Privacy Policy
This is the privacy policy notice issued by Aquamarine Medicals Ltd, 1 Emma Place Ope, Stonehouse, Plymouth, PL1 3FD through the website www.aquamarinehealthclinic.co.uk. Aquamarine Health Clinic is a trading arm of Aquamarine Medicals Ltd, Company no: 12416900. This policy describes how your personal data is collected, managed and protected by Aquamarine Medicals Ltd both during use of this website and in business activity.
Data protection of your personal information is key to Aquamarine Medicals Ltd. This privacy policy may change. The current version will be displayed on our website, and becomes effective immediately on publishing. If you do not agree to this policy you may wish to stop accessing this website, and/or not to provide your personal data to us.
We are registered with the ICO under the Data Protection Register, ICO Registration reference ZA787891. If you have any questions about this privacy notice or are unclear about how we process or use your personal information, or have any other issues regarding your personal and healthcare information, then contact our Data Protection Officer Dr Christine Penny, who can be contacted via info@aquamarinemedicals.co.uk. Aquamarine Medicals Ltd is the Data Controller for the data we hold about you in order to provide you with medical services.
Personal data collected – Personal data is any data that could identify you as an individual. Personal data you give to us may include (but is not limited to) your name, contact information, photographic identification, and web usage. Your health records may include both our own records and those on occasion as required, provided by third parties.
How is personal information collected – may be provided by you by telephone, via our website, by email, on paper or during a face to face consultation. We may seek your consent to contact your employer or other healthcare professionals – either to gain further information or to seek expert opinion.
Why is personal information collected – To enable Aquamarine Medicals Ltd. provide a medical service, it is necessary to hold information about you, including but not limited to, your contact details, and your health records. Information may be used to meet legal requirements and also to check your identity for services we provide or to seek feedback to improve our services. When we collect your mobile number and/or email, we use it to remind you of appointments, request pre-appointment information or other communication such as feedback or unexpected closure. If you no longer wish to receive communication this way, please let a member of staff know who will be able to update your preferences.
How is personal information stored and kept secure – paper or electronic form. Procedures are in place to prevent unauthorised access or disclosure of your records. Only those with genuine and demonstrable need will be able to access your personal data. A GDPR compliant medical records software is used with password protection with back-up storage on a secure server at physically separate locations. Paper records are logged and kept in locked cabinets on site.
Policies and procedures are in place to deal with any suspected data breach so that any loss of data, or consequential damage, is minimised.
Aquamarine Medicals Ltd do not store any bank or credit card details, these are held securely by our nominated payment partner Stripe.
Why do we process your data and what legal basis do we have to process your data?
In order to process your personal data or share your personal data outside of the organisation, we need a legal basis to do so. If we process or share special category data, such as health data, we will need an additional legal basis to do so.
We rely upon Article 6(1)(e) (public interest task) and Article 9(2)(h) (health and social care) for most of our processing and sharing, in particular to
Provide you with medical services
Share data with your GP or other healthcare professionals involved in providing you with medical care
Work effectively with other organisations and healthcare professionals who are involved in your care,
Ensure that your treatment and advice is safe and effective
We rely upon Article 6(1)(d) (vital interest) and Article 9(2)(c) (vital interests) to share information about you with another healthcare professional in a medical emergency.
We rely upon Article 6(1)(e) (public interest task) and Article 9(2)(g) (substantial public interest) to support safeguarding for people who may be vulnerable.
We rely upon Article 6(1)(c) (legal obligation) and Article 9(2)(h) to share your information for mandatory disclosures of information (such as the Care Quality Commission and Public Health England).
We rely upon Article 6(1)(c) (legal obligation) and Article 9(2)(f) (legal claims) to help us investigate legal claims and if a court of law orders us to do so.
We rely upon Article 6(1)(a) (consent) and Article 9(2)(a) (explicit consent), in order to:
· If, with your consent, we need to request further information about your health from other healthcare professionals.
Help the organisation investigate any feedback, including surveys, complaints or concerns you may have
· Help manage how we provide you with services, for example, when you nominate individuals to contact us on your behalf
- Share your information with third parties, for example, insurance companies or employers
How is personal information used – Processing of data encompasses all activity to do with your personal data which includes but is not limited to, obtaining data, storage, amendment, transfer and deletion of data. Personal data provided forms your medical record held by Aquamarine Medicals Ltd but also may be used for purposes of communication with you, other healthcare professionals if expert advice is needed. Healthcare staff will respect and comply with their obligations under the common law duty of confidence.On occasion your consent may be sought to liaise with your employer.
We also use anonymised data to plan and improve services. Specifically, we use it to:
· Review the care being provided to make sure it is of the highest standard through for instance audit.
· Check the quality and efficiency of the services we provide.
· Prepare performance reports on the services we provide.
Aquamarine Medicals Ltd welcomes feedback to help improve services and you may be contacted for this purpose. We will not sell or distribute your information to third parties, unless we have your permission, or we are under a legal obligation to do so.
Who do we share your data with?
In order to deliver medical services , we may sometimes share information with other organisations. We will only ever share information about you if other agencies involved in your care have a genuine need for it. An example of this would be sharing some of your information with the third party company who analyses blood tests. Anyone who receives information from the organisation is under a legal duty to keep it confidential and secure. Some services we provide are dependant on you giving your prior consent for us to share information with your GP.
Please be aware that there may be certain circumstances, such as assisting the police with the investigation of a serious crime, where it may be necessary for us to share your personal information with external agencies without your knowledge or consent.
We may share information with the following organisations:
· Your GP Practice
· Hospitals either NHS or private
· Ambulance or emergency services
· Multi-Agency Safeguarding Hub (MASH)
· Police and Judicial Services
· Fire and Rescue Services
· The Care Quality Commission, ICO and other regulated auditors
In addition to sharing data with the above services, we will also use carefully selected third party service providers that process data on behalf of the organisation. When we use a third party service provider, we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating responsibly to ensure the protection of your data. Examples of functions that may be carried out by third parties includes:
· Organisations that provide IT services & support, including our booking and clinical record system (Powerdiary): systems which manage client facing services such as our website: data hosting service providers; appointment booking
· Payment providers (if for example you were paying for a travel vaccination)
If you wish to request details of personal information held on systems and in hard copy stored by Aquamarine Medicals Ltd, please contact the Data Protection Officer using the contact details on this website.
How long we keep personal data – Current legislation requires retention of GP medical records for a minimum of eight years after conclusion of treatment, or longer in some cases. Records for children must be kept until their 25th birthday, or 26th if age 17 at conclusion of treatment. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will not store your information for longer than is reasonably necessary or required by law.
Your information will be kept securely at all times and at the end of the retention period, your files and personal data will be permanently deleted or destroyed.
Individual rights under GDPR – Under the GDPR you have a number of important rights, these can be accessed here.
If you have any questions about this privacy notice or are unclear about how we process or use your personal information, or have any other issues regarding your personal and healthcare information, then contact our Data Protection Officer Christine Penny via info@aquamarinehealthclinic.co.uk or by post: Aquamarine Health Clinic, 1 Emma Place Ope, Plymouth, PL1 3FD.