psHEALTH now owns the Florence platform: click to find out more about Florence

psHEALTH - Privacy Policy

Privacy & Data Protection

Welcome to psHEALTH’s Privacy Notice

At ART Healthcare Software Limited (trading as psHEALTH so hereafter referenced as “psHEALTH/we/us/our”) we recognise the importance of protecting your personal information and we are committed to safeguarding your privacy. Our privacy policy reflects the spirit and content of UK GDPR, the Data Protection Act 2018 and other applicable data protection legislation in force from time to time in the UK.

We are registered with the Information Commissioner and we are accredited by the NHS IG-Toolkit.

This notice aims to help you understand what data we collect, why we collect it and what we do with it. We recommend you take time to read this carefully as it contains important information.

If you have any questions regarding this privacy notice, please email dpo@pshealthgroup.com.

Our customers

Our direct customers (healthcare providers) may use our IT solutions, such as ART, to collect personal and sensitive information about you. In this regard psHEALTH acts as the data processor, while our customers are the data controllers. Questions about privacy and data protection that concern the information collected by healthcare providers about you, should be addressed directly to the organisation providing these services to you.

 Privacy Notice

Our privacy notice covers:

  1. The information we collect, why we collect it, how we process it and the legal basis of the processing
  2. Our use of Cookies
  3. How to access and update personal information
  4. Data Storage
  5. Sharing your information
  6. International Transfer
  7. Information Security
  8. Third Party Links
  9. Your legal rights
  10. Contact us
  1. The information we collect, why we collect it, how we process it and the legal basis of the processing

Information you give us – ‘enquiry data’. This data is captured from signing up on our website, from meetings, from marketing events, from call enquiries and from business cards given to us. The data may include your name, email address, telephone number, company name, job function, industry sector and company size. The source of this data is you. This data will be processed for the purposes of communicating with you. The legal basis for this processing is our legitimate interest in responding to your enquiry and growing our business.

Information we get from your use of our services – ‘usage data’. Usage data may include your IP address, geographical location, operating system, browser type and version, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our website analytics. This data may be processed in order to analyse the use of the website and services. The legal basis for this processing is our legitimate interests in monitoring and improving our website, applications and other services.

Information we obtain when responding to you about your account – ‘accounts data’. We may process information contained in any communications in relation to providing services to you. This personal data may be processed for the purposes of responding to your account enquiry and may include, but is not limited to your name, email address, telephone number, company name, job function and historic financial transactions. The legal basis for this processing is the performance of a contract if you have an account with us or our legitimate interest. Where we contact you as a customer regarding other services that may be of interest to you based on a previous or existing service we provide, the legal basis for this processing is our legitimate interest in growing our business.

Information we obtain through any other communication that you send to us – ’correspondence data’. Through this correspondence data we keep a record of your communication. We may use this to help solve any issues you might be facing or to inform you about our services, such as letting you know about upcoming changes or improvements. The legal basis for this processing is our legitimate interest in maintaining the administration of our website and business and communications with users.

  1. Our use of Cookies

A cookie is a small file containing characters that is sent to your computer when you first visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features may not function correctly if all cookies are refused. The cookies we use provide helpful information which allows us to improve our site and services to you.

We use cookies to enable the effective delivery of our services, to provide analytics and to store your preferences. This collection of data may be used for statistical analysis about our website for use by us or our partners. Any information shared will not identify who you are, but rather be mathematical data about our visitors and their use on our site. The data does not give out any personal details. The legal basis for this processing is your consent, which can be withdrawn at any time.

We may provide links on our website to third party websites that may use cookies which we do not control. If cookies are used, they will be downloaded if you click on any link we have on this site.

For further information on cookies, including how to turn them off, please see our Cookie notice.

  1. How to access and update personal information

psHEALTH provides users with the ability to access and control their personal data by emailing us at dpo@pshealthgroup.com or by writing to the address at the end of this notice.

  1. Data Storage, including retention and deletion of personal data

We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting or reporting requirements. We will take into account the amount, nature and sensitivity of the personal data we hold and the associated risks of unauthorised use.

We will retain information about our customers for six years after they cease being customers for legal and accounting reasons.

In some circumstances you can ask us to delete your personal data (see your legal rights section).

  1. Sharing your information

We do not share personal data outside of psHEALTH unless one of the following situations apply:

  • You grant consent for us to do so:  We will share personal information with companies, organisations or individuals outside of psHEALTH when we have your consent to do so. We require opt-in consent for the sharing of any personal data.
  • For external processing: We may disclose personal data to one of our suppliers providing it is reasonable and necessary for the purpose of delivering our services to you. When we do share your personal data with an external third party, we will implement appropriate technical and organisational measures to ensure the safety and confidentiality of your data.
  • For legal reasons: We will share personal information with companies, organisations or individuals outside of psHEALTH where such a disclosure is necessary for compliance with a legal obligation to which we are subject. We may also disclose your personal information where the disclosure is permitted under law, to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.

If psHEALTH is involved in a merger, acquisition or asset sale, the other parties involved in the business change may use your personal data in the same way as set out in this privacy notice.

  1. International Transfer

We do not normally transfer personal data outside the UK but if it becomes necessary to do so for the purposes of providing our services to you, we will only share it with organisations in countries benefiting from a European Commission adequacy decision or on the basis of Standard Contractual Clauses approved by the European Commission and recognised in the UK which contractually oblige the recipient to process and protect your personal data to the standard expected within the UK.

Information Security

We protect unauthorised access to your personal data. In particular, we:

  • review our information collection, storage and processing practices to guard against unauthorised access to our systems.
  • restrict access to personal information to psHealth employees and sub-contractors who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations.
  • offer users access to their personal data for the purposes of viewing, amending or requesting deletion.
  • have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
  1. Your rights

You have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure and we will give you specific legal reasons if this is the case.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please email dpo@pshealthgroup.com.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity before we can facilitate your right to access your personal data (or any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to lodge a complaint with the Information Commissioner’s Office. They can be contacted using the information provided at: https://ico.org.uk/concerns/.

  1. Third Party Links

Our website includes links to Third Party websites, which are not covered by our privacy notice. You will need to check the third party’s privacy notice to understand how your personal data will be processed. We do not accept liability or responsibility for third party websites and their privacy policies.

  1. Contact us

If you have any questions, or wish to exercise any of your rights, then you can contact our Data Protection Officer by addressing your correspondence to:

ART Healthcare Software Limited,

Mercury House,

117 Waterloo Road,

London,

SE1 8UL,

Alternatively, you can email us at dpo@pshealthgroup.com.

  1. Changes to this Privacy Notice

Our Privacy Notice may change from time to time. We will post any changes on this page and notify you of any significant changes by a notice posted on our website.

This version was last updated June 2021.