How we use your information
Phoenix Health Partnership is committed to ensuring that your privacy is protected.
However, where you are receiving a service from Phoenix Health, we are required to share
that information with other organisations as part of your treatment and care. This is to ensure
that your health records are accurate and up to date.
We may also use your information to inform, improve and maintain the services that we are
delivering. This information may be included in reports that are used by employed members
of Phoenix Health Partnership to show how we are improving and maintaining services,
however any identifiable information which can identify you will be removed and anonymised
to preserve your privacy and confidentiality.
Marketing
We like to keep you updated with information about our services, which may be of interest to
you, by email. We will invite you to opt-in to be receiving updates by asking you to tick the
relevant boxes on our sign-up form or when you complete our online enquiry form. If you
have consented to receiving marketing emails from us, you can opt-out at any time.
We will not sell, distribute, or lease your information to any third parties, unless we have your
permission to do so.
For more information on how we use your information please contact Umar Sabat, Data
Protection Officer via e-mail on umar.sabat@ig-health.co.uk
Due to the services we provide we may ask you to send us photos which will be held
securely with your implied consent or be offered a video call with a health care professional.
Media
Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Data Protection
Phoenix Health Partnership is committed to ensuring that any information it collects and
retains is kept safe and secure and in line with the Data Protection Act 2018 and General
Data Protection Regulations (GDPR).
Phoenix Health Partnership has completed several requirements associated with changes in
Data Protection law this includes:
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- Appoint a Data Protection Officer
- Continually reviewing and updating our policies and procedures
- Reviewing our Information Asset Register – This is a register that lists all our
databases which hold corporate and patient information. - Ensuring that there are Data Protection Impact Assessments in place where it has
been determined that the information being processed is high risk due to the amount
of sensitivity of the information. A Data Protection Impact Assessment policy is now
in place. - Ensuring that any privacy notices are in included or on documentation where this will
require personal information to be used.
In addition to this, Phoenix Health Partnership will also ensure adherence to the 8 Caldicott
Principles.
Principle 1 – Justify the purpose for using confidential information
2
Principle 2 – Don’t use personal confidential data unless it is absolutely necessary
Principle 3 – Use the minimum necessary personal confidential data
Principle 4 – Access to personal confidential data should be on a strict need to know basis
Principle 5 – Everyone with access to personal confidential data should be aware of their
responsibilities
Principle 6 – Comply with the law
Principle 7 – The duty to share information can be important as the duty to protect patient
confidentiality
Principle 8 – No surprises
Legal Basis
Your Personal Data is held and processed on the lawful basis that such action is in the
legitimate interest of the company in pursuing the purposes described. This has been
considered using a legitimate interest assessment which does not outweigh risks to the
rights, freedoms and interests of you as the Data Subject.
The purposes of collecting your Personal Data is to provide Health and Wellbeing Services
to you. Personal Data is collected and used for the purpose of delivering the services you
have requested from Phoenix Health Partnership and/or the Practitioners contracted with
Phoenix Health as Data Controllers.
Security
We ensure your information is always secure. In order to prevent unauthorised access or
disclosure we have put in place safeguards that protect physical, electronic and managerial
procedures to secure information we collect. Please see our policies that show our
commitment ensuring information is safe.
Information Governance Policy
Data Protection Impact Assessment Policy
Confidentiality Policy
Subject Access Requests
If you are or receiving a service from Phoenix Health Partnership and would like to know
what information we hold, you have the right to ask us to provide that information to you.
This is known as a subject access request (SAR). There is no fee for this.
To be able to provide you with that information you will need to provide proof of identification.
Please speak to any member of staff to request this.
Employees and contractors
Phoenix Health Partnership needs to process data about you because we enter in a contract
with you. In Some cases, Phoenix Health also processes your data to comply with a legal
obligation, conduct legitimate business activities, and in the interest of providing healthcare
services to you. .
Therefore, we may process your data in several different ways
Maintain accurate up to date employment record and contact details
Operate and keep a record of disciplinary
3
Provide references on request for current and former employees.
Keep a record of application form.
Obtain occupational health and support for you, sharing your information with
consent.
Ensure effective HR and business administration.
In addition to this, Phoenix Health Partnership works with appointed contractors that deliver
clinical services on our behalf and your information will be shared with them for the purpose
of delivering clinical care.
