
Who we are
Phare Health is registered as a limited company in the United Kingdom (no.15084747) and our registered address is 2 Charlton Kings Road, London, England, NW5 2SA.
We support healthcare services through the development and implementation of technology. You can contact us, including our Data Protection Officer (DPO), via our contact us section on our website.
Where we are working under contract with a Healthcare Provider
Owing to the nature of our services we will receive personal data from our customers (for example where a hospital provides us with agreed details for us to support them).
In these circumstances we act under a legal contract with strict conditions to safeguard the personal data and only act on the agreed terms listed.
For those activities we are legally considered to be a Data Processor and the Privacy Notices of the Healthcare Provider would inform you of the processing and your rights.
For all other business activities this remainder of this notice applies.
How we obtain your Personal Data
We obtain information about you when you use our website, when you contact us about products and services, for example when you use our website; or in the course of business with you or an organisation that you represent.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- You have made an inquiry to us.
- You have initiated or completed a commercial transaction with us.
- We are providing services to you or the organisation or entity you work for or represent.
- You have made a complaint to us.
- You wish to attend, or have attended, an event we have organised or attended alongside you.
- You have subscribed to our e-newsletter.
- You have applied for a job with us.
- You work with or for us.
- You visit our website and consent to our use of cookies.
We also receive personal information indirectly, in the following scenarios:
- Where we are providing services to the organisation or entity you work for or represent and they have provided your information to us.
- Where you have made your contact information available on your organisation’s website and we use this to contact you and your organisation.
- Where you have made your contact information available via a social media platform and we use this to contact you and your organisation.
- You have applied for a job with us and we seek a reference from an organisation or individual you have previously worked for or with.
- An employee of ours gives your contact details as an emergency contact or a referee.
The type of Personal Data we collect and the lawful basis for its processing
The table below describes the personal data we collect and our lawful basis for processing this data.
Purpose of collection | Data collected | Purpose for collection | Lawful basis for processing | Data sharing | Retention period |
To provide you with information and to deliver services | Name, job title, company name, email address, telephone number, business sector. | To provide appropriate information via email or telephone about products and services that you have requested. | Performance of a contract | Internal | Maximum 8 years from the date the information is collected. |
To provide further, related, information via email or telephone in relation to the identified area of interest. | Legitimate interests | Internal | |||
Transactional information | Name, registered address, email address, telephone number, bank account details (for credit accounts). | To enable invoicing for goods and services. | Performance of a contract | Internal Professional advisers |
8 years from the performance of the contract for financial records. Relevant statutes of limitation for legal claims. |
For accounting and taxation purposes. | Compliance with a legal obligation | ||||
Contract management and in support of any contractual claim which may arise. | Legitimate interests | ||||
Security | Internet Protocol (IP) address, browser type and version, operating system and platform, browsing data. | Protection of our website and infrastructure from cyber-attack and to investigate and report any illegal activities. | Legitimate interests | Internal Service providers we may contract with for this purpose |
Relevant statutes of limitation for legal claims. |
Communications | Name, email address, telephone number. | To communicate with you in relation to matters you have raised with us or following an interaction between us. | Legitimate interests | Internal Professional advisers |
Maximum 8 years from the date the information is collected. Relevant statutes of limitation for legal claims. |
Data Subject Rights | Name, email address, telephone number, proof of ID. | To enable data subjects to exercise their rights over personal data. | Compliance with a legal obligation | Internal | Maximum 8 years from the date the information is collected. Relevant statutes of limitation for legal claims. |
Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances. You can read more about this right here.
Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.
Your rights in relation to automated decision making or profiling
We do not undertake any automated decision-making or profiling in relation to your personal data/information.
How to make a complaint
We strive to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we may receive about this very seriously. We encourage people to inform us if they think that any collection or use of information by us is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. You can do this by contacting us here complaint@phare.health.
If you remain dissatisfied, you have the right to make a complaint to the Information Commissioner’s Office (ICO). Please see the ICO’s website for more information:
Further information
Data Processors
We use data processors who are third parties who provide elements of services for us, including cloud based storage providers. We have contracts in place with our data processors. This means that they cannot do anything with your personal information such as share it with other organisations unless we have instructed them to do it. They will hold your personal data/information securely and only retain it for the period we instruct. When it is necessary for us to transfer your personal information outside of the UK this will only be done in accordance with the UK GDPR and the Data Protection Act 2018 (DPA 2018).
International Transfers
We use some data processors that are based outside of the UK. Where this is the case we ensure that there is an adequacy decision in place which confirms that there is an adequate level of protection for personal data.
We also use data processors based in locations which are not yet subject to an adequacy decision, however where this is the case we ensure that appropriate safeguards are in place so that enforceable data subject rights and effective legal remedies for data subjects are available. This will usually be achieved through the careful selection of data processors which offer high levels of security for personal data and the use of Standard Contractual Clauses (SCCs) which place binding legal obligations on the recipient to ensure the protection of personal data.
Visitors to our website
We use Google Analytics to collect this standard internet log information and details of visitor behaviour patterns. We do this to understand things such as the number of visitors to the different areas of the website. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. Details of Google’s Privacy Policy can be found here: https://www.google.com/policies/privacy/
If we do want to collect personally identifiable information through our website, we will make this clear at the point personal information is collected and will explain what we intend to do with it.
Use of cookies
Like many other websites, our website uses cookies. ‘Cookies’ are small pieces of information sent by a website to your device and stored to enable that website to recognise you when you visit in the future. They can also be used to collect statistical data about your browsing activity and patterns of behaviour but do not identify you as an individual. This helps us to understand how people who visit our website use it, enabling us to improve the layout and contents for visitors.
It is possible to switch off cookies by setting your browser preferences and settings. Turning cookies off may result in a loss of functionality when using our website.