This privacy notice sets out how Health Call will use your personal data. The Health Call website is managed and run by Health Call Solutions whose registered office is Room 20A, Enterprise House, Kingsway North, Gateshead NE11 0SR. The Data Protection Officer for the organisation is Neil Smith who can be contacted at firstname.lastname@example.org Any references to ‘us’, ‘our’ and ‘we’ means ‘Health Call.
When appropriate, we will provide a ‘just in time’ notice to cover any additional processing activities not mentioned in this notice.
This notice does not extend to other organisations, such as any external websites you may access from our website. Other organisations will inform you how they use your personal data.
We are committed to taking good care your personal data and ensuring the highest standards of privacy. If you have any questions about this notice, don’t hesitate to get in touch with us. We’ll be more than happy to help.
An organisation that decides how the personal data it collects and holds is used is called a ‘data controller’. We call this use of personal data ‘processing’ – this includes the collection, storage, analysis, sharing, retention and disposal of personal data. Where Health Call is the Data Controller we will make this clear.
As a Data Controller, we are registered with the Information Commissioner’s Office (ICO) – the organisation in the UK that oversees that an organisation is acting accordingly when processing personal data. Our registration numbers are: ZA330957
Why do we need your personal data?
Health Call uses personal data to communicate with our staff, customers and stakeholders to provide information on our activities, views, latest news and points of excellence. We do this by providing information through a range of online and offline channels including publications, events, website, press releases, social media and email.
What if you do not provide personal data?
You are not under a legal obligation to provide us with any personal data, however, if you choose not to then we may be unable to provide you with a full range of services, deal with your enquiries or provide other support.
What personal data do we collect?
We collect and use a variety of personal data to run our business and manage our relationship with you. The table below shows the typical categories of personal data we ask you for and why we may ask for it. You will find more specific information in the ‘how do we use your personal data’ section:
What will we collect?
- Email address
- Job title
- Telephone number
- Social media handles
- IP address
How we may use it? We will use this information to communicate with you, respond to enquiries made by you and manage our relationship with you. We may also use this information as part of our marketing activities where we have your consent.
Special Category Data
From time to time, we may need to ask for personal data that might seem sensitive. This is known as ‘special category data’. For example, a question about your health, vulnerabilities or whether you have any previous criminal convictions. In general, we do not collect special category data about you, but sometimes the personal data we collect may reveal this. This will, however, be limited to the minimum required. This can include personal data relating to your:
- Race or ethnicity
- Religious or philosophical beliefs
- Sexual orientation
- Political opinions
- Trade union membership (only where you have mentioned this in your application e.g. where you list being a union representative in “positions of responsibility”)
- Health, including any medical condition, health and sickness including pre-employment screening
- Biometric data
- Criminal convictions and offences.
Where do we obtain personal data from?
At Health Call, we obtain your personal data in the following ways:
|Directly from you||We will normally ask you directly for personal data. This will happen if you:
|From a third party acting on your behalf||
If someone acting on your behalf provides this information, we’ll record what’s been provided and who gave it to us.
In the event that you’re providing personal data about another individual, we’ll assume that you have told them that you are sharing their details and where they can find more information on how we may process their personal data.
|From other third parties||In some cases, we will obtain personal data from third party sources. We will endeavour to inform you of this where this is the case.|
How do we collect special category data?
In almost all cases, we’ll ask for your explicit consent before collecting special category data unless we are required to by law, there is an overriding public interest, or where we believe you or someone else may be at risk.
If you contact us containing this type of information, then we’ll assume that you’re happy for us to record it – unless you tell us not to. If someone acting on your behalf provides this information, we’ll record what’s been provided and who gave it to us.
You have the right to withdraw your consent to us recording and using special category data at any time. This will not affect any use we have made of the information before you withdrew your consent.
Personal data relating to children
Health Call does not collect or process any personal data relating to children.
Lawful basis for processing personal data
We process your personal data for a number of different purposes. When we collect, use, share or hold your personal data, we must have a valid reason to do so (known as a ‘lawful basis’). The table below sets out the different lawful basis we may rely on. You can find out more in the how we use your personal data section.
|Consent||You have given free and clear consent for us to process your personal data for a specific purpose.|
|Explicit consent||You have given explicit consent for us to process your sensitive personal data (special category) for a specific purpose.|
|Legitimate interests||The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.|
|Contract||The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.|
|Legal obligation||The processing is necessary for us to comply with the law or legal requirement.|
Lawful basis for processing Special category data
We will only process your special category personal data where we have an additional lawful basis. This includes:
- Where we need to carry out our legal obligations or exercise rights in connection your application for an account with us.
- Where it is needed in the public interest: for example, we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equality and diversity monitoring and reporting.
- With your explicit written consent. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
- Where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
How do we use your personal data?
We use your personal data stated above for a whole host of reasons. This includes:
|Purpose||Why we use your personal data this way||Lawful basis we rely on to process your personal data|
|Managing our relationship with you||We may use your personal data to manage our relationship with you, including communicating with you and responding to queries and complaints.||Contract, Legitimate Interests|
|Email marketing||We maintain a database which for the purpose of managing our marketing activities (where we have consent from you).||Consent|
|Website monitoring||When you visit the Health Call website, we will use your IP address to analyse how our website is used by our visitors. We may archive this information in an anonymous form for historical records.||Legitimate Interests|
|Events||If you register for a Health Call event, we will use the contact details you provide to communicate event updates. We may also contact you after the event to inform you about Health Call products or future events which may be of interest.||Legitimate Interests|
|Social media||Health Call uses publicly available information, such as Twitter/LinkedIn handles and hashtag usage, to target tweets promoting the work of Health Call to relevant Twitter/LinkedIn users.||Legitimate Interests|
How do we use special category data?
We’ll only ask for this type of personal data when we absolutely need to and use it for limited circumstances to:
- Understand and accommodate any additional needs or requirements that you might have. For example, to help with any issues around your health, memory, caring responsibilities or any challenges you’re facing in life.
- Understand any details about your health that we need to know for the purpose of insurance policies or investment products.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance where this is required or permitted by law.
Automated decision making
We do not process any personal data using automated decision making.
Who has access to your personal data?
There may be occasions where we need to share your personal data with external partners or organisations. The table below provides details on who we share personal data with and the reasons why:
|Contractors of Health Call Solutions||To enable Health Call Solutions to deliver services.|
Our relationship with other organisations
We have a relationship or partnership with the following organisations and may share your personal data with the companies listed below associated purposes. All companies we work with are assessed for adequacy of their security controls, so you know your personal data is safe.
|NHSX||To enable Health Call Solutions to deliver services.|
|NHS Digital||To enable Health Call Solutions to deliver services.|
|NHS England||To enable Health Call Solutions to deliver services.|
|Mailchimp||To provide our email marketing services.|
Sale, purchase of all or part of our business
If we sell or transfer all or part of our business, we may share or transfer customer records and data as part of the proposed/actual sale or transfer. Before we do this we will ensure there is adequate protection in place by imposing contractual obligations on the buyer/seller to ensure the security and confidentiality of your personal data.
Transfers of personal data outside the EEA
We use Mailchimp to provide email services on our behalf, who are based in the USA and you can find out more about how they process personal data in their privacy notice available at https://mailchimp.com/legal/privacy/. We do not share any personal data relating to customers or staff with Mailchimp.
We do not currently transfer any personal data outside the UK or EEA. Where there are circumstances where we may need to transfer your personal data to countries outside the UK\EEA, we will only do so where:
- We’re required or permitted to by law or regulatory requirements.
- We’re sharing data with a third party to support us in the management of your account.
When working with our suppliers and/or transferring personal data to countries outside the UK, we take appropriate steps to ensure that there is adequate protection and controls are in place and that data protection legislation is followed.
This could be by:
- Ensuring that we transfer personal data to countries that we believe have comparable data protection legislation to the UK.
- Putting suitable clauses in our contracts to ensure that organisations take appropriate steps to comply with UK data protection laws or the equivalent.
If you would like more information on this, please contact us.
How do we protect your personal data?
We have appropriate policies and security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long do we keep your personal data?
Our aim is to keep your personal data only for as long as we need to, in order to manage your relationship with us and comply with legal and regulatory requirements. When determining retention periods, we consider the following:
- The maximum or minimum retention periods identified by the law or regulatory guidance
- Our contractual rights and obligations
- Customer expectations, the nature of your relationship with us, your membership status and the types of accounts, products and services you have with us
- Current or future operational requirements
- Forensic requirements, for example, the potential need to access data no longer actively used in order to manage or respond to complaints and disputes
- The risks involved in retention, deletion and removal
- The cost of maintaining, storing, archiving and retrieving data
- The capability or restraints of our systems and technology.
The table below provides details on how long we will retain your personal data for:
|General enquiries||1 year from date enquiry closed.|
|Complaints||6 months from closure of complaint.|
|Marketing preferences||2 years from date of last contact.|
We may keep your personal data for longer than indicated if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we’ll make sure that your privacy is protected and only use it for those specified purposes.
What rights do you have in relation to your personal data?
|Request to be informed about how we process your personal data.||You have the right to be informed about the collection and use of your personal data.|
|Request access to your personal data (commonly known as a “data subject access request”).||This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.|
|Request rectification/correction of the personal data that we hold about you.||This enables you to have any incomplete or inaccurate data corrected.|
|Request erasure of your personal data.||This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object.|
|Object to processing of your personal data.||You can object to us using your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.|
|Request the restriction of processing of your personal data.||This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.|
|Request the transfer of your personal data to another party.||In certain circumstances, you have the right to ask us to transfer a copy of some of your personal data to you or to a new data controller.|
|Right to withdraw your consent||Where we rely on your consent to process any of your personal data, you have a right to withdraw that consent at any time. This will not affect any use we have made of the information before you withdrew your consent.|
|Object to automated decision making /Profiling||In certain circumstances, you have the right to ask for an automated decision (such as a lending decision made by a machine) to be reviewed by a human.|
|Complain to the Regulator||You have the right to make a complaint to the Supervisory Authority. In the UK, this is the Information Commissioner’s Office (ICO).|
You can request these rights by contacting us at
Health Call Solutions, Room 20A, First Floor, Enterprise House, Kingsway North, Gateshead, NE11 0SR
Tel: 0191 481 4083
Accuracy of your personal data
Whilst we make every effort to ensure your data is correct, we kindly request that you help us by reporting any inaccuracies or discrepancies at the earliest opportunity. It your responsibility to keep us informed of any change of your circumstances including any name changes, alternative contact details or change of address. You can ask your details to be amended by contacting us at the details, above.
Changing your marketing preferences
You can change your marketing preferences and how we contact you in relation to new products and services by emailing email@example.com and ask to unsubscribe from our database.
We will not sell your details to other companies, but we may use marketing agents to act on our behalf.
Data Protection Officer (DPO) details
If you have any concerns about how we collect, use, share or keep your personal data, you think there has been a breach, or you have a question or concern about anything in this notice, you may contact our Data Protection Officer (DPO) using the details below:
Data Protection Officer, Health Call Solutions, Room 20A, First Floor, Enterprise House, Kingsway North, Gateshead, NE11 0SR
Contacting the Information Commissioner’s Office (ICO)
You have a right to complain to the Information Commissioner’s Office (ICO) if you have any concerns about how we collect, use, share or keep your personal data. You may contact them at:
Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Updating this notice
We review this notice every 12 months and, where necessary, update our privacy information contained within this notice. This was last updated on 23 April 2021 and is due its next review by 22 April 2022.