2. HPG AS DATA CONTROLLER
HPG is the data controller of all personal information about you that is processed by HPG or on our behalf.
3. CONTACT DETAILS
4. THE BASIS ON WHICH YOUR INFORMATION IS PROCESSED
The data we collect from you will be processed only if there is a reason for doing so, and if that reason is permitted under data protection law. There will be a lawful basis for processing your information: If it is necessary to perform or enter into our contract with you; if we have a legitimate interest for processing your data; if you have provided your consent; it is necessary for health or social care purposes; or if we are under a legal obligation to do so.
Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 10 below.
5. HOW WE SHARE INFORMATION
The personal information we are holding about you may be shared with and/or processed by:
– the physiotherapists that provide treatment;
– relatives of patients;
– healthcare practitioners;
– social workers involved in the care of patients;
– our service providers, such as our practice management system for healthcare practitioners, marketing automation provider, technology (including cloud) service providers payment providers, marketing analytics providers, banks, and other support providers;
– our professional advisors (such as our lawyers, accountants and auditors); or
– another organisation to whom we may transfer our agreement with you, or if we enter into a joint venture with, purchase or are sold to or merged with another business entity.
6. DIRECT MARKETING
Where we have a legitimate interest for doing so (and are permitted to do so by law) we will use your information to let you know about our other activities and opportunities that may be of interest to you and we may contact you to do so by email. You can withdraw your consent or opt out of receiving our marketing communications at any time. You may opt-out of receiving marketing communications and updates at any time. Additionally, you can control your email marketing preferences by doing the following:
For marketing purposes: You can manage your receipt of marketing communications by clicking on the “unsubscribe” link located on the bottom of HPG marketing emails, or by emailing email@example.com.
We adopt robust technologies and policies such as encrypted servers and security protocols to ensure the personal information we hold about you is suitably protected.
We take appropriate technical and organisational measures to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
8. THIRD PARTIES
9. RETENTION OF YOUR INFORMATION
We will not retain your information for any longer than we think is necessary.
Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Legal Grounds and Purposes of Processing” sections.
When determining the relevant retention periods, we will take into account factors including:
– our contractual obligations and rights in relation to the information involved;
– legal obligation(s) under applicable law to retain data for a certain period of time;
– statute of limitations under applicable law(s);
– our legitimate interests for your benefit;
– (potential) disputes; and
– guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information where we no longer require your information for the purposes collected. We will keep basic data to identify you and retain it solely for preventing further unwanted processing. Unless we are required or permitted by law to hold on to your information for a specific retention period, we may retain your information for the following purposes and periods:
– casual visitors to our website:
o IP addresses and related data: up to 13 months (i.e. the maximum period that cookies on our website hold this information);
o Information you submit via the “Contact us” and the “Live Chat” function”: 6 years from the point the information is submitted;
– our patients: 6 years from the point you cease to be an HPG patient;
– our independent contractors (physiotherapists): 6 years from the point you cease to be an independent contractor for HPG; and
– our suppliers: 6 years from the point you cease to be an HPG supplier.
10. YOUR RIGHTS
Under data protection law, you have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact our general support team using the contact details (firstname.lastname@example.org) set out above. For additional information on your rights please contact your data protection authority and see below.
The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.
The right of access. You have the right to request certain information about, access to and copies of your personal information (if we’re processing it).
The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete.
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you. However, please note that this will not apply if we are required to retain the information for compliance with a legal obligation.
The right to restrict processing. You have rights to request that we stop using your personal information or limit the way in which we use it. When processing is restricted, we can still store your information, but will not use it further.
The right to data portability. You have the right to request that we return your personal information in an accessible and transferrable format, or that we send it directly to another company, where technically feasible;
The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with your national data protection authority. If you are in the UK, this is the ICO – https://ico.org.uk . The postal address is Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. where we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time.
The right to object to processing. You have the right to object to certain types of processing where we use it for our legitimate interests or for marketing purposes.