This statement confirms Quality Health’s commitment to protect your privacy and to process your personal information in a manner which meets the requirements of the General Data Protection Regulation 2018 (‘GDPR’) which came into force on May 25th 2018.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and is designed to cover a variety of processes and scenarios that the company undertakes. Individual Privacy Notices will be provided for specific audiences (QH Staff, Agency Staff, Clients, etc.).
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The rules on processing of personal data are set out in the GDPR.
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, NHS number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
1. Who are we?
Quality Health is an accredited supplier of survey services and consultancy to health and other sectors. Our main office and data centres are both based in England. We can act as either a data controller and / or processor. This is because we hold data for a variety of reasons from personnel and payroll information for our own employees as well as information on staff, patients and service users of our clients. When acting as a data controller this means we decide how your personal data is processed and for what purposes.
If you wish to contact us please use any of the methods below:
Our aim is to get back to you within 24 hours of your message.
Address: Quality Health Limited, Unit 1, Holmewood Business Park, Chesterfield Road, Holmewood, Chesterfield, Derbyshire S42 5US, United Kingdom
Telephone: 01246 856263
Fax: 01246 855897
Quality Health has attained the following accreditations in relation to Data Security and Risk Management:
ISO 27001:2005 – Information Security Management
- The ISO 27001 standard provides the framework for an effective Information Security Management System (ISMS). It sets out the policies and procedures that we need to protect ourselves. Our ISMS Committee oversees the implementation and includes all the risk controls (legal, physical and technical) necessary for robust IT security management. We are independently audited on a regular basis.
Information Governance Statement of Compliance (IGSoC)
- This is the process by which Quality Health has entered into an agreement with the Health and Social Care Information Centre for access to the NHS National Network (N3). The process includes elements that set out terms and conditions for use of HSCIC systems and services including the N3, in order to preserve the integrity of those systems and services. The steps in the IG SoC process set out a range of security related requirements which must be satisfied in order for Quality Health to be able to provide assurances in respect of safeguarding the N3 network and information assets that may be accessed.
- This is a contractual requirement for us on a number of programmes that we run with / for the NHS including the National PROMs and Cancer Patient Experience Survey. Our most recent assessment (v14.1) was reviewed as satisfactory on May 3rd 2018. The IG website can be found here https://www.igt.hscic.gov.uk/ and details on our specific assessments can be found here.
2. The purpose(s) of processing your personal data
Quality Health processes the personal data of staff, agency and temporary staff, clients, individual patients and staff of our clients selected to for inclusion in any of our survey programmes and other individuals with whom it has a relationship, known as data subjects. Privacy notices will explain the purposes for this, among other things, usually at the point of collection.
We do not routinely collect personal information via this website although you can choose to subscribe to our newsletter if you so wish. However, due to the nature of work that we undertake we do collect and store such data within the requirements of each project and for internal company and HR / payroll administration.
This may include, but is not limited to:
- Name, address and contact information such as email addresses and phone numbers
- Information on health state and care received
- Age, gender, occupational and other personal information
Quality Health will use this information for the following reasons:
- Send information to you to enable you to take part in a specific survey or research project
- Improve the services and care provided by our clients
- We may monitor or record any communication between you and Quality Health for quality control and training purposes and as part of the survey administration process.
- Maintain our own HR systems including training records, payroll, pension schemes and related uses.
It is important to note that this data and derived information is not routinely shared with any third-parties or partners unless clearly stated in the specific documentation, consent statements and privacy notices.
3. The categories of personal data concerned
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
- Personal data
- Special Categories of Personal Data
4. What is our legal basis for processing your personal data?
Our lawful basis for processing your general personal data:
- Consent of the data subject
- Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract
- Processing necessary for compliance with a legal obligation
- More information on lawful processing can be found on the ICO website.
5. Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with organisations clearly stated in the specific Privacy Notice.
6. How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary. For data relating to our own staff this will be in line with statutory requirements regarding employment and taxation laws for example. In the case of survey respondents our default approach is three months following the end of the fieldwork period or 1 month after all processing activities have been completed, whichever comes sooner. Again, this can vary by project but in such cases the retention period is clearly stated in the relevant documentation and privacy notice.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to withdraw your consent to the processing at any time, WHERE CONSENT WAS YOUR LAWFUL BASIS FOR PROCESSING THE DATA;
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
8. Transfer of Data Abroad
We do not transfer personal data outside the EEA.
9. Automated Decision Making
WE DO NOT USE ANY FORM OF AUTOMATED DECISION MAKING IN OUR BUSINESS.
10. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
Cookies are text files, which identify a user's computer to our server. Cookies in themselves do not identify the individual user, just the computer used.
Users may, of course, choose not to accept cookies from the Quality Health website. Further information about cookies can be found at: www.aboutcookies.org
12. Links to other websites
There are hyperlinks within this website which will take you away from this Quality Health website. The linked sites are not necessarily under the control of Quality Health and therefore we are not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Quality Health is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Quality Health of the site.