SPEED MEDICAL EXAMINATION SERVICES LIMITED PRIVACY NOTICE
DATA CONTROLLER ACTIVITIES (CUSTOMER, CLIENTS, MEDICAL EXPERTS & WEBSITE USERS)
Note: This notice relates to how Speed Medical Examination Services Ltd (‘Speed Medical’) processes personal data as a data controller. It covers information collected and processed:
- Pre contract (Customer & Medical Expert)
- Post contract (Customer, Medical Expert & Client)
- When using our website (speedmedical.com)
If you are an instructing party please refer to our data processor privacy notice.
This Privacy Notice will change from time to time and, if it does, the up-to-date version will be reflected on this website (www.speedmedical.com) and will be effective immediately. This privacy notice was last updated on 20 December 2022.
Welcome to the ‘Speed Medical’s’ Privacy Notice. ‘Speed Medical’ is an independent medical reporting and rehabilitation provider.
‘Speed Medical’ takes data protection seriously and is committed to respecting and protecting your personal data. Personal data is:
- any information ‘relating’ to an identified or identifiable person (‘data subject’);
- an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
For the purposes of this Privacy Notice, “Data Protection Legislation” means all applicable data protection and privacy legislation in force from time to time in the UK including without limitation the EU Regulation 2016/679 as it forms part of the law of England and Wales by virtue of section 3 of the European Union (Withdrawal) Act 2018, the Data Protection Act 2018 or any successor legislation.
This Privacy Notice explains how we will collect, store and use any personal data to enable us to form business relationships with Customers, Medical Experts, Clients, Website users and our legal obligations when contracts have terminated.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.
If you have any questions you can contact our Data Protection Officer at:
E-mail – DPO@speedmedical.com
Post – Speed Medical House, Matrix Park, Chorley, Lancashire, PR7 7NA
Registration Number: 03566725, ICO Registration Number: Z9348707
- The data we may collect about you
We will collect, or be provided with, and process personal information about you, your personnel through various means, including:
- Your name and title;
- Contact information, including telephone number, postal address and email address;
- Information relating to your location, preferences and/or interests;
- CCTV footage and other information obtained through electronic means such as swipe card records should you visit our Offices;
- Personal data may be included in our pre-contract checks with:
- Companies House;
- The Solicitors Regulation Authority (SRA) Register;
- The Information Commissioner’s Office;
- Internet searches;
- The Financial Conduct Authority (FCA).
- Your name and title;
- Correspondence address, email address and contact number;
- Your Curriculum Vitae (CV);
- Photographic identification;
- CCTV footage (Building 3) and other information obtained through electronic means such as swipe card records should you visit our Offices;
- Personal data may be included in our pre-contract checks;
- Governing body registration;
- Indemnity insurance;
- List of consulting venues;
- ICO certificate;
- Medco certificate;
- DBS certificate;
- Correspondence address, email address and contact number.
Each time you visit our website, we will automatically collect the following information:
- Web usage information (e.g. IP address);
- Information about your visit, including the full uniform resource locators (URLs) clickstream to, through and from our website;
- If you register for access to the Secure Client Area (Portal) we will collect company details, name, email and telephone number, user name and password.
We may ask you for information when you report a problem with our website.
Collected as Speed Medical’s activities as a data processor but is processed as a data controller after the contract is complete (invoice paid) with the Customer with the exception of Rehab triage:
- Full name and title;
- Correspondence address, email address and contact number;
- Medical Records when requested;
- Medical Reports;
- Information around rehabilitation.
Our Rehabilitation Team may call you or get you to login into our Portal to ask questions around your injury which will include:
- Whether injured and how much pain you are in after the accident;
- Your confidence after the accident;
- Any pre-existing medical conditions;
- Any current medication;
- F2F or video conference for your appointment.
If you contact us by phone your conversation will be recorded.
The personal data described above may relate to any of the following categories of person:
- Medical Experts;
- Prospective Customers;
- Client’s going through the Rehabilitation process or where contracts have terminated with Customers;
- Those who submit enquiries through our website or whose details are otherwise entered into our marketing management system.
- How we use your information
We may use your information for the following purposes:
- To complete our processes to allow us to enter into a contract with you;
- To respond to any query that you may submit to us pre-contract stage;
- To manage our relationship with you (and/or your business), including by maintaining databases of customers and other third parties for administration and relationship management purposes;
- Provide an assessment as to whether further rehabilitation services are required;
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests;
- Where we need to comply with a legal or regulatory obligation (for example keeping invoice information for HMRC requirements and other details to comply with statutory issues such as complaints or potential litigation claims);
- To send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable Data Protection Legislation. You can withdraw your consent to marketing activity at any time using the unsubscribe link located in any of our marketing emails or by emailing us at firstname.lastname@example.org;
- To determine what is most effective about our website, and to help identify ways to improve it, and to tailor it to be more effective;
- To comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place;
- As we consider necessary to prevent illegal activity or to protect our interests;
- To share with companies in our group for the purpose of them sending to you any relevant information about their products/services that may be of interest to you.
- Legal grounds for processing your information
We will rely on the following legal bases under Data Protection Legislation for processing your personal data:
- Entry into a contract such as arranging appointments with medical experts, collecting medical records, when requested, providing medical reports and organising rehabilitation treatments;
- Compliance with a legal obligation to which we are subject i.e. Invoices for HMRC;
- We have a legitimate interest in doing so as a services provider:
- Completing due diligence on prospective Customers or Medical Experts;
- Helping administrate the website, its contents and to provide data analytics to improve our products and services and user experience;
- Helping respond to statute of limitations or litigation claims.
- Where processing of ‘special category of data’ is necessary in the context of the establishment, exercise or defence of legal claims;
- In certain circumstances, where we have express consent to do so. Where we collect consent, we will explain that it may be withdrawn at any time in accordance with the information we provide at that time;
- For direct marketing, which we will generally only do with your consent (further details below).
- Sharing your information
We will share your details with third parties instructed by us to enable us to fulfil our contractual obligations to you and/or your clients in the course of business. These include:
- Our carefully selected service providers who provide IT and system administration services to enable us to communicate effectively with you, provide services to you, and to give you access and use of the Secure Client Area (Portals);
- You specifically request this or it is necessary to provide our services to you, for example disclosure to expert medical providers;
- We consider other companies’ products and services in our group of companies may interest you;
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
We will not sell your information.
- What we do to protect your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we have put in place procedures to deal with any suspected personal data breach and, in the event of a breach, will notify you and any applicable regulator of a breach where we are legally required to do so.
- Storage and retention of your personal data
We retain your personal data in line with our internal retention policies and guidelines. These have been developed to ensure our compliance with regulatory obligations and professional practice. The time periods vary depending on the particular circumstances.
We will not store your information for longer than is reasonably necessary or required by law.
Following the completion of any contract between us, we may also need to retain your personal data for legal and regulatory purposes, including
- Pursuing any outstanding payments, and
- For HMRC audit purposes following payment of an invoice;
- For use in breach of contract or negligence claims.
- Sending your information outside of the UK
Your information will be predominantly processed in the UK. If your information is transferred outside the UK or the EEA you can expect a similar degree of protection in respect of your information as provided by processing in the UK.
- Your information rights
Data Protection Legislation gives you the right to access information held about you.
We will aim to respond to any requests relating to your rights without undue delay and in any case within one month of receipt of your request.
We may ask you to confirm your identity so that we can validate a request. If you would like to make a request, please email or write to the DPO using the contact details provided above.
You have the right to:
- Request access to your personal data and check that we are lawfully processing it;
- Request correction of the personal data that we hold about you if you consider that it is inaccurate;
- Request the transfer of your personal data to you or to a third party;
- Request erasure of your personal data. This includes where you have been successful in exercising your right to object to processing (see below). However we may not be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
- Request restriction of processing of your personal data. This may be the case if you want us to establish the data’s accuracy or where our use of the personal data is unlawful but you do not want us to erase it;
- Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.
Where you exercise your rights to request erasure, or request a restriction in the processing of your personal data or to object to processing of your personal data, we may still need to keep basic contact information about you if you are already or will shortly be an active customer as we will require this for contractual purposes.
We will not charge a fee unless we feel the request for your personal information is clearly unfounded or excessive (repeated requests) where we will either charge a reasonable fee or refuse to deal with the request.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Data Protection Officer (DPO@speedmedical.com).