ABOUT THIS POLICY
We are committed to lawful, fair and transparent processing of all personal information about our employees, clients, suppliers and other third parties during the course of our business activities. We will always comply with any applicable data protection legislation and we will ensure that collection and use of personal information is carried out in accordance with applicable data protection laws. The main law governing data protection is the Data Protection (Jersey) Law 2018, which brings equivalence to the principles of the European General Data Protection Regulations (GDPR), and sets out the rights of individuals in respect of their personal data as well as the obligations and conditions organisations must follow to process it, we have established and implemented secure Data Management procedures to ensure your information is correctly stored, maintained and protected, including prevention of unauthorised access to areas of our systems or our premises, where your information has been collected and securely stored by us.
This policy (and any other documents referred to in it, together with any privacy notice displayed on our website) sets out the basis on which we will process any personal information about you or individuals generally – whether it’s information we collect from those individuals or that is provided to us from other sources. This policy sets out rules on data protection and the legal conditions that must be satisfied when we obtain, handle, process, transfer or store personal information.
WHO WE ARE AND WHO IS COLLECTING YOUR INFORMATION
We use your information in order to provide our services to you. We are a data controller in relation to the processing of personal information that you provide us when using our services.
The personal information which you provide to us when using our Services, is provided to and is collected by Medicann Limited, a Company (Number 116256) registered in Jersey, Channel Islands at the address 27 Beresford Street, St Helier, Jersey, JE2 4WN
WAYS IN WHICH WE COLLECT YOUR INFORMATION
Consent: where we ask for your consent to process your data for a specific purpose. Such as when we ask you to complete a medical questionnaire. As a patient you may be asked for consent to allow us to collect sensitive personal data about you from you directly or from other sources such as your doctor to ensure your safe treatment and care.
Contractual obligations: where we need your data to fulfil our contractual obligations, i.e. your contact details and address to process payment and secure your booking.
Legal compliance: where we are required by law or regulatory bodies to process your data for example proof of ID and age where the law requires.
Legitimate Interests: where we require your data to pursue our interests in a way which might reasonably be expected as part of running our business and which does not significantly impact your rights or freedom. We will use the contact details you provide, to call/SMS/email you regarding your enquiry and provide you with targeted relevant information. We may also combine and anonymise your data with that of other customers to help make improvements to our service and business.
WHAT INFORMATION WE COLLECT
The personal data/information we use and stores about you is any information relating to a living individual who can be identified directly or indirectly from the information, for example, by reference to an identifier such as a name, an identification number or factors specific to the physical or social identity of that person. This includes the following types of information:
We may also use and store the following special personal data about you. This information is deemed to be more sensitive than the above personal data as it includes data that is used to uniquely identify an individual such as genetic data, biometric data:
We only use this data for the purposes of your treatment and to ensure you care and safety as a patient. We will usually ask for your consent to collect or process this data, though there may be instances where we are required or permitted to do so by applicable law (e.g. to comply with public health requirements). We never use your sensitive personal data for marketing. When you arrive for an appointment, the team may check your details to ensure our records are accurate. We ask that you notify us promptly of any inaccuracies in the information or changes to your personal details.
WHAT USE DO WE MAKE OF YOUR PERSONAL INFORMATION
Your personal information will be used by us in a variety of ways, including but not limited to: Communicate with you, and if appropriate your next of kin and/or carer(s) about your care; Provide you with treatments for your condition or symptoms; Carry out internal audits and monitor the care the Clinic provides to ensure it is of the highest standard; Get feedback on our service and respond to any complaint from you; Keep you up to date about a change, cancellation or postponement of any appointment; Advising you of and promoting our services, such as special offers or promotions; Completing transaction(s) which you make for using our Services such as paying for an appointment; Managing your Subscription to our newsletter, should you have subscribed; Providing you with information if you have opted-in to our messaging / marketing service; Asking you to provide a review of the service you received when using our services; Responding to a legal requirement to provide your data to a legally authorised authority; Conduct legal claims, comply with a court order or other legal obligation, seek legal advice or advice about; Insurance coverage or other assistance from our professional advisors; Provide information to national registries that systematically collect data about particular conditions to help; Prevent or manage risks to public health; Ask you whether or not you want to participate in research projects; Produce anonymous information that we can use to train and educate the Clinic’s staff. We will only use information from which you can be identified for training purposes if you have agreed to this beforehand; If you ask us to, to provide information about your treatment to third parties e.g. your employer. Before providing such information, we will advise you of our requirement to disclose such information; Share your information with third parties who assist and enable us to help, operate, provide, improve, integrate, customise, support and market our services to you; Satisfy a legitimate interest (which is not overridden by your data protection interests), such as for research and development; and act on your behalf, with your consent, to enable us do so for a specific purpose.
WHO WILL, MAY OR CAN GAIN ACCESS TO YOUR PERSONAL INFORMATION
Healthcare Providers and Named Persons; As part of providing you with care we may need to share your information. This includes sharing information with your referring healthcare professional, organisations that provide diagnostic tests or private ambulance/patient transport services. With your agreement information can be shared with relatives, partners or friends who act as a carer for you or a professionally employed carer. We may share information with anyone you have given as an emergency contact, for example your next of kin.
Legal Authorities; Usually the Clinic will not share information about you and your health with other organisations unless they are involved in your care or you have agreed to the data sharing. However, there are some limited circumstances where we may share information with other organisations who are not directly involved in your care. For example, we may share information with the police, fire and rescue services if there is an immediate risk of harm to you or other people or there is a legal requirement to do so e.g. the police have obtained a court order requiring us to provide information. We may also share information with our professional advisors, including lawyers and accountants, if this is necessary to take and receive professional advice (including legal advice) and with insurers,
MANAGEMENT AND RETENTION OF YOUR PERSONAL INFORMATION
Your information will be stored electronically on a patient information system. We take the security of your data seriously and take all appropriate steps to protect it from unauthorised access, loss and misuse. We never sell any of your personal data for any purpose. We further restrict access to any sensitive personal data we may collect (such as medical records) and it is never used for marketing purposes.
Your personal data will be held for as long as is necessary to fulfil the purpose for which it was collected. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of personal information, the purposes for which we process information and whether we can achieve those purposes through other means, and the applicable legal requirements. It will then be stored for a period of up to 10 years. At the end of that period, your data will either be deleted or anonymised so that it can be used in a non-identifiable way for statistical analysis which helps us make improvements to our service and business.
We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Services improvement and development, we take steps to provide information that does not identify you, and we use the information only to uncover insights about the use of our Services, not to specifically analyse personal characteristics about individuals, in which case we may use this information indefinitely without further notice to you.
Information you share on our Site: If your Account is deactivated, some of your information and the content you have provided to us will be stored in order to allow our employees to make use of the Services information. For example, we will continue to retain messages you sent to us and we will continue to retain any actions/content you provided to us.
Marketing information: You may choose to receive or to not receive direct marketing or other information from us. Please ensure you tick the correct box indicating your preference. If you have elected to receive marketing material from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or ceased using our Services. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created. If, at any time, you no longer wish to receive marketing or other information from us, you can unsubscribe by contacting us at email@example.com.
Our website may, from time to time, contain links to and from the websites of partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or the security of these websites. Please check the relevant policy before you submit any personal information to these websites.
THIRD PARTY PAYMENT PROCESSORS
TRANSFER OF YOUR PERSONAL INFORMATION OUTSIDE THE EEA
It is not our normal policy to transfer any personal data to a country outside the EU or EEA or a country with an EU Adequacy Agreement. If, however, it was necessary to do so, we would seek your express consent in advance of such a transfer and would ensure that the appropriate safeguards were in place.
DISCLOSURE TO THIRD PARTIES
We will not sell, trade, or rent your personal information to others. We will not disclose information about you to any other person or organisation without your prior consent, save in the case of fraud or other criminal activity, to meet any requirements of a Supplier of Services to you, or in order to enforce our legal rights.
YOUR ENTITLEMENT TO GAIN ACCESS TO, UPDATE OR DELETE YOUR INFORMATION
Change of mind: If you have consented to our use of your personal information for a specific purpose, you have the right, at any time of your selection, to change your mind. Your change of mind and our acting on your instruction to make the change, will not have the effect of changing any of your personal information processing which will have already taken place. Where we are using your information because we or a third-party service provider have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer being able to avail of our services.
Request Access: You are entitled, subject to certain restrictions prescribed by law, to ask us to provide you with a copy of the personal information we hold about you and to check that the we are lawfully processing it.
Corrections: You can ask us to correct any inaccuracies which you might identify in your personal information which we hold.
Erasure: You can ask us to delete or remove personal information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
Objection: You may wish us to restrict the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something in your particular situation which makes you want to object to processing on this ground. You can also request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information, for example if you want us to establish its accuracy or the reason for processing it.
Please note there may be instances where we refuse your request for any of the above where we have a strong overriding reason or are legally obliged to. Should you be wish for us to make changes to your records or are have a complaint or questions about any element of how we hold, manage or process your personal information you should, in the first instance, bring it to the attention of our Data Protection Manager at firstname.lastname@example.org
You can find out more about your rights under the GDPR or request assistance from the Office of the Information Commissioner, Jersey at https://jerseyoic.org/ or contacting them directly at email@example.com.