Home Privacy Policy

Privacy Policy

Hamptons Hospital Privacy Notice

This Privacy Notice sets out important details about information (“personal data”) that Hamptons Hospital and the healthcare professionals responsible for your care (including their medical secretaries) will collect and hold about you, how we use your personal data and how we protect it. It also provides information on your rights in relation to your personal data.

This Privacy Notice also outlines how personal data relating to patients referred to healthcare professionals for an assessment in connection with medico-legal proceedings will be collected and used.

This Privacy Notice applies to anyone who receives healthcare services at Hamptons Hospital (“care”) and describes how we handle your personal data regardless of the way you interact with us (for example, in person, by email, through our website, by phone and so on). Please take your time to read this Privacy Notice carefully.

About us

In this Privacy Notice we use "we" or "us" or "our" or "Hamptons Hospital " to refer to the Hamptons Hospital company who is using your personal data, and the healthcare professionals who provide your care.

Your personal data and healthcare professionals

As a patient of Hamptons Hospital, your care may be provided by a healthcare professional who is a medical practitioner including consultants, nurses, and other clinical support professionals. In this Privacy Notice, we refer to all such individuals as” healthcare professionals”. Those healthcare professionals make decisions about what personal data they need to collect about you and may maintain their own set of medical records in relation to your care. They are a Data Controller of your personal data which they hold within those records, meaning that they must also comply with the data protection legislation and relevant guidance when handling your personal data. This includes using your personal data as set out in more detail below.

Most healthcare professionals are expected to use personal data as set out within this Privacy Notice. There may be circumstances, however, where healthcare professionals do things slightly differently to Hamptons Hospital. In those particular circumstances, it is the responsibility of the healthcare professional to ensure that their use of your personal data is lawful, inform you as to exactly how it will be used and provide you with their own Privacy Notice setting this out.

Healthcare professionals who work with Hamptons Hospital maybe supported by a medical secretary who will use your personal data only as instructed by your healthcare professional. This could include, for example, preparing letters about your care or liaising with you about appointments. In some circumstances, that medical secretary will be employed by Hamptons Hospital and they will handle your personal data in accordance with this Privacy Notice. However, in other circumstances the secretary may be employed by the consultant, by other healthcare providers (private or NHS), or be self-employed. This means that your personal data may be handled by third parties at their sites. It is your healthcare professional’s responsibility to inform you if their medical secretary is employed by a third party and the manner in which they will use your personal data (including where they are based). Hamptons Hospital is not responsible for any use of your personal data by third parties, eg medical secretaries who are not employed by Hamptons Hospital.

Healthcare professionals who work with Hamptons Hospital (including their medical secretaries) may process your personal data at a non-Hamptons Hospital  site (medical or non-medical).

If you want to find out more about the arrangements between Hamptons Hospital and your healthcare professional for handling your personal data, or you have any concerns about the way your healthcare professional has handled your personal data, please contact our Data Protection Officer (“DPO”). The DPO's contact details can be found at the bottom of this page.

What personal data do we collect and use from patients?

As a Hamptons Hospital patient, we will collect and use personal data about you including:

  • your name, address and contact details
  • financial information, such as credit card details used to pay us
  • occupation
  • emergency contact details, including next of kin
  • background referral details
  • any images taken of you by the closed-circuit television (“CCTV”) systems we have installed at our hospitals

Special categories of personal data

We also collect and use more sensitive personal data (known as "special category data") about you, such as information relating to your physical and mental health. Special category data must be handled even more sensitively than “standard” personal data. For example, if you are a patient, we will need to use personal data about your health in order to provide your care. Your special category personal data will be managed in accordance with the law and this Privacy Notice and also all applicable professional standards including guidance from the General Medical Council and British Medical Association.

The special category personal data we hold about you includes the following:

  • Details of your current or former physical or mental health. This may include personal data about any healthcare services you have received (both from Hamptons Hospital  directly and other healthcare providers such as GPs, dentists or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered. This may also include details of previous healthcare services you have received from other healthcare providers in circumstances where medical negligence is alleged, or being investigated, against that third party provider. We provide further details below on the way we handle such personal data
  • Details of care you have received from us including any images taken in relation to your care
  • Details of your nationality, race and/or ethnicity
  • Details of your religion
  • Details of any genetic data or biometric data relating to you
  • Data concerning your sex life and/or sexual orientation

The confidentiality of your medical information is important to Hamptons Hospital. We make every effort to prevent unauthorised access to and use of information relating to your current or former physical and mental health. In doing so, Hamptons Hospital complies with UK data protection law, including the Data Protection Act 2018, and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council and the Nursing and Midwifery Council.

Other people’s personal data

If you provide us with personal data about another person, you must inform that person about the contents of this Privacy Notice.

Changes to your personal data

In addition, if you change personal data which we already hold about you (for instance by changing a pre-populated form) then we will update our systems to reflect the changes, but our systems will also continue to hold the originally recorded personal data.

How do we collect your personal data?

We may collect personal data directly from you when you:

  • Enter a contract with us for the provision of your care
  • Use that care
  • Have remote consultations with a healthcare professional including virtual or by telephone
  • Complete enquiry forms on our website
  • Send us a question including through our website, by email or by social media
  • Correspond with us by letter, email, telephone (all incoming and outgoing calls from/to patients are recorded) or social media, including where you reference Hamptons Hospital in a public social media post
  • Attend our hospitals and are recorded on the CCTV systems we have installed
  • Take part in our marketing activities

 

From other healthcare providers

Our patients will usually receive healthcare services from other organisations in addition to Hamptons Hospital, In order to provide you with the best care possible we may have to collect personal data about you from other organisations. This may include medical records from:

  • Your GP
  • Your healthcare professional (including their medical secretaries)
  • Your dentist
  • The NHS or any private healthcare organisation
  • Mental health providers

Medical records include personal data about your tests and diagnosis, clinic and hospital visits and medicines administered.

From other third parties

We may also collect personal data about you from other third parties as follows:

  • Solicitors or other third parties acting on your behalf in connection with medico-legal proceedings
  • Your current or former employer, healthcare professional or other healthcare services or benefit provider
  • Your family
  • Your insurance policy provider
  • Experts (including medical experts) and other service providers about your care
  • NHS health service bodies about your care
  • Credit reference agencies
  • Debt collection agencies
  • Government agencies, including the ministry of defence, the home office and HMRC
  • Commissioners of healthcare services

If you (or the relevant other healthcare providers and other third parties outlined above) do not provide us with the personal data that we ask for, then we may be unable to provide your care.

How will we communicate with you?

We are likely to communicate with you by telephone, SMS, email, and/or post. If we call the telephone number(s) which you have provided, and the call directs to a voicemail and/or answering service, we may leave a voice message on your voicemail and/or answering service.

In particular:

  • To provide you with timely updates and reminders about your care, we may send you SMS messages and/or unencrypted email where you have stated a preference in the patient registration form to be contacted by SMS and / or email)
  • To provide you with your medical information (including test results and other clinical updates) and/or invoicing information, we may communicate with you by encrypted email where you have stated a preference in the patient registration form to be contacted by email. The first time we send you any important encrypted email e.g., one that we are not also sending by post or which requires you to take an action, we will try to contact you separately to ensure that you are able to access that encrypted email
  • If we have your mobile number or your email address, we may use them to ask you to complete patient surveys which are for the purpose of improving our service or monitoring outcomes and are not a form of marketing.

We have plans to roll out to all patients, a patient Portal, this will allow patients to view their appointments and complete their registration form online, with additional features to be developed over time.

 

Patient surveys, audits and initiatives

We may contact you to ask you to participate in patient surveys regarding your care. We will usually send these surveys to you by email or SMS message. These surveys are not a form of marketing and they do not try to sell you any further products or services. They are solely to get your feedback on your experience, to improve the quality and safety of the healthcare services we offer to future patients. It is entirely up to you whether you participate in the surveys and you can unsubscribe from receiving further survey requests. You may also opt in to receiving a call back to discuss your responses.

In addition, we may also contact you to invite you to participate in on-line surveys regarding the clinical outcomes of your care called Patient Reported Outcome Measures (“PROMs”). Again, these are not a form of marketing. If you are a private patient your PROMs results are shared with PHIN (see the next section), and if you are an NHS patient your PROMs results are shared with NHS England. We may send you an initial invitation asking you to participate before you receive your care, by post, SMS, email or in person when you attend the hospital for your care. If you choose to complete a PROMs survey you will also receive subsequent surveys after your care to help establish the benefit you have gained from treatment.

 

How do we use your personal data?

We use (or “process”) your personal data for a number of different purposes but in all cases, we must have a legal basis for doing so. When we use “special category of personal data” such as personal data relating to a person’s health, (see section on Special categories of personal data above) we must have a specific additional legal basis to do so.

Generally we will rely on the following legal bases:

Contract:

  • We need to use your personal data to take steps so that you can enter a contract with us and/or a healthcare professional to provide your care
  • We need to use your personal data to provide your care in accordance with a contract between you and Hamptons Hospital and/or healthcare professional. We will rely on this for activities such as supporting your care and other benefits, supporting your doctor, nurse, carer or other healthcare professional and providing other services to you; and/or
  • We need to use your personal data to assist your investigation of potential medical negligence against another healthcare provider by registering you on Hamptons Hospital systems. The medico-legal assessment may be performed by one of our healthcare professionals, or it may simply be a diagnostic test performed by us.
  • Legitimate interests: we need to use your personal data for our legitimate business interest to process your personal data and such interest does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and helping with medical research.
  • Legal obligation: we need to use your personal data to comply with our legal or regulatory obligations.
  • Legal claims: we need to use your special category personal data to establish, exercise or defend our legal claims.
  • Consent: you have given us your consent to use your personal data for this purpose.

Generally, we will only ask for your consent to use your personal data if there is no other legal basis to use it. If we ask for your consent, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to use your personal data you have the right to withdraw your consent at any time by contacting our DPO (contact details can be found at the bottom of this document) and we will stop using your personal data for that purpose.

You will find details of the legal bases for each of our purposes below.

Purpose 1: To set you up as a patient on Hamptons Hospital ’s systems
We have to carry out checks including carrying out fraud, credit, anti-money laundering and other regulatory checks for you to become a patient (which includes when you have a medico-legal assessment, or a diagnostic test). We cannot perform these checks without using your personal data.

Legal bases for using your personal data
Contract
: to take steps so that you can enter into a contract with us for the delivery of your care, and/or in connection with a contract for a healthcare professional to carry out a medico-legal assessment, or a contract for Hamptons Hospital to perform a diagnostic test.

Additional legal bases for using your special category personal data
Substantial public interest
: for reasons of substantial public interest; and
Legal claims: to establish, exercise or defend our legal claims.

Purpose 2: To provide your care and related services
Clearly, the reason you come to us is to receive care, and so we have to use your personal data for that.

Legal bases for using your personal data
Contract
:

  • To provide your care and related services; and
  • To fulfil our contract with you for the delivery of your care.

Additional legal bases for using your special category personal data
Health or social care
: to provide your care; and
Vital interests: to protect your vital interests where you are physically or legally incapable of giving consent, for example in an emergency if you are incapacitated.

Purpose 3: To settle your account
We will use your personal data to ensure that your account and billing is fully accurate and up to date

Legal bases for using your personal data
Contract
:

  • To provide your care and other related services; and
  • To fulfil our contract with you for the delivery of your care; and

Legitimate interests: for our legitimate business interest to ensure that we are paid for providing your care which does not overly prejudice you.

Additional legal bases for using your special category personal data
Health or social care
: to provide your care; and
Legal claims: establish, exercise, or defend our legal claims.

Purpose 4: For internal clinical audit, National Clinical Audit and medical research purposes

Internal clinical audit
There may be a clinical audit of health records, including medical information, carried out by Hamptons Hospital to assess care standards and identify any improvements we could make, or as required by law.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations.

OR

Legitimate interests: for our legitimate business interest in making improvements and we have put appropriate safeguards in place to protect your privacy so that this use does not overly prejudice you.

Additional legal bases for using your special category personal data
Substantial public interest
: for reasons of substantial public interest; and
Health or social care: for the management of health or social care systems and services.

 

National Clinical Audits
We may share your personal data with National Clinical Audits, Clinical Outcome Review Programmes and other national quality improvement projects. We may also share your personal data with other audit programmes set up by professional associations that we think we should participate in.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations.

OR

Legitimate interest: for our legitimate business interest in:

  • Helping with medical research; and
  • Making improvements,

and we have put appropriate safeguards in place to protect your privacy so that this use does not overly prejudice you.

OR

Consent: You have given us or the organisation collecting your personal data your consent to use your personal data for this purpose.

Additional legal bases for using your special category personal data
Substantial public interest
: for reasons of public interest for statistical and scientific research purposes.

 

Medical research
We also participate in medical research and may share personal data with ethically approved research projects.

Any published data from these programmes will be in an anonymised, statistical format.

Legal bases for using your personal data
Legitimate interest
: for our legitimate business interest in:

  • Helping with medical research; and
  • Making improvements,

and we have put appropriate safeguards in place to protect your privacy so that this use does not overly prejudice you.

OR

Consent: You have given us or the organisation collecting your personal data your consent to use your personal data for this purpose.

Additional legal bases for using your special category personal data
Substantial public interest:
for reasons of public interest for statistical and scientific research purposes.

Purpose 5: Disclose information to Private Health Care Information Network (“PHIN”)
Under the Competition and Markets Authority Private Healthcare Market Investigation Order 2014, we are required to provide PHIN with personal data related to your care, including your NHS Number and postcode, the nature of your procedure, the length of your stay in hospital, whether there were any complications, your recovery and improvement post-treatment, and any feedback you gave us as part of the PROMS survey.

PHIN is an organisation who will monitor outcomes of patients who receive private healthcare services, as part of a UK-wide programme to improve the public's access to information on the quality and outcome of private healthcare.

Information about how PHIN uses personal data, including its Privacy Notice, is available at www.phin.org.uk.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations; and
Legitimate interests: for our legitimate business interest to ensure that the quality of and outcomes of patients’ private healthcare is monitored, and where this does not overly prejudice you.

Additional legal bases for using your special category personal data
Substantial public interest:
for reasons of substantial public interest; and
Health or social care: for the management of health or social care systems and services.

Purpose 6: Contacting you and resolving queries or complaints
From time to time, patients may raise queries, or even complaints, with us and we take those communications very seriously. We will need to use your personal data to resolve such matters fully and properly.

Legal bases for using your personal data
Contract
: to provide your care and other related services; and
Legitimate interests: for our legitimate business interest to ensure our patients’ queries and complaints are answered, which does not overly prejudice you.

Additional legal bases for using your special category personal data
Health or social care
: to provide your care; and
Legal claims: to establish, exercise or defend our legal claims.

Purpose 7: Liaising with other healthcare professionals about your care and updating others (such as your emergency contact)
We may need to share your personal data with the individuals that you ask us to update about your care.

Also, other healthcare professionals or organisations may need to know about your care for them to provide you with safe and effective healthcare services, and so we may need to share your personal data with them.

Details on these professionals or organisations are set out in the Third parties’ section below.

Legal bases for using your personal data
Contract
: to provide your care and other related services; and

Legitimate interests: for our legitimate business interest in ensuring that other healthcare professionals who are routinely involved in your healthcare services have a full picture of these services.

Additional legal bases for using your special category personal data
Health or social care
: to provide your care
Substantial public interest: for reasons of substantial public interest; and
Legal claims: to establish, exercise or defend our legal claims.

Purpose 8: Investigating and responding to concerns, complaints or claims, complying with our legal or regulatory obligations and defending or exercising our legal rights
We are subject to a wide range of legal and regulatory responsibilities which we cannot list fully here and we may be required by law or by regulators to provide personal data.

We may also have to consider and/or discuss with appropriate third parties your care in the context of concerns over a healthcare professional’s performance or clinical competence.

If we and our healthcare professionals are the subject of legal actions or complaints, then we need to access your personal data to fully investigate and respond to those actions.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations; and
Legitimate interests: for our legitimate interests in ensuring that you, and others, receive safe care and treatment.

Additional legal bases for using your special category personal data
Health or social care
: for others to provide informed healthcare services to you;
Health or social care: to provide your care or treatment or the management of health or social care systems; and

Legal claims: to establish, exercise or defend our legal claims.

Purpose 9: Providing improved quality, training and security (for example, recording or monitoring phone calls to our contact numbers) and conducting pre and post treatment surveys
We are a quality-conscious organisation, always looking to learn from our patients’ experiences to improve our services for the purposes of patient safety and quality.  We will use your personal data to identify where we can make these improvements, such as by reviewing recorded phone calls to assess whether we can learn any lessons and contacting you to hear your valuable thoughts on the Hamptons Hospital experience.

Legal bases for using your personal data
Legitimate interests:
for our legitimate business interest to improve our quality, training and security which does not overly prejudice you.

Additional legal bases for using your special category personal data
Health or social care:
to manage the healthcare services we deliver, including carrying out surveys (which are not a form of marketing) in order to identify and carry out any necessary improvements.

Purpose 10: Managing our business: retaining patient records, reviewing CCTV images, maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (eg tax, financial, legal or public relations advice)
We do not need to use your special categories of personal data for this.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations; and
Legitimate interests: for our legitimate business interest in managing our business operations, which does not overly prejudice you.

Additional legal bases for using your special category personal data
Not applicable.

Purpose 11: Advising you of other services offered by Hamptons Hospital and selected third party partners (“Marketing”)
As a business, we need to carry out marketing, but we will only send you information about products or services which may be of interest to you and only where you have specifically given us your consent to do so.

We may also provide your personal data to market research agencies to collect your feedback which will be used to develop better products and services for you.

We do not need to use your special categories of personal data for this.

If you no longer wish to receive marketing emails sent by us, you can click on the "unsubscribe" link that appears in all our emails, otherwise you can always contact our DPO (contact details can be found at the bottom of this document.) to update your contact preferences.

If you no longer wish to receive non-website based marketing information or for us to provide your personal data to market research agencies, please also contact our DPO.

Legal bases for using your personal data
Legitimate interests
: We need to use your personal data for our legitimate business interest in marketing our services to our existing patients to increase sales, which does not overly prejudice you; and
Consent: You have given us your consent to use your personal data for this purpose.

Additional legal bases for using your special category personal data
Not applicable.

If we relied on legitimate interests in using your personal data, you can object to us using your personal data for this purpose, and we may have to stop doing so. If you would like to object, then please contact our DPO (contact details can be found at the bottom of this page).

Who do we share your personal data with?

Third parties:

We may share your personal data with the third parties listed below:

  • A doctor, nurse, carer or any other healthcare professional involved in your care
  • Other members of support staff involved in your care, like medical secretaries, receptionists, and porters
  • Anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or carer
  • NHS organisations, including NHS resolution, NHS England, department of health
  • Other private sector healthcare providers
  • Your GP
  • Your dentist
  • Your healthcare professional (including their medical secretaries)
  • Third parties who assist in the administration of your care, or may be responsible for paying for the cost of your care, such as insurance companies
  • Third parties acting on your behalf in connection with legal proceedings (including potential medico-legal claims)
  • Private healthcare information network (Phin)
  • National and other professional research/audit programmes and registries
  • Government bodies, including the ministry of defence, the home office and HMRC
  • Our regulators, like the care quality commission, health inspectorate Wales and healthcare improvement Scotland
  • The police and other third parties for the prevention or detection of crime
  • Our insurers
  • Debt collection agencies
  • Credit referencing agencies
  • Our third-party services providers such as it suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers; and
  • Selected third parties in connection with any sale, transfer, or disposal of our business.

If we share your personal data, we will make sure appropriate protection is in place to protect it in line with data protection laws.

How do we protect your personal data?

We are committed to looking after your personal data and have implemented appropriate physical, technical, and organisational security measures designed to protect against accidental loss and unauthorised access, use, alteration, or disclosure.

In doing so, we comply with UK data protection law, including the Data Protection Act 2018, the EU General Data Protection Regulation and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council and the Nursing and Midwifery Council.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only use your personal data on our instructions, and they are subject to a duty of confidentiality.

Automated decision making

An automated decision is a decision made by computer without any human input. We will not use automated decision-making in relation to your care or other processes that would have legal or similarly significant effects.

We safeguard any personal data subject to automated profiling, particularly by ensuring that any information we share with third party marketing agencies is in an anonymous form so that you cannot be identified. You also have the right to object to automated profiling (or challenge the outcome) and can do so by contacting our DPO (contact details can be found at the bottom of this page).

 

For how long do we hold your personal data?

We will only hold your personal data for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice and in order to comply with our legal and regulatory obligations. Hamptons Hospital generally keeps personal data about your care for 30 years after you have finished your treatment. If your healthcare professional employs a different retention policy, then it is their responsibility to inform you of this.

If you would like further information regarding the periods for which your personal data will be held, please contact our DPO (contact details can be found at the bottom of this page).

 

International data transfers of your personal data

We (or third parties acting on our behalf) may use or hold personal data that we collect about you in countries outside the United Kingdom or the European Economic Area) ("UK/EEA"). Where we transfer your personal data outside of the UK/EEA we take steps to ensure that your personal data is protected.

We will only transfer your personal data outside of the UK/EEA for the purposes set out in this Privacy Notice and to the extent that it is relevant and necessary.

In particular, we may transfer your personal data outside of the UK/EEA to the United States to suppliers of:

  • Medical devices eg heart monitoring equipment
  • Genomic testing eg we send pathology samples to a lab in the us who genetically map tumours to determine the effectiveness of immunotherapy drugs

If you would like further information regarding the steps we take to safeguard your personal data, please contact our DPO (contact details can be found at the bottom of this page).

Healthcare professionals, and/or their medical secretaries, may use IT services (such as email providers, cloud based storage providers, practice management software and clinical devices) which rely upon, or are backed up by, servers which are based outside of the UK/EEA. If such services are used by healthcare professionals, and/or their medical secretaries, then your personal data will be transferred outside of the UK/EEA. It is that healthcare professional’s responsibility to ensure your personal data is transferred lawfully and securely. This is not a matter for Hamptons Hospital.

Your rights

You have certain rights in relation to your personal data that we hold about you. These include rights to know what personal data we hold about you and how it is used. We will use and hold your personal data in accordance with our obligations and these rights.

You may ask to exercise these rights at any time by contacting our DPO (contact details can be found at the bottom of this page). You will not usually be charged for exercising your rights.

These rights do not always apply in all cases, and we will let you know how we will be able to meet your request. If we cannot meet your request, we will explain why.

If you make a large number of requests or it is not reasonable for us to meet a request, then we do not have to respond.  Alternatively, we can charge for responding.

The right to access your personal data

You have the right to request details and a copy of the personal data we hold about you and details about how we use it. We must confirm whether we have personal data about you, and we also need to provide you with a copy of your personal data.

We will usually provide you with your personal data in writing, unless you request otherwise. If you have made the request electronically (eg by email) the personal data will be provided to you electronically where possible.

In some cases, we may not be able to fully comply with your request, for example if your request involves another person’s personal data and it would not be fair to that person to provide it to you.

The right to rectification

You have the right to have inaccurate personal data about you corrected or removed.

The right to erasure (“right to be forgotten”)

You have the right to request that we delete certain personal data we hold about you. However, there are exceptions to this right. For example, we can refuse to delete your personal data if we need to keep for tasks which are in the public interest, or for establishing, exercising or defending legal claims.

The right to restrict processing

You have the right to ask us to restrict our use your personal data. We do not have to comply with all requests to restrict our use of your personal data. For example, if we need to use it for tasks which are in the public interest or for establishing, exercising or defending legal claims.

The right to data portability

You have the right to ask us to transfer your personal data to you or to someone else in a format that can be read by computer.

The right to object to marketing

You have the right to ask us to stop sending you marketing messages at any time and we must comply with your request.

The right not to be subject to automatic decisions

You have the right to not be subject to automatic decisions (ie decisions that are made about you by computer without any human input) in relation to your care or other processes that have a legal or similarly significant effect on you.

Please see the section on Automated decision making for details about when we may make automatic decisions about you.

If you have been subject to an automated decision and do not agree with the outcome, you can challenge the decision by contacting our DPO (contact details can be found at the bottom of this page).

The right to withdraw consent

You have the right to withdraw any consent you have given us to use your personal data. Withdrawing consent may impact Hamptons Hospital in managing your care.

The right to object to other uses of your personal data

You have the right to object to us using your personal data in a particular way (such as sharing it with third parties), and we must stop using it in that way unless specific exceptions apply. This includes, for example, if it is necessary to defend a legal claim brought against us, or it is otherwise necessary for the purposes of your ongoing healthcare services.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [Insert your organisation’s contact details for data protection queries].

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

More information can be found on the ICO website: https://www.ico.org.uk

Making a complaint will not affect any other legal rights or remedies that you have.

National data opt-out programme

The national data opt-out is an NHS Digital service which enables patients receiving NHS funded care to opt-out from the use of their data for anything other than their individual care or treatment, for example research or planning purposes. All healthcare providers (including Hamptons Hospital  Healthcare) are required to be compliant with the national data opt-out programme by 21 March 2021. We will comply with this requirement by applying our NHS funded patients' national data opt-outs. You can view or change your national data opt-out choice at any time by using the online service at www.nhs.uk/your-nhs-data-matters or by calling 0300 303 5678. Further information on the national data opt-out programme can be found at https://digital.nhs.uk/services/national-data-opt-out-programme.

External websites

We may from time to time include on our websites links to and from the websites of other organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies and notices before you submit any personal data to these websites.

Our Data Protection Officer and how to contact us

We have a DPO who is responsible for ensuring the Hamptons Hospital comply with their data protection obligations.

Our DPO can be contacted by:

Telephone: 01733 830393

Email: dataprotection@thehamptonshospital.com

Post: Data Protection Officer, Hamptons Hospital

If you have any questions about this Privacy Notice or would like to exercise any of your rights set out in this Privacy Notice, please contact our DPO.

Data protection during coronavirus (COVID-19) pandemic

Hamptons Hospital may be supporting the NHS in its response to the COVID-19 (coronavirus) pandemic (the “Pandemic”). During these unprecedented times, Hamptons Hospital main priority is the health and safety of our patients, colleagues and the wider community as well as supporting the NHS in responding to the Pandemic.

Our hospital is working in collaboration with local NHS trusts to ensure we can provide the help they require, when it is needed. As a result of these unique circumstances, Hamptons Hospital may need to share personal data with the NHS and other regulatory and government bodies.

While Hamptons Hospital will always use (or “process”) your personal data in accordance with our data protection obligations under the data protection legislation, the duty of confidentiality and Hamptons Hospital ’s Privacy Notice, during the Pandemic we will also use your personal data for the purposes and using the lawful bases as set out below:

Legal bases for using your personal data

Where we use your personal data, including sharing it, as part of our work during the Pandemic we will rely on the following legal bases:

  • Contract: using your personal data is necessary to provide your care and related services and to fulfil our contract with you for the delivery of your care
  • Legitimate interests: using your personal data is necessary for our legitimate interests and such interest does not cause harm to you
  • Legal obligation: using your personal data is necessary for compliance with a legal obligation
  • Vital interests: using your personal data is necessary to protect someone’s life
  • Public interest: using your personal data necessary to perform a task in the public interest.

We will also rely on the following additional legal bases for using your special category data

  • Employment, social security and social protection: using your special category data is necessary for carrying out our obligations and exercising our or your rights under employment, social security and social protection law
  • Vital interests: using your special category data is necessary to protect your vital interests
  • Substantial public interest: using your special category data is necessary for reasons of substantial public interest
  • Provision of health or social care: using your special category data is necessary for preventive or occupational medicine, for the assessment of the working capacity of our employees, for medical diagnosis, to provide your care or for the management of health or social care systems and service
  • Public health: using your special category data is necessary for reasons of public interest in the area of public health such as protecting against serious cross border threats to health

* This includes the Notice by Secretary of State under Reg 3(4) of Health Service Control of Patient Information Regulations issued 1 April 2020 allowing healthcare providers to share personal data and any other such notice that may be issued to support efforts against COVID-19.

Purposes for sharing your personal data

During the COVID-19 pandemic your personal data may be shared for the following purposes:

  • Understanding COVID-19 trends and risks to public health and controlling and preventing the spread of COVID-19
  • Identifying and understanding information about patients or potential patients with or at risk of COVID-19 including patient exposure to COVID-19
  • Management of patients with or at risk of COVID-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from COVID-19
  • Understanding capacity and availability information about patient access to health services and adult social care services
  • Monitoring and managing the response to COVID-19 by health and social care bodies and the Government including providing information (including workforce details) to the public about COVID-19
  • Delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with COVID-19
  • Research and planning in relation to COVID-19

Coronavirus (COVID-19) testing for Hamptons Hospital colleagues and their household

Hamptons Hospital has begun a COVID-19 screening program for certain colleagues and the members of their household, to ensure patient and colleague safety and to facilitate our colleagues’ self-isolation and return to work. These tests will be processed by Hamptons Hospital and all personal data collected as part of this will be processed in accordance with this message and the full Hamptons Hospital Privacy Notice.

We will keep this message under review and update it if we need too.

This message is supplemental to the full Hamptons Hospital Privacy Notice.

Loading LOADING... PLEASE WAIT