The website albionsurgery.webgp.com (“Website”) is operated by Hurley Innovations Limited, registered in England and Wales with registered number 7628675 and whose registered office is at Nightingale House, 46-48 East Street, Epsom, Surrey KT17 1HQ (“we” or “us”).
This policy (together with our terms of website use and any other documents referred to in it) sets out the basis on which any personal data (“Personal Data”, which does not include Sensitive Personal Data as defined hereafter) and sensitive personal data such as health information (“Sensitive Personal Data”) we collect from you, or that you provide to us, will be collected, used, stored, disclosed and otherwise processed by us. Please read the following carefully.
For the purpose of the Data Protection Act 1998 (the “Act”), the data controller is Hurley Innovations Limited.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
- If you contact us, we will keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs, the resources that you access and other communication data.
- Any material you upload to the site, whether photographs, other images or otherwise.
INFORMATION FACEBOOK MAY COLLECT FROM YOU
If you visit a page of our Website that displays a ‘Facebook Like’ button, the following information may be collected by Facebook: The date and time of your visit; the webpage you are on; and other technical information about the IP address, browser and operating system you use.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Cookies are files which are transferred from a website to a computer's browser or hard drive. We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Strictly Necessary Cookies
|jsessionid||Session ID||The cookie is essential for the user (once they have logged in) to be identified by our server, so that they can view their private data.||The cookie exists solely for the length of the session, which expires after 30 minutes of inactivity.|
|awselb||Load balancer||The cookie is essential for the user (once they have logged in) to be associated with a particular server in our server farm.||The cookie exists solely for the length of the session, which expires after 30 minutes of inactivity.|
We use Google Analytics, Piwik and HotJar to collect aggregated, anonymous data on how our website is used (e.g. which pages are the most and least popular, how users move around the website, where users click, etc). We use the following performance cookies:
|_ga, __utma, __utmz||Google Analytics||Aggregated, anonymised user tracking|
|_pk_id, _pk_ref, _pk_ses||Piwik||Aggregated, anonymised user tracking|
|_hjUserId, _hjClosedSurveyInvites, _hjDonePolls, _hjMinimizedPolls, _hjDoneTestersWidgets, _hjMinimizedTestersWidgets, _hjIncludedInSample||HotJar||Collects public information about what users are doing on the site in order to improve our service. More information may be found on the HotJar website|
Display Advertising Cookies
We have also implemented some Google Analytics features based on Display Advertising (Google Analytics Demographics and Interest Reporting). We use the following Display Advertising cookies:
|_gat||Google Analytics||Collects anonymous data about the types of users who visit our site and to develop the site and its content around users' needs.|
You can opt-out of Google Analytics for Display Advertising and customise Google Display Network ads using the Ads Settings. In addition, you can use the Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics.
WHERE WE STORE YOUR PERSONAL DATA
The Personal Data (but not Sensitive Personal Data) that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of support services. By submitting your Personal Data, you agree to this transfer, storing or processing.
All information you provide to us is via a 128 bit SSL connection, and is held temporarily on our secure servers, before being transferred to your GP using TLS encryption (where possible, although in exceptional circumstances it may be necessary for your data to be sent to your practice via an unencrypted connection). Where you complete an E-Consult Template, it will be packaged up into a risk report which will be emailed to your GP. Any Sensitive Personal Data inputted by you will then be removed from our server. We log only the name of your GP’s practice, the type of consultation, the time of submission of the E-Consult Template and your initials, and periodically delete these log files. For auditing purposes we also store in our database a record of every E-consult submitted, but this does not include any Personal Data or Sensitive Personal Data.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. You must not share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we use SSL technology for all communication with the Website, we cannot guarantee the security of your data transmitted to the Website, or for the transfer of your data to the practice; any transmission is at your own risk.
USES MADE OF THE INFORMATION
We use Personal Data held about you in the following ways: To ensure that content from the Website is presented in the most effective manner for you and for your computer; to allow you to participate in interactive features of our service, when you choose to do so; or to notify you about changes to our service.
We will not pass your Personal Data or Sensitive Personal Data to a third party for marketing purposes.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information (but not your Sensitive Personal Data) to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your Personal Data (but not your Sensitive Personal Data) to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets.
If we or substantially all of our assets are acquired by a third party, in which case Personal Data (but not Sensitive Personal Data) held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your Personal Data (but not your Sensitive Personal Data) in order to enforce or apply our terms of website use and other agreements; or to protect the rights, property, or safety of ourselves, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We may disclose your Personal Data and Sensitive Personal Data to third parties if we are under a duty to disclose or share your Personal Data or Sensitive Personal Data in order to comply with any legal obligation.
The Website may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites should have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data or Sensitive Personal Data to those websites.
ACCESS TO INFORMATION
All information that we hold about you will be held on your Customer Account for you to access. The Act also gives you the right to access information held about you and you can exercise your right of access in accordance with the Act if you wish. Any such access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.