We Respect Your Privacy
We provide this notice to explain our online information policy. To make this notice easy to find, we make it available on every page of our website. This privacy statement explains how data is handled whilst you browse and submit information through the website, or subsequently become a patient of Reshape and Restore Ltd. By visiting our website and becoming a patient under our care you are accepting the practices described in this Privacy Statement. This includes;-
- Information We Collect
- Collection and Use of Personal Data
- Third Party Information
- Security of your Personal Data
- Amend/update Information
- Access Rights
- How we may communicate with you
- Notification of Changes to the Privacy Statement
Information We Collect
Two types of information are collected:
- Personal, or “individually identifiable,” information you provide to us. This might include but is not limited to; name, former names, date of birth, bank and billing details, address, email, telephone number, sexual orientation, race, gender, details of past and present physical or mental health, medication, past and previous general practitioners, next of kin details and occupation.
- Standard web server/visitor traffic information, commonly referred to as “aggregate information,” regarding overall website traffic patterns. Normally, web servers collect this type of basic information as part of their web log processes. We only use this information for statistical, reporting and website administration and maintenance purposes. It is not used in a way that individually identifies you, and we do not report on individual users.
Collection and use of Personal Data
We do not collect or record personal information, other than information you choose to provide through the online forms on the website, information you disclose at consultation we deem necessary to record in the interests of your care, or information collected by our staff deemed necessary to carry out administrative tasks. We will comply with the data protection legislation in accordance with UK privacy laws and relevant guidance when handling your personal information, including anyone that assists us in an administrative capacity. We maintain strict privacy standards and procedures, outlined below, with a view to preventing unauthorised access to your data by anyone other than our staff. We also all apply relevant professional standards including guidance from the General Medical Council and British Medical Association.
If you do submit online forms containing personal information, we will use that information to respond to your message. The main purpose of collecting and using personal information submitted through our site is to respond to customer enquiries or feedback from this site. The information gathered will only be used to complete your request unless specifically stated on a particular form.
Third Party Information
Relevant information may be shared securely with any of the facilities from which we practice, all of which are registered data controllers with the Information Commissioners’ Office. We will not disclose your personal information to another third party without your consent, unless we are required or authorised to do so by law or other regulation, outlined here.
In the unlikely event of an investigation into suspected unlawful or improper activity, a law enforcement agency or government agency may exercise its legal authority to inspect our records.
We may also process your personal data for the purposes of local clinical audit – i.e. for the purposes of assessing outcomes for patients and identifying improvements which could be made for the future. We are able to do so on the basis a legitimate interest and the public interest in statistical and scientific research, and with appropriate safeguards in place. You are, however, entitled to object to our using your personal data for this purpose, and as a result of which we would need to stop doing so. If you would like to raise such an objection then please contact us. We may also be asked to share information with U.K. registries for which ethical approval is not necessarily required but which form part of the National Clinical Audit programme, hosted by NHS England and who provide a list of National Clinical Audit and Clinical Outcome Review programmes and other quality improvement programmes which we should prioritise for participation. We may do so without your consent provided that the particular audit registry has received statutory approval, or where the information will be provided in a purely anonymous form, otherwise your consent will be needed and either we will seek this from you or the registry themselves will do so.
We may also be asked to participate in medical research and share data with ethically approved third party research organisations. We will share your personal data only to the extent that it is necessary to do so in assisting research and as permitted by law. Some research projects will have received statutory approval such that consent may not be required in order to use your personal data. In those circumstances, your personal will be shared on the basis that; 1) We have a legitimate interest in helping with medical research and have put appropriate safeguards in place to protect your privacy, and 2) The processing is necessary in the public interest for statistical and scientific research purposes. In the event that consent is required then either we will seek this from you, or the research agency will do so.
We also participate in initiatives to monitor safety and quality, helping to ensure that patients are getting the best possible outcomes from their treatment and care. The Competition and Markets Authority Private Healthcare Market Investigation Order 2014 established the Private Healthcare Information Network (“PHIN”), as an organisation who will monitor outcomes of patients who receive private treatment. Under Article 21 of that Order, We are required to provide PHIN with information related to your treatment, including your NHS Number in England and Wales, CHI Number in Scotland or Health and Care Number in Northern Ireland), the nature of your procedure, whether there were any complications such as infection or the need for readmission/admission to a NHS facility and also the feedback you provided as part of any PROMs surveys. PHIN will use your information in order to share it with the NHS, and track whether you have received any follow-up treatment. I will only share this information with PHIN if you have provided your consent for me to do so. The records that we share may contain personal and medical information about patients, including you. PHIN, like us, will apply the highest standards of confidentiality to personal information in accordance with data protection laws and the duty of confidentiality. Any information that is published by PHIN will always be in anonymised statistical form and will not be shared or analysed for any purpose other than those stated. Further information about how PHIN uses information, including its Privacy Notice, is available at www.phin.org.uk.
Security of your Personal Data
The protection of personal privacy is a priority for Reshape and Restore Ltd. Both Mr Chapman and Mr Khan are registered with the information commissioner’s office (ICO) and licenced guardians or ‘data controllers’ of personally identifiable material. Patients’ personal information, including consultation letters, notes and photographs are kept securely in digital format in password protected and remotely erasable devices. ‘Hard copies’/hand written notes are kept, when not in use, in a locked and dedicated space only accessible to staff. Reshape and Restore Ltd treat all consultations in confidence. We may discuss certain aspects of your health or care with other relevant professionals and will keep any information provided to a minimum for safe ongoing treatment. In the interests of good care, we will post copies of clinic letters via Royal Mail to you and your general practitioner unless you request otherwise. We will retain notes securely for a minimum of 8 years after your care is completed. By law, we cannot destroy or erase your notes, including patient photographs, before this time is elapsed. We may request that we share your photographs with other prospective patients or in the public domain, such as on the website or via Facebook. In that instance, we will seek your express consent and you will have the right to withdraw that consent at any time. We will also, in that instance, take reasonable steps to conceal your identity. Please note, however, that once images are in the public domain they can be copied and therefore control cannot be guaranteed even if images are removed from our website. We may also ask if you are willing to be contacted by prospective patients considering a similar procedure, once you have completed your postoperative recovery. We will always seek your consent and preferred method of contact if this is the case. You can withdraw your consent for this process at any time.
Please note: our website does not provide facilities that guarantee secure transmission of information over the internet. You should be aware that there are risks in transmitting information across the internet, including online forms and email. If you are concerned about conveying sensitive or personal material to us over the internet, contact us by telephone to discuss the matter.
If you believe that any information held by us about you is incorrect or incomplete you should contact us to amend this information. Any information which is found to be incorrect will be corrected as soon as possible.
You have the right to access personal data that is held about you. To obtain a copy of your personal information we hold, please call us or fill in our online contact form. Other parties may be given access to your notes for medicolegal purposes with your written consent. We reserve the right the charge any reasonable administrative fees to provide copies of data we hold in your notes.
How will we communicate with you?
We may communicate with you in a range of ways, including by telephone, SMS, email, and / or post. If we contact you using the telephone number(s) which you have provided (landline and/or mobile), and you are not available which results in the call being directed to a voicemail and/or answering service, we may leave a voice message on your voicemail and/or answering service as appropriate, and including only sufficient basic details to enable you to identify who the call is from, very limited detail as to the reason for the call and how to call us back. To ensure that we provide you with timely updates and reminders in relation to your healthcare, including basic administration information and appointment information (including reminders), we may communicate with you by SMS and/or unencrypted email (where you have provided me with your SMS or email address) in each case where you have expressed a preference in the patient registration form to be contacted by SMS and / or email. To provide you with your medical information (including test results and other clinical updates) and/or invoicing information, we may also communicate with you by SMS or email (which will be unencrypted) where you have provided us with your email address and have expressed a preference in the patient registration form to be contacted by SMS or email.
Please note that although providing your mobile number and email address and stating a preference to be communicated by a particular method will be taken as an affirmative confirmation that you are happy for us to contact you in that manner, We are not relying on your consent to process your personal data in order to correspond with you about your treatment. As set out above, processing your personal data for those purposes is justified on the basis that it is necessary to provide you with healthcare service.
Notification of changes to the Privacy Statement
We may change the content or services found on our website at any time without notice; consequently our Privacy Statement may change at any time also without notice.
N.B. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/