Privacy Notice

 

Onemed Medical Centre customer privacy notice

Registered name: Nikolaos Gkampranis LTD t/a Onemed

Onemed takes data protection and confidentiality very seriously.

This privacy notice tells you what to expect us to do with your personal information. This notice applies to our service users, including patients  under the care of Onemed. Onemed may update this notice at any time but if we do, an update version will be added to our website as soon as reasonably practical.

It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under data protection legislation.

Contact details

67 Goldstone Lane, HOVE, East Sussex, BN3 7BB

Telephone: 0808 288 9834

Email: contact@onemed.co.uk

 

What information we collect, use, and why?

Onemed collects information so as to:

  • Provide services to you as requested and consented by you
  • To facilitate settling of any applicable fees
  • To facilitate communications between your care providers or insurance
  • Helping us to develop, operate, deliver, and improve the quality of the care we provide or, more generally, the type of services that Onemed offers. This may be in the form of feedback, anonymised or named whichever is preferred by you
  • When sending important information to you or to those acting on your behalf, such as updates to your care and/or treatment plans or changes to our terms, conditions and policies. (Because this information is important to your interaction with Onemed, you may not opt out of receiving these communications)
  • For use of audits or analysis, for the reason of continuous improvement to our services

Onemed processes sensitive personal information for the following purposes:

  • To provide the patient with physical or mental health care and treatment as requested
  • For any safeguarding reasons deemed necessary; our staff are highly trained within safeguarding
  • For any legal reasons, for example any requests from the police or for health and safety purposes

In more detail:

We collect or use the following information to provide patient care, services, pharmaceutical products and other goods:

  • Name, address and contact details
  • Gender
  • Pronoun preferences
  • Date of birth
  • NHS/HSC/CHI number
  • Hospital number
  • Next of Kin details including any support networks
  • Marital status and dependants
  • Emergency contact details
  • Photographs
  • Health information (including medical conditions, allergies, medical requirements and medical history)
  • Information about care needs (including disabilities, home conditions, medication and dietary requirements and general care provisions)
  • Test results (including psychological evaluations, scans, bloods, x-rays, tissue tests and genetic tests)
  • Payment details (including card or bank information for transfers and direct debits)
  • Insurance policy details
  • Records of meetings and decisions
  • Call recordings
  • Information about income and financial needs for funding or personal budget support
  • Information about your status, nationality and residency
  • Racial or ethnic origin*
  • Political opinions*
  • Religious or philosophical beliefs*
  • Genetic information*
  • Health information*
  • Sex life information*
  • Sexual orientation information*
  • Forensic History*

We collect or use the following information for safeguarding or public protection reasons:

  • Name, address and contact details
  • NHS/HSC/CHI number
  • Hospital number
  • Emergency contact details
  • Photographs
  • Health information (including medical conditions, allergies, medical requirements and medical history)
  • Information about care needs (including disabilities, home conditions, dietary requirements and general care provisions)
  • Relevant information from previous investigations
  • Test results (including psychological evaluations, scans, bloods, x-rays, tissue tests and genetic tests)
  • Records of meetings and decisions
  • Racial or ethnic origin*
  • Political opinions*
  • Religious or philosophical beliefs*
  • Health information*
  • Sex life information*
  • Sexual orientation information*
  • Forensic History*

We collect or use the following personal information to comply with legal requirements:

  • Name
  • Contact information
  • Health and safety information
  • Safeguarding information
  • Forensic History*
  • Health information *

We collect or use the following personal information for information updates, marketing or market research purposes:

  • Names and contact details
  • Address
  • Marketing preferences
  • Website and app user journey information
  • IP addresses
  • Health information*

We collect or use the following personal information for medical research or archiving purposes:

  • Names and contact details
  • Address
  • Recorded images such as photographs, X-rays or scan images
  • Personal information used for medical investigations
  • Records of consent, where appropriate
  • Health information*

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details
  • Address
  • Payment details
  • Purchase or service history
  • Video recordings of private or staff only areas
  • Audio recordings of private or staff only areas
  • Call recordings
  • Relevant information from previous investigations
  • Financial transaction information
  • Information relating to health and safety (including incident investigation details and reports and accident book records)
  • Correspondence
  • Health information*

Data marked with * is sensitive data

How Onemed stores personal information

The personal information we collect is stored in a variety of electronic forms. Regardless, we have appropriate and adequate technical and administrative processes in place to make sure that all your information is kept secure.

Protection of your personal information

Onemed has put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Onemed has put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Onemed may collect, use and share ‘aggregated data’ such as statistical data for any purpose. Aggregated data could be derived from your personal information but is not considered personal information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your ‘usage data’ to calculate our referral numbers during the year. However, if we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Privacy Notice.

Onemed will not rent, sell, share or provide access to information to third parties for marketing purposes or to non-affiliated companies at any time.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Accuracy of personal information

Onemed makes it easy for you to keep your personal information accurate, complete, and up to date. We request that if there are any changes to your information, such as address, next of kin or health information you update us on contact@onemed.co.uk . Any updates must be made in writing as so to record the accuracy of the information provided and minimise the risk of mistakes.

 

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
  • Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
  • Your right to erasure – You have the right to ask us to delete your personal information. You can read more about this right here.
  • Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
  • Your right to object to processing – You have the right to object to the processing of your personal data. You can read more about this right here.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

We are not required to process any request for access which is frivolous or vexatious, jeopardizes or otherwise affects the privacy of others, are impractical, or for which access is not otherwise required by law. We will let you know in writing if any of these circumstances apply to your request.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide patient care, services, pharmaceutical products and other goods are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interest – Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests.
  • To register you as a new service user
  • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.

Our lawful bases for collecting or using personal information for safeguarding or public protection reasons are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.
  • To administer and protect our business and online services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.

Our lawful bases for collecting or using personal information to comply with legal requirements are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.

Our lawful bases for collecting or using personal information for information updates, marketing or market research purposes are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for medical research or archiving purposes are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Consent – we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
    • Professional bodies and advisors
    • Court /police instructions

Where we get personal information from

Onemed may collect personal information directly provided by you or your legal representative at any time you are in contact with Onemed and we may collect, store and use your personal information during your time in our practice under our care.

  • Directly from you
  • Regulatory authorities
  • Family members or carers
  • Other health and care providers
  • Social services
  • Charities or voluntary sector organisations
  • Schools, colleges, universities or other education organisations
  • CCTV footage or other recordings
  • Insurance companies
  • Publicly available sources
  • Councils and other public sector organisations

How long we keep information

The UK GDPR requires that personal data should not be held for longer than is necessary for the purpose for which it is being processed. However, it is a fundamental requirement that all of Onemed’s records are retained for a minimum period of time for legal, operational, research and/or safety reasons. The length of time for retaining records will depend on the type of record. Below you will find a summary of the various types of data we hold about you and how long each will be kept. 

Onemed will only retain your personal information for as long as necessary to fulfil the purposes we collected it for. This includes for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

For Onemed to determine the appropriate retention period for personal data, we consider:

  • The amount of data retained
  • The nature of that information
  • The sensitivity of the personal data
  • The consultant medico-legal requirements
  • The potential risk of harm from unauthorised use or disclosure of your personal data
  • The purposes for which we process your personal data
  • Whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances Onemed may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Medical Records   

As you will see below Onemed’s retention policy for most medical records is 30 years. This period has been determined with patient safety in mind. There is also the necessity in healthcare to occasionally need to undertake patient recalls where it is generally necessary to have access to the original patient medical record to determine, for instance, what was discussed with the patient.  Some non-medical records will also need to be held for this time period as they support the medical records by providing context and further operational information.

Type of recordMinimum Retention PeriodComments
Medical Records30 yearsIncluding records related to MHA/MCA
Complaints case file Litigation records30 yearsRetention period of 30 years in line with medical record retention.
Fraud case files7 years 
Debtor records cleared7 years 
Debtor records not clearedRetained until cleared 
Invoices to patients regarding their treatment7 years 
Patient surveys/feedback7 yearsApplies to surveys where patients have consented for their data to be linked back to their patient record.
CCTV14 days (up to a maximum of 30 days)Recorded images which are downloaded should only be retained long enough for the incident to be investigated
Accident forms10 years 

Who we share information with                                                                        

  • Other health providers (eg GPs and consultants)
  • Insurance companies, brokers and other intermediaries
  • Care providers
  • Organisations we need to share information with for safeguarding reasons
  • Emergency services
  • Professional advisors
  • Legal bodies or authorities
  • Relevant regulatory authorities
  • External auditors or inspectors (CQC)
  • Organisations we’re legally obliged to share personal information with
  • Debt collection agencies
  • Current employers, Universities, Schools
  • Other relevant third parties:
    • Accounting firms
    • IT companies involved in data safety of our systems  

We will share your personal information with third parties where required by law, where it is necessary to be able to provide you with the health or treatment you require, to protect your interests (or someone else’s interests) or where we have another legitimate interest in doing so. We will use all reasonable efforts to ensure that your personal data is not disclosed to regional/national institutions and authorities, unless required by law or other regulations.

How changes of purpose will be managed

We will only use your personal information for the purposes for which we collected it. Please note that Onemed may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

What type of third parties service providers’ process your personal information

‘Third parties’ includes commissioning authorities (such as your GP,  your case managers and private medical insurances).

Onemed can engage third party service providers to provide certain services to the business. These could support our IT software or systems (including online payment providers). In order for them to provide their services to Onemed, we may need to allow them to process personal data necessary for their tasks. When we use third party service providers to process personal data on our behalf, we require them to commit to compliance with relevant data protection legislation. This is a rarity, but if required any service providers are vetted to be ICO registered and UK GDPR compliant.

Commissioning authorities: If Onemed’s services are commissioned for you by third parties (for example your GP, private medical insurers etc) Onemed may be required to provide some information about you to them including your name and contact details such as: postal address, telephone number, email address and physical or mental health history for the purposes outlined above. Encryption is always used for communication with external third parties.

We may share information on request from a regulator (for example CQC, medical indemnities, professional bodies) or otherwise whereby we must comply with the law or in situations we are legally permitted to information share (Police, Courts). This may include making returns to HMRC and disclosures to any other regulatory bodies which have authority over Onemed or our professional advisers (such as lawyers).

Duty of confidentiality

Any information you provide to us will be treated as confidential in accordance with standard medical confidentiality practices.

We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:

  • you’ve provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses);
  • we have a legal requirement (including court orders) to collect, share or use the data;
  • on a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime);
  • If in England or Wales – the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied; or
  • If in Scotland – we have the authority to share provided by the Chief Medical Officer for Scotland, the Chief Executive of NHS Scotland, the Public Benefit and Privacy Panel for Health and Social Care or other similar governance and scrutiny process.

Cookies

1. How we use cookies

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and are called first party cookies. We also use third party cookies – which are cookies from a domain different to the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes.

2. Strictly necessary cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

3. Performance cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

4. Functional cookies

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

5. Advertising cookies

These cookies may be set through our site by third party advertising partners, including Google. If the cookie is set by a third party that also monitors traffic on other websites (such as an advertising provider), then this type of cookie may also track user movements across different websites to build a profile of online behaviour and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising. For details of how Google uses associated data when a user provides cookie consent on a website, please click on the following link: Google’s Privacy & Terms

6. Cookie preferences

You can access the cookie preference centre where you can change your preferences by clicking the cookie settings link below.

7. Cookies Settings

Find out more

The following links detail how to manage cookies on popular web browsers:

For information relating to other browsers, visit the browser developer’s website, where the ‘help’ section will normally provide details on how to manage the cookie settings.

8. Third party links

Our site may, from time to time, contain links to and from the third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. At Onemed data security is taken extremely seriously and all such communications are examined with the management team and replies issued where appropriate as soon as possible.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the Information Commissioner’s Office (ico.org.uk)

Publishing and updates

This Privacy Notice is effective from 1st September 2022

We will update this Privacy Notice when required. Any updated version of this Privacy Notice will be replaced on our website.

Latest update: 1st September 2024

 

 

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OK