Privacy policy

psHEALTH is committed to protecting your privacy and maintaining the security of any personal information received from your healthcare provider (when using one of our IT solutions) or from you.

Privacy & data protection statement

Welcome to psHEALTH’s Privacy Policy

At psHEALTH we recognise the importance of protecting your personal information and we are committed to safeguarding your privacy. Our privacy policy reflects the spirit and content of GDPR and other applicable data protection legislation in the UK.

We are registered with the Information Commissioner and we are accredited by the NHS IG-Toolkit.

Our Privacy Policy aims to help you understand what data we collect, why we collect it and what we do with it. We recommend you take time to read this carefully as it contains important information. If you have any questions regarding it, please email:  info@pshealth.com.

Our customers

Our direct customers (e.g. healthcare providers, banks, insurance companies, etc) may use our IT solutions to collect personal and sensitive information about you.  In this regard psHEALTH acts as the Information Processor while our customers are the Information Controllers.  Questions regarding privacy and data protection for information collected by such IT solutions should be addressed directly to the organisation providing services to you.

psHEALTH marketing

For marketing purposes, we may collect personal information (this information is not collected from the IT solutions we deliver to our customers).

Personal Data

Under the EU’s General Data Protection Regulation (GDPR) Personal Data is defined as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Data Processor

Under the EU’s General Data Protection Regulation (GDPR) data processor is defined as:

“data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.”

Data Controller

Under the EU’s General Data Protection Regulation (GDPR) data processor is defined as:

“data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed.”

Please note this website is not intended for children and we do not knowingly collect data relating to children.

Privacy Policy

As a user of our services, we want you to understand how we use your information and the ways in which you can protect your privacy.

Our Privacy Policy covers:

  1. Who we are
  2. The information we collect, why we collect it, how we process it and the legal basis of the processing
  3. Our use of Cookies
  4. How to access and update personal information
  5. Data Storage
  6. Sharing your information
  7. International Transfer
  8. Information Security
  9. Third Party Links
  10. Your legal rights
  11. Changes to this Privacy Policy

 

  1. The information we collect, why we collect it, how we process it and the legal basis of the processing
  • Information you give us – ‘account data’. This data is captured from the newsletter sign-up form on our website, from meetings, from marketing events, from call enquiries and from business cards given to us. The account data may include your name, email address, telephone number, company name, job function, industry sector and company size. The source of this account data is you. This account data will be processed for the purposes of providing our newsletter service and communicating with you. The legal basis for this processing is to perform our agreement with you to provide the newsletter service and our legitimate interest in growing our business.
  • Information we get from your use of our services – ‘usage data’. Usage data may include your IP address, geographical location, operating system, browser type and version, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our web site analytics. This usage data may be processed in order to analyse the use of the website and services. The legal basis for this processing is our legitimate interests – monitoring and improving our website and services.
  • Information we obtain through enquiries you submit – ‘enquiry data’. We may process information contained in any enquiry you submit to us regarding our services. This enquiry data may be processed for the purposes of responding to your enquiry and offering, marketing and selling our services to you. The legal basis for this processing is performance of a contract if you have an account with us or our legitimate interest to respond to your enquiry. Where we contact you in future regarding services that may be relevant based on a previous enquiry the legal basis for this processing is our legitimate interest in growing our business.
  • Information we obtain through any communication that you send to us – “correspondence data”. Through this correspondence data we keep a record of your communication. We may use this to help solve any issues you might be facing or to inform you about our services, such as letting you know about upcoming changes or improvements. The legal basis for this processing is our legitimate interests, namely the administration of our website and business and communications with users.
  1. Our use of Cookies
  • A cookie is a small file containing characters that is sent to your computer when you first visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features may not function correctly. This information helps us improve our site and services to you.
  • We use cookies to enable the effective delivery of our services, to provide analytics and to store your preferences. This collection of data may be used for statistical analysis about our website for use by us or ourpartners. Any information shared will not identify who you are, but rather be mathematical data about our visitors and their use on our site. The data does not give out any personal details.
  • We may provide links on our website to third party websites that may use cookies which we do not control. If cookies are used, they will be downloaded if you click on any link we have on this site.
  • For further information on cookies, including how to turn them off, please see our Cookie Policy.
  1. How to access and update personal information

psHEALTH provides users with the ability to access and control their personal by emailing us at info@pshealth.com.

  1. Data Storage, including retention and deletion of personal data
  • We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting or reporting requirements.  We will take account of the amount, nature and sensitivity of the personal data we hold and the associated risks of unauthorised use.
  • We will retain basic information about our customers for six years after they cease being customers for legal and accounting reasons.
  • In some circumstances you can ask us to delete your personal data (see your legal rights section).
  1. Sharing your information

We do not share personal data outside of psHEALTH unless one of the following factors applies:

  • You grant consent for us to do so:  We will share personal information with companies, organisations or individuals outside of psHEALTH when we have your consent to do so. We require opt-in consent for the sharing of any personal data.
  • For external processing: We may disclose personal data to our to our suppliers insofar as reasonably necessary, and based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures, for the purposes of delivering our services to you.
  • For legal reasons: We will share personal information with companies, organisations or individuals outside of psHEALTH where such a disclosure is necessary for compliance with a legal obligation to which we are subject. We may also disclose your personal information where we are allowed by law to protect or enforce our rights or the rights of others and for the detection and prevention of crimes, such as fraud.

We will share non-personally identifiable information with our partners. For example, we may share information on click-through rates and links clicked from our marketing emails, newsletters, and our website.

If psHEALTH is involved in a merger, acquisition or asset sale, the other parites involved in the business change may use your personal data in the same way as set out in this privacy policy.

  1. International Transfer

We do not normally transfer personal data outside the European Economic Area, but if we do we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
  1. Information Security

We strive to protect psHEALTH and our users from unauthorised access. In particular:

  • We review our information collection, storage and processing practices to guard against unauthorised access to our systems.
  • We restrict access to personal information to psHEALTH employees and sub-contractors who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations.
  • We offer users access to their personal data for the reasons of viewing, amending or requesting deletion.
  • We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
  1. Your rights

You have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure and we will give you specific legal reasons if this is the case.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please email: info@pshealth.com.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

  1. Third Party Links

Our website includes links to Third Party websites, which are not covered by our privacy policy. You will need to check the third party’s privacy policy to understand how your personal data will be processed. We do not accept liability or responsibility for third party websites and their privacy policies.

  1. Changes to this Privacy Policy

Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page and notify you of any significant changes by a notice posted on our website.

This version was last updated in October 2018.

“This is a stunning achievement on a task which had the level of intellectual, technical and logistic challenge that would send lesser organisations scurrying for cover.”

Dr Peter Devlin –  Clinical Director, BICS (NHS Brighton Integrated Care Services)