The following policy has been reviewed and published to communicate our commitment to the data protection and privacy of our clients. This policy statement has been published in accordance with The General Data Protection Regulation (GDPR) 2018.
1. Your personal patient data
We only request information and collect data that is required and relevant to the service in which you have come to us for. We collect personal data about you and your medical history either during the appointment booking process or during your telephone travel health consultation. The personal data that we typically record includes:
- Personal information such as your name, your date of birth, your gender, your address and contact details such as email address and home and telephone number(s).
- Information about medical or health conditions including allergies.
- Information regarding your travel plans and your itinerary whist you are traveling.
- Information about your next of kin or other emergency contacts.
- Information received in response to any surveys, complaints claims.
- Information about your consultation including dates, time, location and the nurse who carried out your travel health consultation or follow-up appointment.
2. Providing your personal data
We collect necessary personal data information from our patients in severalways including:
- As part of our online or telephone appointment booking process.
- During your telephone travel health consultation or follow-up appointment(s).
- During correspondence either before or after your travel health consultation.
In some cases, we may, with your consent, receive and then record personal data about you from third parties, such as your GP who may have referred you to us, or your employer should you be referred to us for a business-related trip of vaccination requirement arranged and paid for directly by your employer for you.
We will only request necessary information about you that allows us to effectively deliver the care and services that you wish us to provide. We will advise you if providing some personal data is optional.
3. Monitoring of communications
Subject to applicable laws, we may monitor and record calls, emails, text messages, social media messages and other communications in relation to our dealings with you. We will do this to ensure an appropriate standard of care, for regulatory compliance, self-regulatory practices, to protect the security of our communications networks and systems, to check for unlawful content, obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on our network and systems where necessary for these reasons and this is for our legitimate interests or that meet other legal or regulatory obligations.
4. Using and processing your personal data
We will process your personal data in a way that complies with GDPR. The processing of this information is for the following reasons:
- To support the provision of your travel health consultation and advice offered.
- To keep your records up to date.
We may also process your personal data in accordance with GDPR:
- As necessary for our own legitimate commercial and compliance interests or those of other persons and organisations associated with us.
- For compliance, accounting, managing and auditing our clinical and business operations.
- To monitor emails, calls, other communications, and activities on our networks and systems.
- For market research, analysis and developing statistics for improving our business and clinical performance.
- To comply with our legal and regulatory obligations.
- To allow us to investigate, address, respond to and resolve any complaints, legal claims and data protection breeches or clinical incidents.
5. Sharing of your personal data
Subject to applicable data protection laws we may share your personal data with:
- Consultants/Nurses and other healthcare professionals who provide treatment to you on our behalf at our clinics.
- Other healthcare providers where we feel this will enhance the quality of your care.
- Administrative, support and reception staff within the Travel Clinic Plus who will have limited access to relevant data. These employees will have access to some patient data to help us perform our services. E.g., helping to book or reschedule your appointments, helping to prepare your invoices.
- Our legal and other professional advisors appointed by us, for example our auditors.
- Fraud prevention agencies, credit reference agencies, and debt collection agencies.
- Government bodies and agencies in the UK where appropriate.
- The Court Service, to comply with legal requirements, and for the administration of justice.
- In an emergency or to otherwise protect your vital interests.
- To protect the security or integrity of our business operations, you or other patients.
- Payment systems and providers.
- Third parties will have limited access to relevant data to help us with market research for improving our business and clinical performance.
- Any other party where we have your consent or as required to disclose such information by law.
6. How long do we keep your data?
Retention of your patient data will be in accordance with legal and regulatory requirements. We will retain your personal data after you have received travel healthcare/vaccination services at our clinic based on our legal and regulatory requirements. Information may be held for longer periods where the following apply:
- We will retain your personal data if necessary to deal with any on-going relationship or unresolved queries that you may have.
- Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us.
7. Your rights under applicable data protection law
Your rights are as follows:
- The right to be informed about processing of your personal data.
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed.
- The right to object to processing of your personal data.
- The right to restrict the processing of your personal data.
- The right to have personal data erased.
- The right to request access to your personal data and information about how we process it.
Please be aware that some or all these rights may be restricted due to specific legal requirements that requires us to retain or process your data.
You have the right to complain to the Information Commissioner’s Office which can be found at https://ico.org.uk/. It has enforcement powers and can investigate compliance with data protection law.