This is the Privacy Notice for Dixits Ltd.
To download a copy of the pdf click here.
The purpose of this notice is to inform you about how and why your personal data is used so that we are as transparent as we possibly can, and to ensure that you are aware of your rights under UK data protection legislation (UK GDPR, Data Protection Act 2018).
Dixits Ltd. is a company registered in England and Wales under 07167737. Our registered address is 5 Jubilee Terrace, Chichester, PO19 7XT. The Company is a data controller, meaning that it determines the purposes that your data is used for. You can contact us at Anupam.email@example.com or on 03335 672254.
The purpose for processing your data and our basis for doing so.
We process your personal data so we can take steps to enter into an agreement to provide privately contracted medical services and to deliver those contracted services such as consultations, surgical procedures and supporting your wider medical requirements.
When processing your data, we must establish our legal basis for doing so and the legal basis can be different depending on circumstances in which we process it. In this notice, you will see references to the basis of processing such as,”(Article. 6.1.f)”. These are a reference to the specific article of the UK General Data Protection Regulation under which we conduct the processing in question.
As a private patient, we will obtain and hold your full name, your contact details such as an email address, postal address and telephone number, your date of birth and your general practitioners’ details. We may also process your medical insurance details too. We process this information so we can provide you with our medical and surgical services, invoice you and maintain our communication with you.
Our legal basis for doing this is Article 6.1.b â€“ which is in the performance of a contract; this is necessary to deliver the service to you.
Your personal data may be obtained directly from you or provided to us by your General Practitioner, hospitals, other clinicians, your insurance company, and the NHS. Where we require your data in the pursuance of a contract, if you fail to provide that data, we will not be able to provide you with our services or enter into a commercial agreement.
We will process what is called ‘Special Category’ data which requires us to apply additional conditions. Specifically, we will process your relevant medical history which may contain details of your current or former medical conditions. We may also process data relating to your racial or ethnic background and / or religious beliefs where they have a bearing on your medical condition and / or on our treatment of you.
Our legal basis for processing your special category data is Article 9.2.h of the UK GDPR and Schedule 1, Part 1, Section 2 of the Data Protection Act 2018 which relates to the provision of medical diagnosis and health care.
We will also process your personal data if it is in your own or another person’s vital interest to do so and you are unable to consent yourself. The legal basis for this is Article 6.1.d.
Recipients of your data
As a general principle, we will not transfer your personal data to other recipients without your permission. There are some exceptions to this:
- If you do not pay your bills, we may choose to engage a third party to recover any money you owe us. Lawful basis Article 6.1.f, we have a legitimate interest to pursue money owed to us.
- It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate, including to statutory agencies. Lawful basis is Article 6.1.c – We have a legal obligation to share this information.
- We will share your personal data with your General Practitioner or another medical professional and the hospital where your consultation or procedure takes place. Lawful basis Article 6.1.f and Article 9.2.h, we have a legitimate interest to ensure you receive the most appropriate treatment and advice.
- We may also be asked to share information with U.K. registries which form part of the National Clinical Audit programme, hosted by NHS England and who provide a list of National Clinical Audit and Clinical Outcome Review programmes and other quality improvement programmes. which we should prioritise for participation. Our legal basis for this is Article 9.2.i, processing is necessary for reasons of public interest in the area of public health.
- We will share your information with the Private Healthcare Information Network which monitors outcomes of patients who receive medical treatment. The legal basis for sharing this information is Article 6.1.c – We have a legal obligation to share this data.
Data processed by third parties on our behalf.
We use the services of other organisations in the processing your data. We use a cloud-based platform for managing our appointment process, store consultation records and viewing diagnostic results. From time to time we also utilise the services of specialist advisors.
Those organisations that process personal data on our behalf are subject to a data processing contract as required by Article 28 of the UK GPDR. This ensures that your data is handled in accordance with the UK GPDR.
Transferring your data outside of the UK
Your personal data is retained within the UK in secure data centres. For the purpose of disaster recovery, your data may be transferred to data centres in the EU. If it occurs, this transfer will be conducted under an adequacy decision under Article 45 of the UK GDPR.
We will retain your data only for the time we require it for the purposes stated and / or where we have a legal obligation or other legitimate purpose. Our criteria for determining retention periods are the NHS Codes of Practice for Data Retention 2016 and any subsequent revision to these codes. We generally retain your personal data for a period of 8 years after you stop being a client of ours.
The UK GDPR requires us to implement technical and organisational measures to protect your data. This means our IT systems are protected by firewalls, anti-virus and anti-malware software. We use Transport Layer Security (TLS, also known as SSL) to encrypt any data you supply to us through our website.
The UK GDPR provides you with several rights in relation to the data of your we process. The rights relevant to our activities are:
- You have the right to get access to and copies of your personal data.
- You can in certain circumstances, restrict our processing of your data and request us to erase it (although we may have to retain some for legal reasons).
- You can ask us to rectify any inaccurate information we may be holding.
If you want to exercise any of these rights, contact us on the above email address.
You also have the right to lodge a complaint about our processing with a supervisory authority — the UK’s Information Commissioner’s Office.
Information Commissioner’s Office
Telephone: 0303 123 1113