Privacy Policy

You are here:

Privacy Policy


DHC Group is committed to ensuring that your privacy is protected and any information given to us by which you can be identified will only be used by us in accordance with this privacy policy. To this end we comply fully with the data protection law in force in the UK – UK GDPR, GDPR and Data Protection Act 2018 (“Data Protection Laws”) and with all applicable clinical confidentiality guidelines.

This Privacy Policy sets out the basis on which we collect and process personal data about you including our practices regarding the collection, use, storage and disclosure of personal data that we collect from you and/or hold about you, and your rights in relation to that data.

Please read the following carefully to understand how we process your personal data.

By providing your personal data to us or by using our services, website or other online or digital platform(s) you are accepting or consenting to the practices as described or referred to in this Privacy Policy.

For the purpose of Data Protection Laws, the data controller is DHC Group Limited, The Royals, 353 Altrincham Road, Sharston, Manchester M22 4BJ.

This privacy policy sets out how DHC Group uses and protects any information that you give the company.

What data do we collect?

  • Information that you give us when you enquire or become a customer or patient of us including name, address, contact details (including email address and phone number)
  • The name and contact details (including phone number) of your next of kin
  • Details of referrals, quotes and other contact and correspondence we may have had with you
  • Details of services and/or treatment you have received from us or which have been received from a third party and referred on to us
  • Information obtained from customer surveys, promotions and competitions that you have entered or taken part in
  • Recordings of calls we receive or make
  • Notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered
  • Patient feedback and treatment outcome information you provide
  • Information about complaints and incidents
  • Information you give us when you make a payment to us, such as financial or credit card information
  • Other information received from other sources, including from your use of websites and other digital platforms we operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information about you.
  • Where you have named someone as your next of kin/emergency contact and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.

Where you use any of our websites, we may automatically collect personal data about you including:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

The data that we request from you may include sensitive personal data. This includes information that relates to the mental or physical health or racial or ethnic origin (which may include children’s data).

By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Privacy Policy.

When do we collect personal data about you?

We may collect personal data about you if you:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
  • Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
  • Visit one of our websites
  • Enquire about any of our services or treatments
  • Register or are referred to be a customer or patient with us or book to receive any of our services or treatments
  • Fill in a form or survey for us
  • Carry out a transaction on our website
  • Participate in a competition or promotion or other marketing activity
  • Contact us, for example by email, telephone or social media
  • Participate in interactive features on any of our websites.
  • Telephone us. In the interests of training and continually improving our services, calls to DHC Group and its agents may be monitored or recorded.

What personal data we may receive from third parties and other sources?

We may collect personal data about you from third parties such as:

  • If you are an employee of one of our corporate clients who has taken up one of our services, we may be passed your name, contact number and email address, in order to get in touch with you to arrange an appointment or collect further information from you;
  • We carry out work on behalf of the NHS and for the continuity of your care we may be passed medical information usually in the form of a referral for the purposes of your imaging or treatment with DHC Group;
  • Insurance providers will pass DHC Group personal data of patients who have commenced a claim and require medical imaging/treatment with DHC Group. This will normally be in the form of a referral and may consist of basic details e.g. full name, date of birth, address, contact number and email address and the type of procedure/treatment they require.

Why are we able to process your information?

We will only process information relating to you as long as there is a lawful basis and it is necessary to do so. DHC Group will rely on Article 6 (1) (b) and Article 9 (2) (h) for the processing of your data. We may use one of the following lawful bases:

  • Legitimate interest – processing is necessary for your legitimate interests
  • Vital interest – processing is necessary to protect someone’s life
  • Legal obligation – processing is necessary to comply with the law
  • Contract – processing is necessary in order to perform our contract with you

What do we do with the information we collect?

We require a minimum amount of data to understand your preventive health care needs and requirements to enable us to provide you with the best possible service.

Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines.

Sensitive personal data related to your health will only be disclosed to those involved with your treatment or care, or in accordance with UK laws and guidelines of professional bodies or for the purpose of clinical audits (unless you object).

Further details on how we use health related personal data are given below.

We will only use your sensitive personal data for the purposes for which you have given us your explicit consent to use it. Please note that, although we have set out the purposes for which we may use your personal data below, we will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.

We may use your personal data to:

  • Ensure you are given the best clinical advice.
  • Enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of services or treatments to you and related matter such as, billing, accounting and audit, credit or other payment card verification and anti-fraud screening.
  • Provide you with information, products or services that you request from us
  • Internal record keeping.
  • Provide you with information about products or services we offer that we feel may interest you. Unless you have consented to receive marketing communications by electronic means from us, by ticking the relevant box on the form on which we collect your data, we will only contact you by electronic means (e-mail or SMS) with information about products and services similar to those which you previously purchased or enquired about from us.
  • Allow you to participate in interactive features of our services, when you choose to do so.
  • Notify you about changes to our products or services.
  • Respond to requests where we have a legal or regulatory obligation to do so.
  • Support your doctor, nurse or other healthcare professional.
  • Assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated.
  • To conduct and analyse market research.
  • To ensure that content from any of our websites is presented in the most effective manner for you and for your computer.

National Data Opt Out Regulation

The national data opt-out applies to the disclosure of confidential patient information for purposes beyond individual care across the health and adult social care system in England.

The national data opt-out does not apply to information that is anonymised in line with the Information Commissioner’s Office (ICO) Code of Practice (CoP) on Anonymisation or is aggregate or count type data.

If you choose not to allow your confidential patient information to be used for purposes other than your immediate care and treatment this will be respected and applied in accordance with the regulations.

Note that there are some circumstances where the national data opt-out does not apply, for example where there is a legal requirement for the data disclosure that specifically sets aside the common law duty of confidentiality or where public interest considerations override the opt-out.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard it. We conduct assessments to ensure the ongoing security of our information systems.

Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.

Your data is not transferred outside the UK.

At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. If you agree the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.

We use traffic log cookies to identify which pages of our site are being used to help us analyse data about web traffic and improve our website. The data is removed once it has been analysed.

Marketing

If you have consented to our processing your personal data for marketing purposes, in accordance with this Privacy Policy, we may send you information (via mail, email, phone or SMS) about our products and services which we consider may be of interest to you.

You have the right to ask us not to process your information in this way at any time. If you no longer wish to receive web based marketing information you can unsubscribe by clicking the unsubscribe option or following instructions in the SMS message.

Links to other websites Our website may contain links to other sites of interest however once you have used these links to leave our site we cannot be responsible for the protection or privacy of information you provide whilst visiting these sites and such sites are not governed by this privacy policy.

Controlling your personal information

In the usual course of our business we may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:

  • Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you,
  • Organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
  • Third party debt collectors for the purposes of debt collection,
  • Third party service providers for the purposes of storage of information and confidential destruction, third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.
  • Third party service providers may store your data outside of the UK, or outside of the EEA. Where they do so they will need to confirm to us that data is secured to the same standard as it would be if stored within the UK
  • Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so.

Health information collected during provision of treatment or services

Sensitive personal data (including information relating to your health) will only be disclosed to third parties in accordance with this Privacy Policy. That includes third parties involved with your treatment or care, or in accordance with UK laws and guidelines of appropriate professional bodies. Where applicable, it may be disclosed to any person or organisation who may be responsible for meeting your treatment expenses. It may also be provided to external service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.

Medical professionals working with us: We share clinical information about you with our medical professionals as we think necessary for your treatment. Medical professionals working with us might be our employees, or they might be independent consultants in private practice. In the case of independent consultants, the consultant is the data controller of your personal data, either alone or jointly with us and will be required to maintain their own records in accordance with Data Protection Laws and applicable clinical confidential guidelines and retention periods. Where that is the case, we may refer you to that consultant to exercise your rights over your data. Our contracts with consultants require them to cooperate with those requests. In all circumstances, those individual consultants will only process your personal data for the purposes set out in this Privacy Policy or as otherwise notified to you.

External practitioners: If we refer you externally for treatment, we will share with the person or organisation that we refer you to, the clinical and administrative information we consider necessary for that referral. It will always be clear when we do this.

Your insurer: We share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with us. We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.

The NHS: If you are referred to us for treatment by the NHS, we will share the details of your treatment with the part of the NHS that referred you to us, as necessary to perform, process and report back on that treatment.

Medical Regulators: We may be requested – and in some cases can be required – to share certain information (including personal data and sensitive personal data) about you and your care with medical regulators such as the General Medical Council or the Nursing and Midwifery Council, for example if you make a complaint, or the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate. We will ensure that we do so within the framework of the law and with due respect for your privacy.

From time to time we may also make information available on the basis of necessity for the provision of healthcare, but subject always to patient confidentiality.

In an emergency and if you are incapacitated, we may also process your personal data (including sensitive personal data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).

We will use your personal data in order to monitor the outcome of your treatment by us and any treatment associated with your care, including any NHS treatment.

We participate in national audits and initiatives to help ensure that patients are getting the best possible outcomes from their treatment and care. The highest standards of confidentiality will be applied to your personal data in accordance with Data Protection Laws and confidentiality. Any publishing of this data will be in anonymised, statistical form. Anonymous or aggregated data may be used by us, or disclosed to others, for research or statistical purposes

Accessing and updating your information

The law gives you certain rights in respect of the personal data that we hold about you. In addition to your right to stop marketing below is a short overview of the most commonly-used rights. It is not an exhaustive statement of the law.

  • With some exceptions designed to protect the rights of others you have the right to a copy of the personal data that we hold about you
  • You have the right to have the personal data we hold about you corrected if it is factually inaccurate. It is important to understand that this right does not extend to matters of opinion, such as medical diagnoses.
  • You have the right to request that personal data we hold about you is deleted. Where this information is for marketing purposes, we will delete your marketing data on request but for legislative reasons, together with your vital interests under UK GDPR, we will not be able to delete your medical data.
  • If you want to exercise your rights in respect of your personal data, the best way to do so is to contact us by email at [email protected], or to write to us for the attention of the data protection officer at the address below. In order to protect your privacy, we may ask you to prove your identity before we take any steps in response to such a request.
  • Data Protection Officer, DHC Group, The Royals, 353 Altrincham Road, Sharston, Manchester M22 4BJ
  • If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (http://www.ico.org.uk).

Data Security and Protection Toolkit compliance

We are compliant with the Data Security and Protection Toolkit and published our self-assessment for 20/21 (latest assessment) on 28 May 2021. A copy of this assessment is available on request.

Last updated

This policy was last updated on 1st July 2021