1.1 We are committed to safeguarding the privacy of our website visitors and service users. This page informs you of our policy regarding the collection, use and disclosure of personal data when using our website and/or services.
1.2 The European Union (EU) General Data Protection Regulation (GDPR) 2016/679 as enacted in the United Kingdom (UK) through the Data Protection Act 2018 (DPA 2018) is the relevant statutory legislation for the purposes of the operation of this policy.
1.3 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; i.e. where we determine the purposes and means of the processing of that personal data.
1.4 In this policy, "we", "us" and "our" refer to Healthcare Regulation UK Ltd, and “you” or “your” means the person who provides us with personal data, and “personal data” shall have the meaning assigned to it in Article 4(1) of the GDPR.
1.5 You have the right to be informed about what data we hold about you along with other rights set out in the relevant legislation. Section 10 of this policy provides advisory information about your personal data rights.
2. Types of data collected
2.1 We use your data to provide and improve our website and/or services. Where you have submitted an enquiry via our website in respect of our services your personal data will be processed consistent with Article 6(1)(b) of the GDPR as it is necessary for the performance of a contract or to take steps prior to entering into a contract (i.e. our responsibility to provide you with information requested concerning our services).
2.2 Where you have given us express consent to contact you about our services, any personal data submitted via the medium of our website will be processed consistent with Article 6(1)(a) of the GDPR.
2.3 Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
2.4 We may process data provided by you for the purposes of contacting or identifying you (“Personal Data”). Personally identifiable information may include, but is not limited to: email addresses, first and last names, phone numbers, addresses including postcodes and city of origin. The legal bases for processing are as detailed at 2.1 and/or 2.2 of this policy.
2.5 We may also collect information about how the website is accessed and used (“Usage Data”). This may include information such as your computer’s Internet Protocol address, browser type, browser version, the pages of our website that you visit, the time and data of your visit, the time spent on relevant pages, unique device identifiers and other diagnostic data. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services, and consistent with Article 6(1)(f) of the GDPR.
3. How we use your personal data
3.1 In this Section we set out:
(a) The categories of personal data that we may process;
(b) The purposes for which we may process personal data; and
(c) The legal bases of the processing.
3.2 We may process your personal data for the purposes of operating our website, providing our services, ensuring the security of our website and services, and maintaining back-ups of our databases. The alternative legal bases for this processing is our legitimate interests (Article 6(1)(f) of the GDPR), namely the proper administration of our website and business, or for the performance of a contract (Article 6(1)(b) of the GDPR) between you and us, and/or taking steps at your request to enter into such a contract.
3.3 We may process information contained in any enquiry you submit to us regarding our services. The enquiry data may be processed for the purposes of offering, marketing and selling our services to you. The alternative legal bases for this processing is our legitimate interests (Article 6(1)(f) of the GDPR), namely the proper administration of our website and business, or for the performance of a contract (Article 6(1)(b) of the GDPR) between you and us, and/or the taking steps at your request to enter into such a contract.
3.4 We may process personal data provided by you for the purposes of contacting or identifying you. Personally identifiable information may include, but is not limited to: email addresses, first and last names, phone numbers, addresses including post codes and city of origin. The legal bases for this processing will be either consent (Article 6(1)(a) of the GDPR) or contract (Article 6(1)(b) of the GDPR).
3.5 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests (Article 6(1)(f) of the GDPR), namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
3.6 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests (Article 6(1)(f) of the GDPR), namely the proper protection of our business against risks.
3.7 In addition to the specific purposes for which we may process your personal data set out in this Section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation (Article 6(1)(c) of the GDPR) to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3.8 Please do not supply any other person's personal data to us unless we prompt you to do so.
4. The disclosure of your personal data to others
4.1 Your data will not be disclosed to any third parties without your consent or as otherwise provided for by relevant data protection legislation and the terms of this policy, and will only be used for responding to your enquiry (or purposes associated with that purpose).
4.2 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.3 Your personal data held in our website database will be stored on the servers of our hosting services provider identified at https://thefarmfactory.co.uk.
4.4 In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation or regulatory requirement to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. Retaining and deleting personal data
5.1 This Section sets out our data retention arrangements, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
5.2 The time period for which we keep information varies according to the purpose intended. In some cases there are legal requirements for data to be kept for a minimum period. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.3 Notwithstanding the other provisions of this Section, we may retain your personal data where such retention is necessary for compliance with a legal or regulatory obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5.5 Data relating to website usage will be retained for no longer than is necessary for the purposes of monitoring and improving our website and services consistent with the requirement set out in Article 5(1)(e) of the GDPR
5.6 We subscribe to industry standard security measures to the protect the confidentiality of information provided to us, but whilst we cannot guarantee that any loss, misuse or alteration of data will not occur, every reasonable effort is made to prevent such occurrences.
6. International transfers of your personal data
6.1 Healthcare Regulation UK is a United Kingdom based limited company providing specialist regulatory compliance guidance, advice and consultancy support services to healthcare providers registered with the relevant regulatory bodies for England, Wales, Scotland and Northern Ireland. There is no intention to make provision for the international transfer of data outwith the geographical boundaries of the United Kingdom.
7. Providing information about someone else
7.1 If you are providing personal data to us about someone else, you confirm that they have appointed you to act for them, to consent to the processing of their personal data, and that you have informed them of our identity, of this policy, and of the purposes (as set out in this policy) for which their personal data will be processed.
8. Links to third party websites
8.1 Our website, online services and mobile applications may, from time to time, contain links to and from relevant websites and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies. We do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. You are advised to check these policies before submitting any personal data to these websites or using these services.
9. Telephone calls
9.1 We may monitor or record telephone conversations to enhance your security and ours, to enable us to handle any complaints efficiently, improve our client service and for training purposes. If your telephone conversation with us is to be recorded, then you will receive a message to this effect prior to the start of your conversation with us.
10. About cookies
7.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
7.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
7.3 Cookies do not typically contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
11. Cookies that we use
12. Cookies used by our service providers
10. Managing cookies
10.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647 (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
10.2 Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
11. Your rights
7.1 In this Section we have listed the principal rights that you have under data protection law:
(a) The right to access. You can ask for copies of your personal data;
(b) The right to rectification. You can ask us to rectify inaccurate personal data and to complete incomplete personal data;
(c) The right to erasure. You can ask us to erase your personal data;
(d) The right to restrict processing. You can ask use to restrict the processing of your personal data;
(e) The right to object to processing. You can object to the processing of your personal data;
(f) The right to data portability. You can ask that we transfer your personal data to another organisation or to you;
(g) The right to withdraw consent. To the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
(h) The right to complain to a supervisory authority. You can complain about our processing of your personal data to the Information Commissioner’s Office (ICO) www.ico.org.uk
7.3 These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
12. Access to information
13. Data Protection Officer
14. Your responsibilities
14.1 If any of your personal data changes, it is your responsibility to notify us about the change as soon as possible.
11.1 We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of significant changes to this policy by email.
This policy last updated 1st October 2019.