What is a Privacy Notice?
Under data protection law you, as a patient of Kind Health, have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.
Who We Are
Name: Kind Health
Name or Title of Data Privacy Manager: Catherine Alsworth
Address: Silchester Close, Bournemouth, Dorset, BH2 6PY
Telephone number: 07399 885865
Email address: email@example.com
For the purposes of processing your personal data Kind Health is the Controller (collectively referred to as “Kind Health”, “we”, “our” or “us in this privacy notice).
Data Protection Officer
As we record and use sensitive data we take the protection of this data very seriously. We have therefore appointed a Data Protection Officer, Catherine Alsworth, who is your first point of contact for any matters regarding your personal data we process. They can be contacted using the information that is given above.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy notice and your duty to inform us of changes
This version was last updated in November 2020.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The Data That We Collect About You
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which can be grouped together follows:
• Identity Data includes title, first name, last name, date of birth and gender.
• Contact Data includes email address, home address, billing address and telephone numbers.
• Special Category Data includes information about your health.
• Financial Data includes payment card details.
• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
1. Where we need to perform the contract we are about to enter into or have entered into with you.
2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
o Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
3. Where we need to comply with a legal or regulatory obligation.
Sharing Your Personal Data
We only share your personal data with your explicit consent, where, for example we need to contact a third party and give them your contact details (such as your GP). Where third parties are used by us to store your personal data, we ensure they are compliant with the data protection law and any such data is not stored outside of the EU.
Retaining Your Personal Data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
As we process your personal data, you have certain rights. These are a right of access, a right of rectification, a right of erasure and a right to restrict processing.
GDPR Compliance Document
- You may request a copy of your data at any time. Please make such a request in writing or by email to the Data Protection Officer, whose details are shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require.
- If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.
- If you believe we should erase your data, please contact the Data Protection Officer, whose details are shown above.
- If you wish us to stop storing or using your data, please contact the Data Protection Officer, whose details are shown above.
- Where you have provided explicit consent for us to use your data you have a right to withdraw this consent at any time.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Should your personal data that we control be lost, stolen or otherwise breached, where this constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Data Protection Officer who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.
Automated Decision Making and Profiling
We do not use any system which uses automated decision making or profiling in respect of your personal data.