Hilltop Digital Lab Ltd, and its subsidiaries and affiliated companies (collectively, the “Hilltop Digital Lab”, “Company”, “We”, or “Us”) strive to properly address applicable data protection requirements.
TYPES OF DATA PROCESSED
Personal information processed might include the following types of personal information:
WHEN YOU ARE A CLIENT, WE PROCESS CLIENT CONTACT INFORMATION.
Client Contact Information is personal information related to contacting a Client who would like to learn more about available products and services or for the administration of contracts and payments. Client Contact Information includes personal information such as name, email address, telephone number, or fax number. Client Contact Information is collected via telephonic, face-to-face, or online interactions and is held in administrative systems and files.
WHEN YOU ARE A SERVICE PROVIDER, WE PROCESS SERVICE PROVIDER INFORMATION.
Service Provider Information is personal information related to providers, provide services to, or which provides services to our business. Service Provider Information includes personal information such as name, address, email address, or telephone number. Service provider information may be captured in a patient’s medical record, assessment reports, assessment results, and administrative systems.
WHEN YOU ARE A PATIENT OF A GENERAL PRACTICE OR EMPLOYEE OF A CLINICAL COMMISSIONING GROUP, WE PROCESS PERSONAL INFORMATION.
Patient Information is personal information related to patients of a General Practice (GP) who may be part of a Clinical Commissioning Group (CCG) that we have a contract with. Patient Information that we process may include but not be limited to patient name, address, date of birth, email address, telephone number, gender, NHS number, health data, genetic data and biometric data. Employee data we process on behalf of the CCG may include but not be limited to name, address, date of birth, email address, telephone number, gender, CV, employment history, NHS number, marital status, banking data, and trade union membership.
PURPOSE OF PERSONAL INFORMATION PROCESSING AND LEGAL BASIS FOR DOING SO
Our use and processing of Personal Information – Our personal information processing includes:
We use personal information for Quality Management such as ensuring the quality of service delivery, including call monitoring and recording, case consultations, and service feedback. Call recording is performed and quality monitoring is performed. De-identified personal information may be shared with a supervisor or senior member of the staff in order to provide consultation on customer cases.
We use personal information for Client Reporting such as providing aggregate statistical reports to client organisations related to overall service delivery information, trends within and across organisations, and anonymized customer satisfaction and feedback information.
We use personal information to respond to Client Requests such as responding to requests for more information about products and services.
We use personal information for business administration such as responding to requests for more information about products and services.
ACCREDITATION AND LEGAL REQUIREMENTS
We use personal information for Accreditation and Legal Requirements such as complying with accreditation requirements and achieving the legal basis of our personal information processing.
The legal basis of our personal information processing - The legal basis of our personal information processing includes processing that is:
Necessary for the Company’s legitimate interests, including those described above;
Necessary for compliance with Company’s legal obligations, including the provision of services to Participants;
Necessary for medical diagnosis, the provision of health or social care or treatment of the management of health or social care systems or services;
Necessary for the establishment, exercise or defense of legal claims;
Necessary in order to protect the vital interests of the Participant of another natural person;
Necessary for reasons of public interest in the area of public health; or,
Based on consent by the Participants, which may subsequently be withdrawn at any time by contacting us at the address listed below in the “Contact Information” section without affecting the lawfulness of processing based on consent before its withdrawal.
HILLTOP DIGITAL LAB LTD PARTNERS, PERSONNEL AND CROSS-BORDER TRANSFERS
We disclose personal information to third parties (“Hilltop Digital Lab Partners”), such as health care providers and community providers, who help us to deliver the Hilltop Digital Lab services. Hilltop Digital Lab Partners also share personal information with us for these purposes. Our personnel may access (on a need-to-know only basis) and process personal information in connection with their job responsibilities or contractual obligations. Such access includes those individuals who are in charge of Hilltop Digital Lab program activities mentioned above and IT services as well as senior executive company managers. Where permitted, we may use some third parties, Hilltop Digital Lab Partners, and Company personnel located outside of the EEA, including in countries that may not provide the same level of data protection as your home country, such as the United States of America. We take appropriate steps to ensure that such entities are bound to duties of confidentiality and we implement measures such as standard data protection contractual clauses to ensure that any transferred Personal information remains protected and secure.
We provide reports to Clients (“Client Reports”). The Client Reports are aggregate statistical reports provided to Client organisations related to overall service delivery information, trends within and across organisations, and anonymized customer satisfaction and feedback information.
YOUR CONSENT AND YOUR RESPONSIBILITY
You are not required by law to provide us with your personal information. If you do not provide us with personal information and consent to our personal information processing policy, we may be unable to provide the Hilltop Digital Lab service that you might request. If you provide your consent, you can withdraw consent at any time. When you withdrawal your consent, we may no longer be able to provide you with Hilltop Digital Lab services. If you provide third-party information to us (such as information from financial institutions, information or advice from solicitors, etc.), it is you responsibility to ensure that it is lawful for you to share the information with us and obtain our further processing of the information.
We will not use your personal information for direct marketing purposes without obtaining your consent prior to doing so. If you provide your consent for direct marketing, you may request to withdraw your consent at any time. For example: On each item of marketing collateral we include instructions for withdrawing your consent to direct marketing. You may also request to withdraw your consent by following the instructions by contacting us as instructed in the “Contact Information” section below.
RETENTION OF PERSONAL INFORMATION
Personal information will be retained only for so long as necessary for the purposes set out above, in accordance with applicable laws.
DATA SECURITY AND DATA INTEGRITY
We maintain reasonable safeguards to protect the personal information from loss, interference, misuse, unauthorized access, disclosure, alteration or destruction. We also maintain reasonable procedures to help ensure that personal information is reliable for its intended use and is accurate, complete and current. If you are aware of changes or inaccuracies your personal information, you should inform us of such changes so that the personal information can be updated or corrected.
YOUR RIGHTS IN PERSONAL INFORMATION THAT CONCERNS YOU
You may contact us by following the instructions below in the “Contact Information” section to request access to the personal information that concerns you, to request correct any mistakes, deletion of this data or to withdraw your consent to our personal information processing, in accordance with applicable law.
We might be unable to comply with such a request where doing so would place us in breach of our obligations under applicable laws, regulation or codes of practice. However, in some circumstances, you might be able to request that your data be blocked from further processing. You might also have a right to data portability to another data controller under certain circumstances. Where we rely on your consent for our personal information processing, your consent may be withdrawn at any time, although the withdrawal might impact or disrupt the services we provide to you. Whether we comply with your request or do not comply with your request, we will prepare a response within the time permitted by law, generally within a month of receiving your request, subject to extension, when permitted, in certain situations.
You may lodge a complaint with a supervisory authority if you believe that our personal information processing infringes applicable law.
DISCLOSURES REQUIRED OR PERMITTED BY LAW
By following the instructions below, you may request clarification about our Policy, complain about our personal information processing, make a request to exercise rights in the personal information that concerns you, and/or request a copy of our contractual clauses designed to protect personal information.
When you contact us, we might need to make an appointment with you, where necessary, to better understand the nature of your question or clarify a request access or amendment/correction. During this process, we must verify your identity to ensure that the request is made by you, or by another person who is authorized to make a request on your behalf, such as a legal guardian.
To contact the supervisory authority:
The Information Commissioner
Cheshire SK9 5AF
To contact us:
Attention: Data Protection Officer