Privacy Policy
PRIVACY NOTICE
PLEASE READ THIS POLICY CAREFULLY. IF YOU DO NOT ACCEPT THESE TERMS, YOU ARE ADVISED NOT TO USE THE WEBSITE
This policy was last updated: 21st Feb 2024
Use of this website (https://www.brandhealthcare.co.uk) constitutes your legal agreement to the terms within this Privacy Policy and your acceptance of the policy is deemed to occur upon your first use of the website.
Brand Healthcare Services may change this policy from time to time by updating this page. On each visit to the website you should refer to this page to ensure that you are aware of and accept any changes.
Policy Statement
Brand Healthcare Services recognises the trust you place in us when you share personal information with us. We are committed to being open, honest and transparent with our use of personal data.
This privacy policy provides you with details of the personal information we collect when we engage with you, how we will use and look after your personal information, your privacy rights and how the law protects you. We will take all reasonable steps to ensure that personal information is safeguarded and kept in accordance with data protection law.
By providing us with your data, you warrant that you are over 18 years of age.
About Us
Brand Healthcare Services is a company registered in England and Wales under Company Registration Number 09555915. Our office address is Ceme Innovation Centre, Marsh Way, Rainham, RM13 8EU.
Where we manage personal data, we identify as a Data Controller and recognise and act on our obligations under applicable data protection law. For any issues relating to data protection the person responsible is the Manager You can contact him in relation to data protection matters by email to info@brandhealthcare.co.uk
What personal data do we collect?
Personal information is any information relating to an identified or identifiable individual. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal information about you when we engage with you. This will include:
Identity Data – title, first name, last name, age, family details. If you interact with us through social media, this may include your social media user name;
Contact Data – billing address, delivery address, email address and telephone numbers;
Health Data – See below Special Categories of Data.
How do we collect personal data?
We use different methods to collect data from and about you, through:
Telephone calls and ‘Request a Call Back’
The Form on our website is used to collect your full name, email and phone number, so that we can contact you and provide details of our services or deal with general company enquiries. Data is held on the grounds of being legitimate to our business interests.
Calls to us may be recorded and any data relating to the call may be retained by us. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.
Emails
We retain copies of emails sent to us and any personal information will be held in accordance with this Privacy Policy on the basis of being legitimate to our business interests.
Other direct interactions
You may give us your data by filling in forms or by corresponding with us face-to-face, by post, or through social media. This includes personal data you provide when you: make enquiries or request information to be sent to you; engage with us on social media; contact us direct; or leave comments or reviews on our services.
Social media
We use social media to engage with users. However, we do not keep any specific data that identifies you as an individual user but we do have limited details of our followers on social media platforms. You should refer to the Privacy Policies of these channels to understand how they treat your data in relation to linking to our site.
If you send us a direct message via social media, the details may be retained by us only as relevant to any ongoing contract or to further our legitimate business interests or as required for legal purposes. The third-party provider may also retain details in accordance with their Privacy Policy.
Testimonials
We may ask you for a testimonial in relation to our services that may be used on our website or social media. Your personal details are not published.
Visits to our website
When you visit our website, we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
Special categories of data
In order to provide our services, we may process ‘special category’ or sensitive personal information such as medical and health information including details of diagnosis, medical history, medication, dietary needs and specific care preferences. We may also record details of a service users’ race/ethnicity, religious or philosophical beliefs and any disabilities.
In some circumstances it will be necessary for Us to hold details of a user’s criminal convictions.
We take appropriate steps in accordance with data protection law to ensure that special category data is kept secure and treated as confidential.
Children
We do not market this website at those under 16 years old. Consistent with the GDPR we will never knowingly request personally identifiable information from anyone under the age of 16 years old.
Information we get from other sources
From time to time, we may need to obtain information from third parties about you. This will only apply where it is necessary to provide our services and as permitted by law.
We may receive personal data relating to you and your identity from any third parties who are permitted by law or have your permission to share your personal data with us.
As you interact with our website, we may also automatically collect technical data about your equipment, browsing actions and patterns through the use of cookies (see our Cookies Policy).
How do we use your data?
UK data protection law requires us to have a “legal basis” for processing personal data. The legal basis we rely on are:
- Performance of a contract we are about to enter into or have entered into with you;
- Compliance with a legal or regulatory obligation;
- Carrying out activities that are legitimate to our business interests;
- Consent. However, generally, we shall not rely on consent as a legal basis for processing your personal data other than where the law requires it. Where our legal basis is consent, you have the right to withdraw consent any time.
We may use the information we collect from you as outlined in this table:
How do we use your data?
The legal basis for doing so
To provide, manage and personalise our services to you
- Where necessary to carry out our agreement or to take steps to enter into an agreement with you
- Where the law requires this
- It is in our legitimate interests to make sure that our client accounts are well-managed, so that our clients are provided with a high standard of service, and to protect our business interests and the interests of our clients.
To administer and improve the website
- It is in our legitimate interests to develop and improve our services, so that we can continue to provide services that our clients want to use.
To personalise the content and user experience of the website
- It is in our legitimate interests to develop and improve our systems and provide our clients with a high standard of service.
To allow us to respond to communications
- Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
To send email notifications which have been specifically requested
- It is in our legitimate interests to give you information about our services that you may be interested in.
To send marketing communications, where expressly agreed
- In the case of electronic marketing we have your permission to do so.
To provide third parties with statistical information about our users
- It is in our legitimate interests to better understand how our clients use our services and what changes we could make to improve them
To ask for feedback or testimonials
- It is in our legitimate interest to better understand how our clients use our services and what changes we could make to improve them.
To deal with enquiries and complaints made by or about you relating to the website
- It is in our legitimate interests to make sure that our clients are provided with a high standard of service.
To recover debt and exercise other rights we have under any agreement with you, as well as to protect ourselves against harm to our rights and interests in property
- Where necessary to carry out our agreement or to take steps to enter into an agreement with you
- Where the law requires this
- It is in our legitimate interests to make sure that our business is run prudently and we can recover the debts owed to us, as well as making sure our assets are protected.
Users contacting this website and/or its owners do so at their own discretion and provide any such personal data requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
Our legitimate interests
When we use our legitimate interests as the legal basis for processing your personal information, we will consider and balance any potential impact on you and your rights before we process your personal data. We will only then proceed where we believe our interests are not overridden by the impact on you. Our legitimate interests include the management of our business operations.
Sharing Information
Disclosure
We don’t share, sell, or distribute your data to third parties, except as contractually agreed with you or as provided in this Privacy Policy. We may disclose your personal information if we are required to do so by law, in connection with any legal proceedings, and in order to establish, exercise or defend our legal rights, or if otherwise legally permitted.
Data Processors
We may use Data Processors who act on our instruction in relation to the management of your data and they must adhere to all data protection laws and regulations. We will ensure that any Data Processors used only operate on our written instructions and comply with their obligations under the GDPR. You will be informed of any other Data Controllers who have access to your data and who may determine processing activities separately to us, or as a Joint Data Controller.
Marketing
We may carry out direct marketing by email, phone, text or post.
You have the option not to give consent and to withdraw consent at any time from marketing communications. You may withdraw your consent for us to contact you by email to info@brandhealthcare.co.uk. We may continue to contact you if there is another lawful basis to do so.
Non-personally identifiable information may be provided to other third parties for marketing, advertising or other uses.
External links
Users of the website are advised to adopt a policy of caution before clicking on any external web links. Clicking an external link will take the user away from our website. Once you leave our website or are redirected to a third-party website, plug-in or application, you are no longer governed by this Privacy Policy or our website’s terms and conditions. We cannot guarantee or verify the contents of any externally linked website and users click on external links at their own risk. Brand Healthcare Services and its owners cannot be held liable for any damages, or the consequences of visiting any external links.
Social media platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to our terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate and/or engage with them with due care and caution in regard to their own privacy and personal details. This website nor its owners will not ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
Brand Healthcare Services uses social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised that before using such social sharing buttons, that they do so at their own discretion, and should consider that the social media platform may track and save requests to share a web page, through the users’ social media platform account.
Payment processing
This website does not process payments for our services. Payments handled on our premises shall comply with the standard procedures and requirements as laid down by law to ensure that personal data is kept secure. Details or payment processes and terms are contained in our terms and conditions.
Data Retention
We keep your personal information in accordance with our Data Retention Policy which reflects our needs to provide services to you as contracted and also as required to meet legal, statutory and regulatory obligations. The need to hold information is regularly reviewed and data will be disposed of when no longer required.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such system and are required to keep the information confidential.
We take appropriate steps to ensure a safe processing of personal data, however, we cannot guarantee the security of data transmitted through our website or by email. Any transmission is at your own risk.
Data Storage
Any information that you supply to us may be stored and processed by our website host. Your data may be transferred in accordance with the relevant data protection laws.
We may transfer some or all of your data to countries outside of the EEA only to such countries as provide adequate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission (EC).
Where data is to be transferred to a country outside of the EEA which may not offer the same level of protection as the GDPR with respect to the processing of personal data, we will ensure that the company agrees to similar levels of protection.
Where we transfer data to any organisation based in the US, we may transfer data to them where they provide similar protection to personal data shared between the Europe and the US.
Rights of Data Subjects
Brand Healthcare Services recognises a data subjects rights and will uphold these in accordance with data protection laws. You are entitled to see the information held about you and you may ask us about any of the following:
Subject access requests
Data subjects (i.e. individuals) have the right to access personal data that is held by submitting a subject access request (SAR) to Brand Healthcare Services. We will endeavour to respond quickly to any such requests, which legally require us to respond within one month of receiving the request and necessary information. A subject access request can be made by emailing us at info@brandhealthcare.uk
Right to rectification
Data subjects have the right to request that we amend or change personal data that is inaccurate or incorrect.
Right to erasure
Data subjects have the right to ask us to delete personal information from our systems without giving any reason and at any time. We will act on any such request without delay.
Right to restrict processing
Data subjects have the right to rectification or erasure of personal data in the following circumstances:
- Personal data is not accurate;
- The processing of data is unlawful - data subjects may request that processing is restricted;
- Data is required to exercise legal rights or defend legal claims;
- Data is unlawful but there may be lawful grounds for processing, which override this right.
Right to data portability
Data subjects have the right to obtain and request the transfer of their data to different service providers.
Right to object
Data subjects have the right to object to the processing of data at any time based on their particular situation. This includes objecting to profiling unless it is in the ‘public interest’ or exercised lawfully by an official authority. We will only process data under lawful grounds.
Right not to be subject to decisions based on automated processing
We do not use any automated processing that results in any automated decision based on a data subject’s personal information.
Using your rights
If you wish to invoke any of these rights, you should contact the person responsible for data protection by email to info@brandhealthcare.co.uk
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Data Breaches
We will report any unlawful breach of data as required by the GDPR within 72 hours of the breach occurring, if it is considered that there is an actual, or possibility, that data within our control including the control of our data processors, has been compromised. If the breach is classified as ‘high risk’ we will notify all data subjects concerned using an appropriate means of communication. We will report any relevant breaches to the ICO, see below.
Important Information
Queries and Complaints
If you have any concerns about how we handle your data, please get in touch by email to info@brandhealthcare.co.uk
Alternatively, you can formally raise a concern or complaint to the Information Commissioner’s Office (ICO) directly on 0208 935 5105, or see the options for reporting issues on https://ico.org.uk/concerns/
Changes to our Privacy Policy
We reserve the right to change this Privacy Policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. You will be deemed to have accepted any changes to the terms of the privacy policy on your next visit of the website following the amendment.
Copyright © 2024 Brand Healthcare Services Ltd
