< Back

David Gault Ltd - Privacy Notice

David Gault
Admin 0 months ago

David Gault Ltd is compliant with the current requirements of Article 22 of the Competition and Market Authority (CMA) and the General Data Protection Regulations (GDPR) Order. We are registered with the Information Commissioner’s Office (ICO), a UK Independent body responsible for upholding information rights and data privacy. 

 

Introduction

David Gault Ltd does not purchase and has never previously purchased any data or personal details.  We do not have a mailing list. We do not sell any collected personal data. We do not use social media nor do we advertise or market the services of David Gault Ltd other than by providing information about the practice on the davidgault.co.uk website. We undertake no promotional activity where payment is required by the promoting media.

The details of the David Gault Ltd practice feature on some healthcare websites such as those of insurers and hospitals, and some websites which act as directories of doctors and medico-legal experts.  We do not pay fees to any agency or directory or other promotional vehicle to feature in any media whatsoever.

 David Gault Ltd ensures all the information it holds is kept safe and confidential.

  

Types of personal data we collect and use

Your personal data is data which by itself or with other data available to David Gault Ltd can be used to identify you as an individual. David Gault Ltd is the data controller. This Privacy Notice sets out how David Gault Ltd will use your personal data. 

 Most of the personal data we have is because you or your agent has contacted us to request advice, treatment or medico-legal expertise. 

 The emails we send out are usually to deliver information about your care, case or treatment to, or to request assistance from, partners such as hospitals, clinicians and insurers  who ask for to enable your care or to progress your case.

 We will use your personal data for the reasons set out below. We collect most of this directly during the registration process but there may be sources of personal data collected indirectly as set out later in this policy. The personal data we use may include:

  • Your name, address and contact details, including email address and home and mobile telephone numbers, date of birth and gender

 

  • Your previous and current medical health records, whether provided by yourself or other third parties, and the name of your GP or other clinician. This data we hold on patients may also include visual images as part of your medical record of your treatment 

 

  • The terms and conditions of your contract with us for the provision of healthcare and related services

 

  • Your financial information (your payment card details, for example) if you are a ‘self-pay’ patient or the financial information of the company or individual who is responsible for the payment of invoices or bills relating to your care (e.g. insurer or sponsor)

 

  • Information about your marital status, next of kin, dependants nominated and/or emergency contacts

 

  • Information about your nationality if required by treating hospitals

 

  • Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments

 

  • Information about medical or health conditions of your family

 

  • Information about your NHS Number if required for example, for performance data such as PHIN (Private Healthcare Information Network) or for protection purposes for, for example, the UK Child Protection Information Sharing (CP-IS) system which facilitates the sharing of information between health and local authorities where a child may be at risk of being neglected, maltreated or abused

 

  • Information received in response to any surveys or claims

 

  • Equal opportunity monitoring, if required by governing bodies, including information about your ethnic origin, sexual orientation, health and religion or belief

 

  • Information about how you use our

 

  • If you’re employed by David Gault Ltd, we will also hold and process other information relating to your employment such as your National Insurance number.

 

  • If you are a clinician, doctor or other healthcare provider not employed by David Gault Ltd, we may also hold and process other information relating to the clinical services you carry out, including bank details for payments if you supply services to David Gault Ltd.

 

 David Gault Ltd may collect this information in a variety of ways. For example, data might be collected through Registration forms, online web forms completed by you at the start of your treatment; from correspondence with you by email, through referrals by other healthcare professionals or agencies, or through interviews, meetings or other assessments.

 

In some cases, we may collect personal data about you from third parties, such as insurer providers, referral agencies such hospital contact centres, health websites and directories which you have used to contact us, sponsors and checks permitted by law.

 

Providing your personal data

We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide care and treatment and receive payment for these services.

 

Monitoring of communication

Subject to applicable laws, we may monitor and record calls, emails, text messages, social media messages and other communications in relation to our dealings with you. We will do this to ensure an appropriate standard of care, for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications networks and systems, to check for unlawful content, obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said or done. We may also monitor activities on our network and systems where necessary for these reasons and this is for our legitimate interests or other legal obligations.

 

Using your data and the legal basis for processing

We will process your personal data under Article 6 (1) and Article 9 (2) of the General Data Protection Regulations:

 

  • To support the provision of your healthcare
  • To decide how best to provide treatment to you
  • As necessary to support the healthcare contract with you and to allow us to receive [full] payment for those services

 

  • To take steps at your request during the course of your treatment

 

  • To keep your records up to date

 

We will process your personal data under Article 6 (1) f of the General Data Protection Regulations:

  • As necessary for our own legitimate interests or those of other persons and organisations:
    • for example for good governance, accounting, and managing and auditing our clinical and business operations
    • to monitor emails, calls, other communications, and activities on our networks and systems
    • for market research, analysis and developing statistics for improving clinical performance

 

  • As necessary to comply with a legal obligation:
    • When you exercise your rights under Data Protection Laws and make requests
    • For compliance with legal and regulatory requirements and related disclosures
    • For establishment and defence of legal rights
    • For activities relating to the prevention, detection and investigation of crime
    • To verify your identity, make credit fraud prevention and anti-money laundering checks; and
    • To investigate complaints, legal claims and data protection or clinical incidents.

 

  • Based on your consent:
    • If you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures
    • When we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).

 

You are free at any time to change your mind and withdraw your consent. The consequence might be that we cannot continue to provide full healthcare services to you.

 

Sharing of your personal data

  • Subject to applicable Data Protection Laws we may share your personal data with:
    • Consultants, doctors and other healthcare professionals who provide advice or treatment to you
    • Other healthcare providers where this will enhance the quality of your care
    • Sub-contractors and other persons who help us to provide healthcare products and services to you
    • Companies and other persons providing services to you as part of your extended care
    • Our legal and other professional advisors, including our auditors
    • Fraud prevention agencies, credit reference agencies and debt collection agencies
    • Government bodies and agencies in the UK and overseas (e.g. HMRC) who may in turn share it with relevant overseas tax authorities and with regulators and the Information Commissioner’s Office (ICO)
    • Courts, to comply with legal requirements, and for the administration of justice
    • Third parties in an emergency or to otherwise protect your vital interests.
    • Third Parties to protect the security or integrity of our business operations and other patients.
    • Third parties when we restructure or sell our business or its assets or re-organise
    • Payment systems and providers
    • Anyone else where we have your consent or as required by law

 

Sharing of your personal data to contribute to the review and publishing of information about the quality and cost of privately funded healthcare

Subject to applicable Data Protection Laws, David Gault Ltd is required to provide performance data to the Private Healthcare Information Network (PHIN), which publishes information on the quality and cost of privately funded healthcare. PHIN’s goal is to help patients make more informed choices about where to go for treatment.

David Gault Ltd will not supply your name, date of birth, or full address to PHIN. PHIN is only concerned with understanding the treatment that hospitals and doctors provide, whether that treatment was safe and effective, and whether there were any complications. Any processing of personal data shall be made in accordance with the Data Protection Laws.

 Publication will be made via the PHIN website in a format that will allow patients requiring hospital treatment to search for care by doctor and procedure and to compare how they perform in terms of quality and safety based on treatment data. Individuals are then able to make informed choices; which consultant to see, which treatment option to follow, and which hospital they would like to be treated at. This information will not be in a form where individuals can be identified.

 David Gault Ltd ensures all the information it holds is kept safe and confidential. You have the option to withhold your personal information, in which case we will only share an anonymised record of your treatment to PHIN.

 If you tell us that you are not happy for David Gault Ltd to pass on your personal information to PHIN we will indicate this on your Registration Form. If you subsequently change your mind, please let us know.

 

Sharing of your personal data for research purposes

Subject to applicable Data Protection Laws and your explicit written consent we may share your personal data for the purpose of scientific research.

 

International transfers

Your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection.

 

How long we keep your data

Information will be kept in in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care (2016). Information may be held for longer periods where the following apply:

 

Retention in case of queries

We will retain your personal data as long as necessary to deal with any queries you may have

 

Retention in case of claims

We will retain your personal data for as long as you may legally bring claims against us

 

Retention in accordance with legal and regulatory requirements

We will retain your personal data after you have received healthcare services from David Gault Ltd based on our legal and regulatory requirements.

 

 Your rights under applicable data protection law

Your rights are as follows (noting that these rights do not apply in all circumstances):

  • The right to be informed about processing of your personal data
  • The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
  • The right to object to processing of your personal data
  • The right to restrict processing of your personal data
  • The right to have your personal data erased (the ‘right to be forgotten’)
  • The right to request access to your personal data and information about how we process it
  • The right to move, copy or transfer your personal data (‘data portability’)
  • Rights in relation to automated decision making including profiling

 

You can contact our Data Protection Officer (DPO) at David Gault Ltd, The Portland Hospital, 205-209 Great Portland Street, London W1W 5AH or at dhn@davidgault.co.uk if you have any questions or to exercise these rights. You have the right to complain to the Information Commissioner’s Office (ICO). It has enforcement powers and can investigate compliance with Data Protection Laws. Visit ico.org.uk for more information.

0 KBDownload