Amethyst UK ( “we”, “us”, or “our”) is strongly committed to protecting personal data and ensuring that we are compliant with legislation including the General Data Protection Regulation (GDPR) which comes into effect on the 25th May, 2018.
This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. Amethyst UK processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this statement by clicking the boxes below.
We may process your information for a number of different purposes, but must have a legal justification to do so. The particular justification will depend on the purpose of the proposed use of your data. When the information that we process is classed as “special category of personal information”, we must have a specific additional legal justification in order to use it as proposed. You will find details of our legal grounds for each of our processing purposes in the relevant section which can be accessed by clicking the relevant section to you below
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).
Please find more detailed information on the different privacy policies below:
- • Patients
- • Visitors to the centre
- • Business Contacts
- • Visitors to the website
- • Sub-contractors and suppliers
- • Practising privileges
- • Recruitment applicants
Under data protection law you have certain rights in relation to the personal information that is held about you. These include rights to know what information we hold about you and how it is used.
If you are an NHS Patient you should contact UCLH, the data controllers and their policies and procedures apply.
If you are not an NHS patient you may exercise these rights at any time by contacting us.
If we cannot comply with your request to exercise your rights we will usually tell you why.
There are some special rules about how these rights apply to health information as set out in legislation including the Data Protection Act (current and future) and the General Data Protection Regulation.
The right to access your personal information
You are usually entitled to a copy of the personal information we hold about you and details about how we use it.
Your information will usually be provided to you in writing, unless otherwise requested. If you have made the request electronically (eg by email) the information will be provided to you by electronic means where possible.
Please note that in some cases we may not be able to fully comply with your request, for example if your request involves the personal data of another person and it would not be fair to that person to provide it to you.
You are entitled to the following under data protection law.
Under Article 15(1) of the GDPR we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you:
- • The purposes for which we use your personal information
- • The types of personal information we hold about you
- • Who your personal information has been or will be shared with, including in particular organisations based outside the EEA.
- • If your personal information leaves the EU, how we make sure that it is protected
- • Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for
- • If the personal data we hold about you was not provided by you, details of the source of the information
- • Whether we make any decisions about you solely by computer and if so details of how those decision are made and the impact they may have on you
- • Your right to ask us to amend or delete your personal information
- • Your right to ask us to restrict how your personal information is used or to object to our use of your personal information
- • Your right to complain to the Information Commissioner’s Office
The right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
The right to erasure
In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to restriction of processing
In some circumstances, we must “pause” our use of your personal data if you ask us to. We do not have to comply with all requests to restrict our use of your personal information. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to object to marketing
You can ask us to stop sending you marketing materials at any time and we must comply with your request. You can do this by contacting us at firstname.lastname@example.org.
The right to withdraw consent
In some cases we need your consent in order for our use of your personal information to comply with data protection legislation. Where we do this, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting us at email@example.com.
The right to complain to the Information Commissioner’s Office
You can complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.
More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.