×
Privacy Policy
Privacy Policy
Template Privacy Notice For Our Patients/service users
How we use and share your information to help you
We need to keep a record of the care you receive to ensure that:
• Professionals involved in your care have accurate and up-to-date information
• We have all the information necessary for assessing your needs and providing
excellent care
• Your concerns can be properly investigated if you raise a complaint
• Accurate information about you is available if you:
a) Move to another area
b) Need to use another service
c) See a different healthcare professional.
Your record
We have a duty to:
• Maintain full and accurate records of the care we provide to you
• Ensure that your records are confidential, secure and accurate
• Provide a copy at your request that is an accessible format (e.g. in large type if you are partially sighted). Your record may include some or all of the following:
a) Your name, address and date of birth
b) Contacts we have had with you, such as appointments
c) Notes and reports on your health
d) Details of treatment and care, images and test results
e) Information on medicines, side effects and allergies
f) Relevant information from people who care for you and know you well,
such as health professionals and relatives.
g) The staff who see you may also add notes on their professional
opinion.
If you wish us to, and it is practical, we will discuss and agree with you what we are going to enter on your record and show you what we have recorded.
Identifying you as an individual
We have many patients/service users with similar names so it vitally important for all patients/service users to be properly identified as individuals. In order to be absolutely sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items include:
• Full name
• Date of birth
• NHS number
• National Insurance number
• Passport as photo ID
• Driving licence as photo ID
• Permanent (home, not a temporary) address
How you can help us to keep your health record accurate
• Let us know when you change address, telephone number or name
• Tell us if any information in your record is incorrect
• Give your consent so that we can share information about you with other health professionals to make sure you receive the right healthcare
• Tell us if you change your mind about how we share the information in your record.
How 20One Clinic Ltd uses your contact details
We take your privacy seriously so please let us know how you want us to contact you.
• Telephone
If you provide a mobile phone number: we may ring, leave a message or text you, so tell us if you do not want us to do so.
If you provide a landline: we may leave a message, so tell us if you do not want us to do so.
• Email
If you provide us with your email address: we may use it send confidential health information, unless you have told us not to do so.
Please read the following before providing us with your email address.
a) Emails can be quick and convenient and will allow you to keep a record
(unlike a phone call). However, although our own systems are secure, it
may be possible to intercept your email when it is being sent over the
internet.
b) Be aware also that if you share your computer others may read your
emails.
c) You could use email to contact staff in relation to a query or to ask
about an appointment.
d) Do not give more personal information than we need to process your
request.
e) Do not ask us to send you medical details that you would not want seen
by other people.
If you have an urgent question or feel unwell after going home after treatment contact an emergency service e.g. 111 NHS emergency service or 999 for life threatening conditions by telephone, do NOT email.
How your records are kept
Our guiding principle is that we hold your records in strict confidence.
20One Clinic Ltd is registered under the Data Protection Act 2018. It abides by the law and observes good practice in maintaining confidentiality and appropriate information security.
We will fulfil its obligations under this Act to the fullest extent, including ensuring that the following eight principles governing the processing of personal data are observed.
i. personal data shall be processed fairly and lawfully;
ii. personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes;
iii. personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed;
iv. personal data shall be accurate and, where necessary, kept up to date;
v. personal data shall be kept for no longer than is necessary for the purposes for which it is processed;
vi. personal data shall be processed in accordance with the rights of data subjects under the Act;
vii. personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage;
viii. personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection
20One Clinic Ltd is also registered with the Care Quality Commission. This means that we are subject to ongoing inspection and regulation by the CQC. This includes checks by the CQC that we are observing all necessary and statutory guidelines for use of your data in line with Health and Social Care Act 2008 (Regulated Activities) Regulations 2014 (Part 3).
Information about you and the services you receive may be held in a number of formats and will be kept for the specific retention periods outlined by the relevant professional bodies. We use secure electronic systems to store user records, images and details of prescriptions. Patient data held on paper or disk will be processed in accordance with the Data Protection Act and destroyed using secure documented procedures after the time periods set out by the Department of Health.
How your records are used
We use your records to:
• Ensure that any treatment or advisory services we provide to you are based
on accurate information.
• Send a letter about your care to your GP or other health professional at the end of your treatment, unless you tell us not to do so.
• Work effectively with other services providing you with treatment or advice.
• Monitor the quality of our care and help us to understand the outcomes of care.
• Investigate any concerns or complaints you or your family have about your health care.
• Provide information that is needed for financial transactions in relation to payment for treatment, such as billing. For private patients/service users this may include details shared with your insurance company. If you have any concerns about this, please contact your insurer.
Anonymised data
We may remove your name and other details that could identify you so that we can use the information in your record anonymously to:
• Monitor and improve the quality of care received by patients/service users
• Protect the health of the general public, for example we may share anonymous and aggregated patient information with organisations such as the National Institute for Clinical Excellence and the Cancer Registry for research or statistical purposes
• Train and educate staff.
Wherever possible, we anonymise your data or use a quasi- identifier such as a patient number or NHS number.
Sharing your health record
20One Clinic Ltd has a designated Information Lead/Data Protection Officer who is responsible for protecting the confidentiality of patient information and making sure that information is shared where this is appropriate.
To make sure you receive all the care and treatment you need, we may need to share the information in your health record with other staff and organisations. This could include:
• Other healthcare professionals, such as doctors, pharmacists, and pathology
and radiology staff involved in the analysis and reporting of diagnostic tests
• Other hospitals and private sector organisations involved in your care
• Local authority departments
• Voluntary organisations providing on-going support
• Administrative support staff
Note that anyone who receives information from us also has a legal duty to keep it confidential.
We may also share information that identifies you where:
• You ask us to do so
• We ask for specific permission and you agree to this
• We are required to do this by law
• We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed).We do not give the names and addresses of patients/service users to other organisations except under the circumstances described in this Privacy Notice. Unless you have signed an additional consent, we will not contact you after your visit for purposes other than:
a) Follow up of care
b) Collecting your views about your stay with us
c) Settlement of any account that may be due, if appropriate
d) Complaints and concerns handling.
Sharing information with your family and friends
We will normally share information about the progress of your treatment with the person you name as your Emergency Contact, unless you have told us not to do so. Your emergency contact should be someone that you trust and feel close to. It does not have to be a blood relative; it can be a good friend. We ask patients/service users to name their emergency contact so that we know who you would like us to keep informed about the care we provide or the decisions we need to make. In identifying your emergency contact, you are giving us permission to keep her or him informed.
You can also name other people, with whom you would like us to share information about you. We make best efforts to ensure that information provided over the telephone is restricted to those you have named and we share on a need to know basis. Sometimes this means refusing to disclose information about you to someone who feels they should know about your treatment and progress. Please make your family and friends aware of this.
Special situations
Sometimes we have a legal duty to provide information about people; examples are reporting some infectious diseases, and when a court order instructs us to do so. Records may also be shared without the patient's consent in exceptional situations, such as to safeguard adults or children.
External Regulation
The Care Quality Commission is the independent regulator of health care and they also protect the interests of people whose rights are restricted under the Mental Health Act. They routinely inspect our premises to quality check information we hold and the services we provide in line with the Health & Social Care Acts. This is designed to ensure that patients/service users using services are protected and receive the care, treatment and support they need. These inspectors have the authority to access personal information without the permission of patients/service users.
Sharing your records outside the EU
If your permanent address is outside the EU, or your treatment is continuing outside the EU, we may send details of your treatment to individuals based outside the EU specifically to promote your ongoing care. This would normally be the doctor who referred you to us for treatment. If you wish, we can give you the documents so that you have physical control over this information.
In the usual course of our business, we may use third parties to process and store your data on our behalf. We normally store your data on secure servers in the European Economic Area (EEA). Such processing is subject to contractual restrictions with regard to confidentiality and security in addition to the obligations imposed by the Data Protection Act 2018.
Exceptionally we may make use our suppliers are based outside the EEA for processing and storing your data. We have strict controls over how and why your data can be accessed. By submitting your personal data, you agree to this.
Where necessary we may transfer personal information overseas for processing to support the long- term effectiveness of treatment and monitor patient outcomes. Personal information will be processed in this way where it is not possible to achieve this purpose with the use of anonymised or pseudonymised information only.
How can I stop my information from being shared?
20One Clinic Ltd acts to provide information principally for other health and social care professionals who have requested this since they require further detailed investigations on their patients/service users. So naturally we will normally need to share this information with your doctor who has referred you to our service.
If you do not want us to share your information with your GP, other healthcare providers or carers, please tell the team looking after you. But please note that not sharing your information may affect the care that can be provided for you.
You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. Where your wishes cannot be followed you will be told the reasons including the legal basis. You may at any time withdraw any consent you have previously given to us to process information about you.
If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with your professional, or email us typing ‘Opt Out Request’ in the subject line of the email.
Your legal rights
20One Clinic Ltd is the Data Controller of the data it holds about its patients/service users and staff.
You have the right to confidentiality under the Data Protection Act 2018 (DPA), the Human Rights Act 1998 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply.
You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.
You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:
• The right to obtain a copy of your record in permanent form;
• The right to have the information provided to you in a way you can understand, and explained where necessary, for example where abbreviations have been used. You would not be entitled to see information that:
a) Has been provided about you by someone else if they haven’t given permission for you to see it
b) Identifies another person who has not given permission for you to see the information about them
c) Relates to criminal offences
d) Is being used to detect or prevent crime
e) Could cause physical or mental harm to you or someone else. If you are currently receiving services from us and wish to view the record without obtaining a copy, discuss your request with the professional in charge of your care.
Obtaining a copy of your record
If you wish to apply for access to the information we hold about you:
• You should send your request in writing to us.
• You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth, any unique identifier number/ NHS number (if known)
• We will take every reasonable step respond to you within 40 days of receiving your request
• You may be required to provide a form of ID before any information is released to you. Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.
Currency
This Privacy Policy is effective immediately and will remain in effect until further notice.
We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy
Further Questions
If you have any further questions about this Privacy Policy, or if anything is not clear, please let us know.
Further information about data protection issues is at:
Information Commissioner’s Office (ICO)
The Information Commissioner’s Office Wycliffe HouseCheshire SK9 5AFHelpline: 08456 30 60 60
Website: www.ico.gov.uk
APPENDIX 2
Privacy Notice For Our Staff
This Privacy Notice explains how 20One Clinic Ltd handles and uses personal data we collect about staff. Where in this statement we refer to ‘we’ or ‘our’ or ‘us’ we are referring to 20One Clinic Ltd, and where we refer to ‘you’ or ‘your’ we are referring to our staff.
We are registered with the Information Commissioner's Office (ICO). We are committed to protecting your personal information and to being transparent about what information we hold. 20One Clinic Ltd understands its obligations to you to help you understand how and why we process your personal data. This notice tells you about these uses and should be read in conjunction with the 20One Clinic Ltd data protection policy.
Our data protection policy and procedures are governed by the Data Protection Act 2018 and the EU General Data Protection Regulation.
Why we hold your personal data
We are required to hold your personal data for various legal and practical purposes, without which we would be unable to employ you.
Holding your personal data enables us to meet various administrative and legal obligations (e.g. for tax purposes).
We will also process your personal information in other circumstances, provided you have given your consent for us to do so.
Lawful basis for processing personal data
The lawful basis for processing the personal data of alumni and supporters as described in this document is to fulfil a contract with an individual.
There is a contractual requirement for you to provide much of the information detailed. Without this we will be unable to fulfil our obligations which could result in the contract terminating.
Personal data held by 20One Clinic Ltd
The information we hold about you is primarily information you provided when applying for your job, supplemented by information generated in the course of your employment.
In common with all data subjects:
• Your name
• Your contact details
• Unique personal identifiers and biographical information (e.g. date of birth)
• photographs of you;
• your attendance at 20One Clinic Ltd
• personal data provided by you for a specific purpose or purposes (for example, disability, catering preferences or lifestyle status for event management);
• information related to the prevention and detection of crime and the safety of staff and service users including, but not limited to, CCTV recording;
Also:
• financial information gathered for the purposes of your employment with us
• your visa requirements; copies of passports, visas, and other documents required to ensure compliance with Home Office requirements.
• Details of your education, qualifications and publications.
Particular to staff:
• your application and curriculum vitae;
• details of your career;
• references.
• your contract of employment;
• performance reviews;
• disciplinary, grievance and capability procedures;
• accidents at work; and
• training provided.
Sensitive personal data held by 20One Clinic Ltd
The information we hold is that which you provide to us (for example, you may give us information by filling in forms on our website, or by corresponding with us by post, telephone, and email or otherwise).
Records may contain:
• your religious affiliation
• how your personal data is used by 20One Clinic Ltd Your data is used by us for a number of purposes including: Publications, invitations and other communications.
• e-news and flash emails.
• internal reporting and record keeping.
• administrative purposes (e.g. in order to process fees payments or to administer an event you have registered for or attended).
• Responding to data access requests you make.
Also:
• Giving key card access to parts of the premises (if appropriate)
• issuing references at your request.
• Contacting you, your next of kin, or other relevant contact in case of an emergency.
• Inclusion in our directories.
• Marketing, including images, online, in print and on social media (with your consent)
Communications to you may be sent by post, telephone or a work email address. Your personal mobile phone number will only be used if you have given consent.
If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given below. We will always respect a request by you to stop processing your personal data, and in addition your statutory rights are set out below.
Sharing your data with others
Within 20One Clinic Ltd, personal data, including sensitive personal data, may be shared between members of staff who legitimately need the information to carry out their normal duties to support your time with us. We endeavour to ensure that sensitive personal data is only shared with colleagues with your explicit consent. However, circumstances may arise where this data is shared with colleagues without gaining your consent. This will only occur if it is necessary to protect your vital interests or the vital interests of another person; or for certain other reasons where it is not possible or appropriate to gain your consent such as disclosures to the police for prevention or detection of crime, or to meet statutory obligations relating to equality monitoring.
20One Clinic Ltd may disclose certain personal data to third parties. These external organisations, and the purpose for sharing the information, are set out below.
Relevant data, including your bank details, will be shared with our payroll providers and may be shared with our accountants (for payment of expenses).
Relevant data may be shared with your next of kin but only with your consent or in an emergency.
Relevant data may be shared with Home Office, UK Visas and Immigration (UKVI) in order to fulfil any obligations as a visa sponsor.
Data may be shared with reputable “data processors” for the purposes of sending communications (e.g. mailchimp).
With your permission we may share information about you for publicity and marketing purposes online, in print and on social media.
Otherwise, 20One Clinic Ltd does not share data with any third party, except as allowed for in other privacy notices or required by law. We do not sell your personal data to third parties under any circumstances, or permit third parties to sell on the data we have shared with them.
Transfer of personal data to other countries
Where data is shared within the UK, or the European Union (EU), the third party will be required to comply with and safeguard the data under the terms of the DPA and appropriate EU regulations.
Your personal information will only be transferred to countries, outside of the EU, whose data protection laws have been assessed as adequate by the European Commission, or where adequate safeguards, such as the EU-US Privacy Shield, are in place.
How long data is kept
We will keep your personal data only as long as is necessary for the purpose(s) for which it was collected, and in accordance with our Data Protection Policy. Data will be securely destroyed when no longer required. Where you exercise your right to erasure, we will continue to maintain a core set of personal data (name, dates of working at 20One Clinic Ltd and date of birth) to ensure we do not contact you inadvertently in future, and to maintain your record for archive purposes. We may also need to retain some financial records about you for statutory purposes (e.g. accounting matters).
Your rights
You have the following rights
To be informed This Privacy Notice provides the information you are entitled to receive
Access Please contact us if you would like confirmation that your data is being processed and access to your personal data.
There is no charge for us providing you with this data and it will usually be provided within a month of the request (unless the request is unfounded or excessive).
Rectification Please inform us of any data which you would like rectified and we will usually respond within a month of the request.
We will pass on the changes to any third parties who need to change their records and let you know this has been done.
Erasure You may exercise your right to have your personal data erased in a number of circumstances (e.g. if the data is no longer necessary in relation to the purpose for which it was created or you withdraw your consent). Where possible we will comply with all such requests, though some details are part of the
College’s permanent records (e.g. examination results, college photographs)
which cannot reasonably be deleted.
Restrict processing You can tell us that we can keep your data but must stop processing it, including preventing future mailings and communications.
If possible we will inform any third parties to whom your data has been disclosed of your requirement.
Data portability Your data is across manual records and a bespoke Access database. We will do our best to provide information in a portable format but it is unlikely that we
can create systems to do so.
to object If we can, we will stop processing your data if you object to processing based on legitimate interests or the performance of a task in the public interest / exercise of official authority (including profiling).
We will stop processing your data for direct marketing if you tell us to.
We will stop processing your data if you object to processing for purposes of research and statistics.
Not to be subject to automated decision-making
including profiling We do not use any automated decision-making.
We reserve the right to judge what information we must continue to hold to be able
to fulfil our contract with you.
You have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns.
Further information
The controller for your personal data and our Data Protection Officer is our CQC Registered Manager or nominee. Please ask for details
Our Data Protection Officer is responsible for monitoring compliance with relevant legislation in relation to the protection of personal data. Please contact us if you have any concerns or questions about the above information or you wish to ask us not to process your personal data for particular purposes or to erase your data. Where you have specific requests relating to how we manage your data, we will endeavour to resolve these, but please note that there may be circumstances where we cannot comply with specific requests.
We will publish on our website any changes we make to this data protection statement and notify you by other communication channels where appropriate.
-
Confidential & Non-Disclosure Agreement for Services
1. Definitions
“Information” shall mean all material relating to personal health or the health sector disclosed by either Party and information which is disclosed to the receiving Party in connection with any client health data, health service, health decision, business discussion, conference or other dealings between the Parties, whether written visual or oral, which shall include but shall not be limited to previous health data, newly acquired health data in the course of business, all other health data, trade secrets, systems, concepts, designs, configurations, techniques, copyrighted matter patented or patentable inventions, plans, methods, drawings, data, documents or other paperwork, computer programs, narratives, but also includes business and marketing plans, dealings arrangements, objectives, locations and customer information.
“Third Party” shall mean any individual, firm, association or body corporate that is not a staff member of 20one Consulting and is not the Client themselves.
2. Undertaking
1. The Parties acknowledge that in order to enable them to conduct a business relationship, each Party may be required to disseminate the other Party’s Information to various employees or partners.
2. Each Party undertakes to cause any of its staff or third parties to whom such Information is transmitted to be bound to the same obligation of secrecy and confidentiality to which the Parties are bound under this Agreement.
3. In all cases in which information is to be shared from beyond the Parties, neither Party shall communicate the other Party’s information in any form to any other staff or partner without the other Party’s prior written consent unless either Party has agreed to the sharing of their data in a specific way previously.
4. In the case of seeking review by another staff member or partner or Third Party, information will be fully anonymised to be untraceable to the client by default to 20one Consulting’s best efforts; unless stated in writing by the client; or unless the receiving Third Party requires identification to provide such information and it is judged by the disclosing Party to be to the other Party’s benefit with no identified potential harms.
5. Notwithstanding Clause 2.1, it is acknowledged that certain information may be required to be communicated to Third Parties, but neither Party shall communicate the other Party's information in any form to any Third Party without the other Party's prior written consent.
6. Written consent is necessary for any information to be disclosed to any Third Party, which can only be disclosed pursuant to a non-disclosure agreement between the Party providing the information and the Third Party unless agreed upon in writing before.
7. That non-disclosure agreement shall conform to this Agreement, any variation being subject to the written consent of the other Party.
8. The receiving Party agrees that information shall not be copied or reproduced by it or submitted to a Third Party without the express permission of the disclosing Party.
9. The receiving Party shall use the information only for its own review and service purposes and shall not use the information to develop any service beyond those provided by 20one Consulting unless agreed by the disclosing Party.
10. Third Parties must not use received information for its own financial or other benefit, beyond what is needed to perform the Statement of Work
a. Exceptions should be agreed to be discussed between the Parties
11. Neither party shall use any relevant information for the purpose of making any investment, collaboration, funding or other business decision in relation to any of a Party’s business partners that are disclosed to the other Party.
a. Business Partners include service provider partners of the Parties and organisations or persons who are recipient of investment by the Parties
b. If either party wishes to initiate an investment, collaboration or other business decision in relation to either Party’s business partners, this should be discussed between the Parties and terms agreed and signed in writing
12. In addition, the Parties further agree that you shall not without the other Party’s prior written consent, meet with, solicit, contact or otherwise pursue any business relationship (whether as investor, funder, partner or other relationship) with any disclosed business partner of either Party.
13. If the case where a Party is not clear what constitutes a business partner of either Party, they should confirm this with the corresponding Party
3. Intellectual property rights
1. The Parties agree that all rights to the information shall be and remain the property of the originating Party
2. Nothing contained in this Agreement shall affect the respective rights of each Party.
3. This Agreement shall not operate as a direct or indirect assignment or license or public disclosure of any patent, copyright, registered design, trademark or any other proprietary right held by either Party.
4. Survival of terms
1. The obligation of this Agreement shall terminate only with respect to a portion of a Party's information:
a. If either Party can show that the information received from the other is or has become generally available to the public through no violation of the terms of this Agreement;
b. If either Party at any time lawfully obtains such information in writing from a Third Party under circumstances permitting its disclosure, or
c. If such information is disclosed with the prior written consent of the Party to whom such information belongs, provided that any disclosure complies in all respect with Clause 2 and the terms of such written consent.
regards to all information disclosed by either Party, the obligations of this Agreement with respect to either Party’s Confidential Information shall not terminate after the date this Agreement is executed by the Parties.
2. Upon termination either Party shall within ten (10) days of a written request received from the other Party return all the information provided by that Party as shall be specified in the written request.
5. Injunctive relief
1. The Parties agree that in the event of any violation or threatened violation of this Agreement, the injured Party shall be authorised and entitled to obtain from any court of competent jurisdiction injunctive relief, as well as an equitable accounting of all profits or benefits arising from such violation.
6. Governing law
1. This Agreement shall be governed by and construed in accordance with English law and both Parties shall submit to the exclusive jurisdiction of the Courts of England and Wales, and shall be dealt with in the courts of London or Cambridge.
7. Severability
1. If a court finds any provision of this Agreement invalid or unenforceable, the offending clause shall be amended to give effect to this Agreement, (so far as such clause may be amended), and the remainder of this Agreement shall be interpreted so as to give effect the intent of the parties
8. Relationships
1. Nothing contained in this Agreement shall be deemed to constitute either party apartner, joint venturer or employee of the other party for any purpose.
9. Integration
1. This Agreement expresses the complete understanding of the parties with respect to the subject matter and supersedes all prior proposals, agreements, representations, and understandings. This Agreement may not be amended except in a writing signed by both parties.
10. Waiver
1. The failure to exercise any right provided in this Agreement shall not be a waiver of prior or subsequent rights.
Email, internet and mobile communication (electronic communications)
1. 20one Consulting provides requires Clients to communicate by electronic communications via end-to-end encrypted messaging applications, however clients may choose to use e-mail. Transmitting confidential health information by e-mail, however, has several risks, both general and specific, that should be considered before using e-mail.
a. Risks:
i. General e-mail risks are the following: e-mail can be immediately broadcast worldwide and be received by many intended and unintended recipients; recipients can forward e-mail messages to other recipients without the original sender(s) permission or knowledge; users can easily misaddress an e-mail; e-mail is easier to falsify than handwritten or signed documents; backup copies of e-mail may exist even after the sender or the recipient has deleted his/her copy.
ii. Specific e-mail risks are the following; clients who send or receive e-mail from their place of employment risk having their employer read their e-mail.
iii. The Client should understand that if for any reason they choose to disclose information regards sensitive medical history, this should not be done via email, and doing so it at their own risk due to the aforementioned general and specific risks; this include but are not limited to communications concerning diagnosis or treatment of AIDS/HIV infection; other sexually transmissible or communicable diseases, such as syphilis, gonorrhoea, herpes, and the like; behavioural health, mental health or developmental disability; or alcohol and drug abuse.
b. 20one Consulting will use reasonable means to protect the security and confidentiality of e-mail or electronic communications. Because of the risks outlined above, we cannot, however, guarantee the security and confidentiality of e-mail or internet communication.
c. 20one Consulting endeavour to encourage the use of electronic communication means other than e-mail, such as end to end encrypted internet-based messaging apps, of which may not have the same specific or general risks of email-based communication
d. If the Client uses email or other electronic communications methods as a means to communicate sensitive information, the Client consents to the use of that electronic communications methods for confidential information after having been informed of the above risks. Consent to the use of electronic communications, including e-mail includes agreement with the following conditions:
i. 20one may forward electronically communicated messages to other 20one staff members as appropriate to provide the Services, 20one will not, however, forward messages to a 3rd party without the consent of the client as required by law.
ii. 20one will endeavour to read a message promptly but can provide no assurance that the recipient of a message will read the message promptly.
iii. It is the responsibility of the sender to determine whether the intended recipient received the message and when the recipient will respond.
iv. 20one Consulting cannot guarantee that electronic communications will be private. However, we will take reasonable steps to protect the confidentiality of the message but 20one Consulting is not liable for improper disclosure of confidential information not caused by its employee’s gross negligence or wanton misconduct.
v. If consent is given for the use of electronic communications, it is the responsibility of the Client to inform 20one Consulting of any types of information you do not want to be sent by each method of electronic communications.
vi. It is the responsibility of the client to protect their password or other means of access to electronic communications services sent or received from 20one Consulting to protect confidentiality. 20one Consulting strongly recommends protecting your electronic communications service accounts with 2 factor authentication where possible and signing out immediately after completing your work. 20one Consulting is not liable for breaches of confidentiality caused by the client. Any further use of any particular electronic communications service initiated by the client that discusses sensitive information constitutes informed consent to the foregoing.
I understand that my consent to the use of electronic communications and e-mail may be withdrawn at any time by electronic communications or written communication to 20one Consulting.
I have read this section carefully and understand the risks and responsibilities associated with the use of electronic communications and particularly e-mail.
By signing at the foot of this document I agree to assume all risks associated with the use of electronic communications and e-mail.
Use of your data
1. Confidentiality and your data
1. Your identifiable data will not be accessible by anyone other than the minimal number of 20one Consulting staff and service providers as to provide Services
2. Your data will only be visible by 20one Consulting staff and service providers for the purposes of delivering Services.
3. Where possible your data will be fully anonymised prior to sharing with other 20one Consulting staff or service providers.
2. Data collected (including audio, video and photographic data)
1. We may collect the following Data, which includes personal Data, from you: Name, date of birth, health data including genomic, medical imaging, height, weight, ethnicity, bodily fluid test results
2. in each case, in accordance with this agreement.
3. We will retain any Data you submit for as long as is needed to provide a Service to you or until requested for any or all your data to be removed or changed.
3. Data management
1. For purposes of the Data Protection Act 1998, 20one Consulting is the "data controller".
2. We will retain any Data you submit for as long as is needed to provide a service to you or until requested for any or all of your data to be removed or changed.
3. In the case where you request any of your data to be removed or changed, we will consult with the legal, regulatory or other requirements relevant to such data in order to determine the extent of actions we can provide. For example, we may be required to store certain health data for certain minimum periods of time to satisfy audit requirements by regulators, or tax requirements by governments.
4. Unless we are obliged or permitted by law to do so, and subject to any third-party disclosures specifically set out in this policy, your Data will not be disclosed to third parties.
5. All personal Data is stored securely in accordance with the principles of the Data Protection Act 1998.
6. Any or all the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our services. Specifically, Data may be used by us for the following reasons:
a. provision of the Services
b. in each case, in accordance with this privacy policy.
4. Accessing your data
1. You have the right to ask for a copy of any of your personal Data held by 20one Consulting (where such Data is held) for a cost reasonable for the staff time and necessary hardware, software and services to deliver such data.
5. Data security
1. Data security is of great importance to 20one Consulting and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected
2. If password access is required for certain parts of the service, you are responsible for keeping this password confidential.
3. We endeavour to do our best to protect your personal Data. However, transmission and or storage of information over the internet is not entirely secure and is done at your own risk. We cannot ensure the security of your Data transmitted or stored via our services.
4. If chosen to opt out of any security recommendation, security software, or security hardware we advise to you of which makes 20one Consulting’s data practices not compliant with the Data Protection Act, 20one Consulting hold no liability for any breach, damage or loss of your data.
a. 20one Consulting will go to their best efforts to notify you when this is occurring and to inform you of potential alternative practises and risks with current practice.
b. Written informed consent from the Client will be obtained, certifying that they opt out of Data Protection Act compliant security practice. This written informed consent will be stored. 20one Consulting have included this term to allow a more personalised experience if a client should want to use their own software and hardware in a manner not advised by 20one Consulting.