Note: if you are not a Customer or potential Customer of Exclusive Health only those sections relating to our website are relevant to you. For our suppliers (including experts) and clients of our customers, Exclusive Health will process your personal data in the role of a Data Processor.
Exclusive Health takes data protection seriously and is committed to respecting and protecting your personal data. Your personal data is data which by itself or with other data available to us can be used to identify you.
This Privacy Notice explains how we will collect, store and use any personal data you provide via our website, email or networks and when you otherwise communicate with us (including in the course of the services we provide or the running of our business).
If you have any questions you can contact our Data Protection Officer, Martin Abell at:
E-mail – email@example.com
Post – Exclusive Health, Floor 2, St Georges House, 56 Peter Street, Manchester, M2 3NQ
ICO Registration Number: ZA 105993
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This Privacy Notice may change from time to time and, if it does, the up-to-date version will be available on our website and becomes effective immediately.
Please take the time to read this Privacy Notice, which contains important information about the way in which Exclusive Health processes personal data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.
For the purposes of this Privacy Notice, “Data Protection Legislation” is defined as the General Data Protection Regulation (Regulation (EU) 2016/670) (“GDPR”), the Data Protection Act 2018 (“DPA 2018”) or any equivalent legislation amending, supplementing, or replacing the GDPR or DPA 2018.
THE DATA WE MAY COLLECT ABOUT YOU
We may collect, or be provided with, and process information about you, your personnel, and clients through various means, including:
• While carrying out work for you (or your business), in which case we will process any of your client personal data provided to us as a Data Processor as defined in the Data Protection Legislation.
• Via our website (for example, on our ‘Contact Us’ page).
• By email or other electronic correspondence.
• By telephone.
• Networking (e.g. conferences, customer events and/or other meetings or events either hosted or attended by us).
• Otherwise through providing our services or operating our business.
The personal data you give to us may include:
• Your name and title.
• Contact information, including telephone number, postal address, and email address. • Information relating to your location, preferences and/or interests.
• Photographic identification.
• CCTV footage and other information obtained through electronic means such as swipe card records.
With respect to your clients, their personal data including special categories of personal data.
• The content of any enquiry submitted over our website.
• Any other personal data we collect (such as the customer and client reference numbers which may be assigned to you) in the context of providing our services or while operating our business.
Each time you visit our website, we may automatically collect the following information:
• Web usage information (e.g. IP address).
• Information about your visit, including the full uniform resource locators (URLs) clickstream to, through and from our website.
• We may ask you for information when you report a problem with our website.
• If you contact us, we may keep a record of that correspondence or conversation.
The personal data described above may relate to any of the following categories of person:
• Our customers and your clients.
• Our prospective customers.
• Those who submit enquiries through our website or whose details are otherwise entered into our marketing management system.
HOW WE USE YOUR INFORMATION
We may use your information for the following purposes:
• To respond to any query that you may submit to us.
• To manage our relationship with you (and/or your business), including by maintaining databases of customers and other third parties for administration, accounting, and relationship management purposes.
• To complete our contractual obligations to you.
• Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation (for example any relevant anti- money laundering law or regulation).
• To send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable Data Protection Legislation. You can withdraw your consent to marketing activity at any time using the unsubscribe link located in any of our marketing emails.
• To determine what is most effective about our website, and to help identify ways to improve it, and to tailor it to be more effective.
• To comply with any other professional, legal, and regulatory obligations which apply to us or policies that we have in place.
• As we consider necessary to prevent illegal activity or to protect our interests.
• To share with companies in our group for the purpose of them sending to you any relevant information about their products/services that may be of interest to you.
• Legal grounds for processing your information.
We will rely on the following legal bases under Data Protection Legislation for processing your personal data:
• Performance of, or entry into, a contract.
• Compliance with a legal obligation to which we are subject.
• We have a legitimate interest in doing so as a service provider.
• Where processing of ‘special category data’ is necessary in the context of the establishment, exercise, or defence of legal claims.
• In certain circumstances, where we have express consent to do so. Where we collect consent, we will explain that it may be withdrawn at any time in accordance with the information we provide at that time.
We will process your client’s personal data as a Data Processor in accordance with the terms of the contractual arrangements in place between us.
SHARING YOUR INFORMATION
We may share your details with third parties instructed by us in accordance with your instructions to enable us to fulfil our contractual obligations to you and/or your clients during business.
• We will only share your personal data in compliance with Data Protection Legislation.
• We may disclose your information to third parties when:
• You specifically request this, or it is necessary to provide our services to you, for example disclosure to expert medical providers.
• We consider other companies’ products and services in our group of companies may interest you.
• If we are under a duty to disclose or share your personal data to comply with any legal obligation.
• We will not sell your information.
STORAGE AND RETENTION OF YOUR PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will procure that any third parties we engage to provide services in satisfaction of any contract between us will keep your data and that of your clients stored on their systems for as long as is necessary to provide the services to you, and to comply with applicable legal requirements.
We will not store your information for longer than is reasonably necessary or required by law, and/or as needed for the duration of our contractual relationship.
Following the completion of any contract between us, we may also need to retain your personal data for legal and regulatory purposes, including:
Pursuing any outstanding payments, and
For HMRC audit purposes following payment of an invoice.
SENDING YOUR INFORMATION OUTSIDE OF THE EEA
If we need to share your personal data with a recipient outside the United Kingdom, we will ensure we do so in compliance with Data Protection Legislation and having obtained your consent, where appropriate.
YOUR INFORMATION RIGHTS
Data Protection Legislation gives you the right to access information held about you.
We will aim to respond to any requests relating to your rights without undue delay and in any case within one month of receipt of your request. With respect to your clients we will, as you are the Data Controller, notify you if we directly receive a request relating to their rights.
We may ask you to confirm your identity so that we can validate a request. If you would like to make a request, please email the DPO at firstname.lastname@example.org or in by post to the address above.
You have the right to:
• Request access to your personal data and check that we are lawfully processing it.
• Request correction of the personal data that we hold about you if you consider that it is inaccurate.
• Request the transfer of your personal data to you or to a third party.
• Request erasure of your personal data. This includes where you have been successful in exercising your right to object to processing (see below). However, we may not be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Request restriction of processing of your personal data. This may be the case if you want us to establish the data’s accuracy or where our use of the personal data is unlawful, but you do not want us to erase it.
• Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.
Where you exercise your rights to request erasure or request a restriction in the processing of your personal data or to object to processing of your personal data, we may still need to keep basic contact information about you if you are already or will shortly be an active customer as we will require this for contractual purposes.