Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
References in this policy to “data protection law” mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679), and all related data protection legislation having effect in the United Kingdom from time to time (including the Data Protection Act 2018).
1.1 Who we are
Sussex Surgical Specialists (“us” or “we”) is committed to protecting and respecting your privacy. For the purposes of data protection law, the data controller with conduct of your personal data is: Sussex Surgical Specialists, The Department of General Surgery, St Richard’s Hospital, Western Sussex Hospitals Trust, Spitalfield Lane, Chichester, West Sussex, PO19 6SE.
2 HOW WE USE YOUR INFORMATION
2.1 The following sections explain what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based.
2.2 Which information do we process and for what purpose?
We will collect and process the following data about you:
2.2.1 Information you give us. This is information about you that you give us by filling in forms on our site, entering that information into the application or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site or the application, subscribe to a service we provide, place an order on our site and when you report a problem with our site to us. The information you give us may include your name, address, e-mail address and phone number.
2.2.2 Information we collect about you. When you visit our website we will automatically collect the following information:
188.8.131.52 technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform; and
184.108.40.206 information about your visit, including the full Uniform Resource Locators (URL), through and from our site (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number.
2.2.3 Information we receive from other sources. This is usually only the case where your details are passed to us by another member of your organisation or, if you are a sole trader or partner in a legal partnership, by our employees or fellow partners. This will typically comprise your name and contact information.
2.3 How is my information used?
We use information held about you in the following ways:
2.3.1 to carry out our obligations arising from any contracts entered into between you (or the organisation you work for or represent) and us. For customers, this includes providing you (or your organisation) with the information, products and services that you request from us. For suppliers this includes us obtaining price quotations from you and engaging you (or your organisation) to supply us products and services;
2.3.2 in the case of customers (or employees or representatives of customer organisations), to notify you about changes to our service;
2.3.3 in the case of customers (or employees or representatives of customer organisations), to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
2.3.4 to otherwise respond to your enquiry or follow up our own enquiries;
2.3.5 to ensure that the content from our site is presented in the most effective manner for you and for your computer; and
2.3.6 to administer our site, including for troubleshooting, data analysis, testing, research, statistical and survey purposes.
2.4 What are the grounds for processing your information?
We are processing your data on the following grounds:
2.4.1 if you are a customer or supplier of ours, because the processing is necessary for the performance of the contract between you and us, including the taking of pre-contractual steps at your request;
2.4.2 if you are an employee or representative of a customer or supplier of ours, because we have a legitimate interest in processing your information in order to perform the contract between us and your employer or principal, including taking pre-contractual steps at their request. In accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information in this way and are satisfied that we are justified in doing so;
2.4.3 in certain circumstances, the processing is necessary for us to comply with our legal or regulatory obligations;
2.4.4 in all other cases, the processing is necessary for achieving our legitimate interests of:
220.127.116.11 maintaining accurate internal records of customers, suppliers, contractors and their contacts for administrative and commercial purposes. This includes where we keep a record of potential supplier details with a view to using their services or purchasing their products in the near future;
18.104.22.168 responding to your enquiry, whether submitted through our website, email, over the telephone, in person or otherwise; or
22.214.171.124 sending you marketing information about our products and services (including, where applicable, on the basis of the soft opt- in under the Privacy and Marketing Communications Regulations). You can unsubscribe from these communications at any time by following the instructions contained in the communication or by contacting us using the details set out below, and in accordance with data protection law we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for this purposes; and
2.4.5 we are otherwise processing your data on the basis of your consent. This will typically be the case where you have opted into receiving marketing communications from us.
2.5 Duration and further processing.
We only keep your information for so long as it is reasonably necessary. Generally speaking, we keep your personal information for the following periods of time:
2.5.1 customer, supplier and contractor information (including contact details of employees and representatives) where we enter into a contract–7 [seven] years from the date of termination of our contract; and
2.5.2 customer, supplier and contractor information (including contact details of employees and representatives) where a contract is not entered into between us–1 [one year] from the last communication between us.
If we need to keep your information for a longer period then we will notify you of the reason and grounds for doing so.
2.6 Who is your information shared with?
Your personal information is not shared with anyone except where we are required to do so to comply with the law, to protect our rights, to improve and expand our products and services or to efficiently operate our business. In order to achieve these purposes, we will share your data with the following people or groups of people:
2.6.1 our outsourced IT providers. Our IT providers may in certain circumstances require access to data held on our systems, for example when we need to troubleshoot a technical issue. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
2.6.2 potential purchasers of our business, subject to those persons entering into strict confidentiality obligations with us and only to the extent permissible under data protection law; and
2.6.3 our professional advisers, such as our accountants and solicitors, who are subject to professional duties of confidentiality.
2.7 Automated decision making
We do not make automated decisions about you based on your information. If this changes in the future then we will let you know.
2.8 Where we store your personal data
All information you provide to us is stored on our secure servers. These third-party providers will host your data in the UK and are covered by European data laws.If the third-party is outside of Europe, it will have demonstrated that itwill protect European data.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share passwords with anyone outside of the organisation to which those passwords were supplied.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security safeguards to try to prevent unauthorised access.
3 YOUR RIGHTS
3.1 Under data protection law you have the following rights:
3.1.1 the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for. This information is set out in this policy;
3.1.2 if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. One way of doing so would be to notify us using the details set out below. In the case of marketing communications sent to you on the basis of your consent, each communication will clearly indicate how you can withdraw your consent. Please note that the lawfulness of our historic processing based on your consent will not be retrospectively affected by your subsequent withdrawal of consent;
3.1.3 the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in section 4, below;
3.1.4 the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent
3.1.5 the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;
3.1.6 the right to object to us processing your personal information in certain other situations;
3.1.7 the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate.
3.2 From 25 May 2018 you will have the following additional rights under data protection such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the details set out below;
3.2.1 enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and
3.2.2 in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in section 4, below.
3.3 You also have the general right to complain to us (in the first instance) and to the Information Commissioner’s Office (if you are not satisfied by our response) if you have any concerns about how we hold and process your information. Our contact details are set out below. The Information Commissioner’s Office website is www.ico.org.uk.
3.4 For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau www.citizensadvice.org.uk) or the Information Commissioner’s Office www.ico.org.uk).
4 ACCESS TO INFORMATION
4.1 Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. If you make your request before 25 May 2018, you will need to pay a £10 fee. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to us using the contact details in section 8 below
4.2 From 25 May 2018 you will:
4.2.1 no longer have to pay a £10 fee unless you are requesting copies of documents you already possess, in which case we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous; and
4.2.2 in certain circumstances, be entitled to receive the information in a structured, commonly used and machine readable form.
5.1 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device if you agree. Cookies contain information that is transferred to your device’s hard drive.
5.3 We use the following cookies:
5.3.1 Strictly necessary cookies.
These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site, use a shopping cart or make use of e-billing services.
5.3.2 Analytical/performance cookies.
These allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily.
5.3.3 Functionality cookies.
These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and organisation and remember your preferences (for example, your choice of language or region).
5.3.4 Targeting cookies.
These cookies record your visit to our site, the pages you have visited and the links you have followed. We will use this information to make our site more relevant to your interests. We may also share this information with third parties for this purpose. Except for essential cookies, all cookies will expire after 30 [thirty days].
5.4 Third party cookies
5.5 Blocking cookies.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Please note that if you use your browser settings to block all cookies (including essential cookies) then you may not be able to access all or parts of our site.
6 CHANGES TO OUR PRIVACY AND COOKIES POLICY
Any changes we make to our privacy and cookies policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this policy.
Questions, comments and requests regarding this privacy and cookies policy are welcomed and should be sent by post to:The Department of General Surgery
St Richard’s Hospital, Western Sussex Hospitals Trust, Spitalfield Lane, Chichester, West Sussex, PO19 6SE.