Privacy Policy
Download our Privacy Policy Here
Introduction
Enhanced Care Services Ltd is committed to data security and the fair and transparent processing of personal data. This privacy policy (Policy) sets out how we will treat the personal data which you provide to us in compliance with applicable data protection law, in particular the General Data Protection Regulation (EU) 2016/679 (GDPR).
Please read this Privacy Policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data, how to contact us and supervisory authorities in the event that you would like to report a concern about the way in which we process your data.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
This privacy notice aims to give you information on how Enhanced Care Services collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, purchase a product or service.
This website is not intended for children and we do not knowingly collect data relating to children.
Who are we?
Enhanced Care Services was incorporated in 2015, Company number 09717413. Our registered address is Unit H9, Adanac North, Adanac Drive, Nursling, Southampton, SO16 0BT.
For the purposes of the GDPR, Enhanced Care Services is the ‘controller’ of the personal data you provide to us.
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below. You may contact us by sending an email to dpo@enhancedcareservices.co.uk.
Enhanced Care Services owns and operates www.enhancedcareservices.co.uk
This Policy, together with our Website terms of use and Cookie Policy, as well as any other documents referred to in them, sets out the basis on which Enhanced Care Services processes personal data.
All calls may be recorded.
When our ambulance services are used
We respond to service requests calls by getting medical help to patients as quickly as possible. Every time we receive a job request call, our staff record the relevant details and use information about the nature of the patient’s illness or injury to ensure they are sent the right medical help.
What kind of personal information do we process?
The following information is taken when a call is made to our dispatch team;
Name of caller
Name of patient
Age of patient
Gender of patient
Contact details of caller
Contact details of patient
Reason why our service is required
Any relevant medical history of the patient
The recording of the request call
Other information that may be processed includes;
Medical treatment provided to the patient.
Visual images for example CCTV and Still Photography.
Religious or similar beliefs
Racial and ethnic origin
In some cases it may be appropriate to obtain contact details of other individuals present at the scene.
How will the information be used and what is the lawful basis?
The information is processed by Dispatch Operation Control staff (these can include call takers, dispatchers and responding crews) to determine the most appropriate response for patient’s care. Information is also processed to promote or support the provision of healthcare services to patients. Personal information is processed on the lawful basis that;
We have a legal duty to perform our tasks in the public interest [GDPR Art 6(1)(e)].
It is necessary to protect someone’s life [GDPR Art 6(1)(d)].
You have given us your consent [GDPR Art 6(1)(a)].
You have given us your explicit consent [GDPR Art 9(2)(a)].
Will my information be shared with anyone else?
It may be appropriate to share your information with other services and third parties. These can include:
NHS Commissioners, who are responsible for procuring healthcare services to meet patient’s needs.
Hospitals for example where a pre alert is necessary for an acutely ill patient on route to Hospital.
Out of Hours GP services to provide alternative medical services where deemed appropriate.
Midwifes, when the call is regarding obstetrics.
Social Services where there is a concern for the welfare of the patient or others involved.
Mental Health services where the patient has a mental health illness and specific treatment is required.
Dental Service providers may be contacted where the Emergency relates to dental complaints.
Next of Kin, where the patient has requested us to make the person aware of any ongoing incident.
We will share information with other third parties if there is a statutory basis for disclosure or a requirement to comply with a court order [GDPR Art 6(1)(c)].
What personal data do we collect for Education?
We may collect, store and otherwise process the following personal data:
Information you or your approved centre (training provider or employer) provide to us:
If you:
• complete a form on our website;
• correspond with us by phone, e-mail, or in writing;
• report a problem;
• enter into a contract with us to receive products and/or services;
• register a learner for a qualification;
We may collect your name, date of birth, ethnicity, e-mail address, postal address, telephone number, job role. For the purposes of providing support to our learners we will ask for information relating to disabilities and their direct contact details.
Information we collect about you
If you visit our Website, we may automatically collect the following information:
• technical information, including the internet protocol (IP) address used to connect your computer to the Internet, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• information about your visit to our website such as the products and/or services you searched for and view, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Please see our cookie policy for further details.
Information about other people
If you provide information to us about any person other than yourself, such as your relatives, next of kin, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
Sensitive Personal Data
In certain limited cases, we may collect certain sensitive personal data from you (that is, information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences, or genetic or biometric data). However, we will only do so on the basis of your explicit consent.
How do we use your personal data?
When we ask you to supply us with personal data we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supply of any personal data we ask for is optional.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Contract performance: we may use your personal data to fulfil a contract, or take steps linked to a contract:
• to provide the products and/or services to you;
• to communicate with you in relation to the provision of the products and services;
• to provide you with administrative support such as account creation, security, and responding to issues; and
Legitimate interests: where this is necessary for purposes which are in our, or third parties, legitimate interests. These interests are:
• providing you with newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by Enhanced Care Services which may be of interest to you;
• communicating with you in relation to any issues, complaints, or disputes;
• improving the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our Website;
• performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns.
NOTE: you have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading Your rights.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Consent: where you have given your express consent to receive marketing communications, we may use your personal data to:
• send you newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by Enhanced Care Services which may be of interest to you;
• developing, improving, and delivering marketing and advertising for products and services offered by Enhanced Care Services.
Where required by law: we may also process your personal data if required by law, including responding to requests by government or law enforcement authorities, or for the prevention of crime or fraud.
Who do we share your personal data with?
We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.
We may also share your personal data with trusted third parties to provide our services, including:
• legal and other professional advisers, consultants, and professional experts;
• service providers contracted to us in connection with provision of the products and services such as providers of IT services and customer relationship management services; and
• analytics and search engine providers that assist us in the improvement and optimisation of our Website.
We will ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.
We do not sell or provide your personal information to any third-parties outside of the above.
We do not share with a third-party recipient located outside of the European Economic Area. Should we have the need too, we will ensure that the transfer of personal data will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission where the data protection authority does not believe that the third country has adequate data protection laws.
We will share personal data with law enforcement or other authorities if required by applicable law.
Our Event Medical Services
Under this policy, we promise to endeavour to:
To keep your data safe.
To remove or delete your data as soon as we no longer need to keep it.
To never sell your data.
To make sure you are aware of your rights, in the clearest way possible.
How we will use the information you give us?
We will only use your information on the basis that it is necessary to:
Administer your event medical cover contract.
To provide an offer or quotation for an event medical cover contract.
To help process or resolve a complaint.
To with your explicit consent, provide you within information about future services we may offer.
To help prevent or reduce financial crime.
Who do we send your information to?
Where we need to pass information to other firms, it will only be for the purpose outlined above
By other firms, we mean:
Healthcare Bodies
Compliance consultancy.
Companies who process, administer, or destroy our records.
Marketing consultants.
A regulator such as the CQC
A crime prevention body.
Your venue, local authority or other person who has requested proof of event medical cover, with your consent only.
Why do we get in touch with you?
When we contact you, it will either be for administering your contract for event medical cover or resolving a complaint.
It could also be because we have a legitimate interest in offering you a related product in the form of:
An invitation to take out medical cover with us for future events
Following up with quotations you have received from us, or
Following up an application or enquiry which you have made to us
For any other marketing it will only be with your consent and you will be able to withdraw your consent or unsubscribe easily at any time.
If we need to obtain information which is by nature sensitive, we will only do so on the basis that it is in the public interest.
Where will your information be stored?
All information which will collect about you will be stored within the UK by us, mostly in an electronic format.
If we send your data to a third party, we will have undertaken a due diligence check on them to ensure they are either GDPR compliant or covered by necessary contractual controls (if outside of the European Economic Area) to ensure compliance relative to GDPR is present.
What type of personal information do we need?
To administer your event medical contract and offer you a contract, we will need to collect contact details from you.
We will only collect what is necessary and will only keep it for as long as we are required to do in line with our data retention policy. You can ask us for a copy.
_______________________________________
When you apply for a job with us
What kind of personal information do we process?
When you apply to work with Enhanced Care Services;
Your name
Your contact details including email address, home address and telephone numbers
Details of your CV which can include work experience, locations, dates and positions held, DBS and any relevant certificates.
Names and contact information of your referees
Equal opportunities information such as race, ethnic origin and disabilities.
Employee records including;
Employment history with the organisation
Employment terms and conditions (e.g. pay, hours of work, holidays, benefit, absence)
Any accidents connected with work
Sickness records
Any training taken
Any disciplinary action
Personal details relating to occupational health
Bank Account details
NHS Pension details
Contract and supporting documentation
Next of Kin contact details
Information secollected as part of the recruitment process.
During employment, information may be provided directly by the staff member or generated as a direct result of activities related to your employment.
How will the information be used and what is the lawful basis?
Information is processed in a variety of paper and electronic formats and is used to;
Create and maintain your staff record (GDPR Art 6(1)(b) Processing in necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Communicate with you throughout your employment with Enhanced Care Services. (GDPR Art 6(1)(b) – Processing in necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Monitor equal opportunity statistics and help us understand staff demographics (GDPR Art 9(2)(a) – we have your explicit consent to process this data)
Check criminal records every 5 years to help make safer working environments (GDPR Art 9(2)(a) – we will ask for your explicit consent to process this data) (GDPR Art 10 – Personal data relating to criminal convictions and offences includes personal data relating to the alleged commission of offences by an individual, proceedings for an offence committed or alleged to have been committed by an individual or the disposal of such proceedings (including sentencing)
To maintain sickness records (GDPR Art 9(2)(h) – is necessary for the assessment of the working capacity of the employee)
Check facts about your qualifications (GDPR Art 9(2)(b) – is necessary for the purposes of carrying out obligations in the field of employment and social security and law)
Will my information be shared with anyone else?
We carry out Enhanced Disclosure for existing staff already undertaking Regulated Activity, who move by secondment, promotion, or transfer to another Regulated Activity, and have never had a CRB/ DBS disclosure carried out before, or has a disclosure that is more than five (5) years old. A new disclosure will also be processed where a previously issued disclosure does not contain a PoCA or PoVA check where one is required. Follow this link for more information on Trust’s DBS policy. The Trust use the services of Atlantic Data to carry out criminal records check via the Disclosure and Barring Service (DBS). Please follow the link below to access their privacy policy. https://www.disclosures.co.uk/index.php
How do we obtain your information?
We mostly gather information from you, which you submit to us via our website, by telephone, face to face, by email or by post.
Further information
What are my legal rights?
Under GDPR, as an EU citizen, you would have the following rights:
You have the right to complain to the Information Commissioner at www.ico.org.uk, Tel 0303 123 11132.
You have the right to know how, why and where we process your data, as explained in this document.
You have the right to obtain a copy of your personal information from us, without charge by contacting us in writing, at the address above marking your correspondence FAO The Data Controller or by emailing us at admin@enhancedcareservices.co.uk.
This may include the right to transfer information to other providers.
Any request you make to us can take up to 30 days to facilitate.
We will provide the information to you in an electronic format.
You also have the right to know, to whom we have passed your information.
We may ask for proof of identity, or additional questions in order to process your request.
You have the right to ask us to correct information which we hold which is not accurate.
You have the right to ask us to delete your information or stop using it, unless it is necessary for us to retain it for legal purposes.
You may have the right to object if decisions about you are made solely by a computer.
How Secure is my information
There are appropriate technical and security measures in place to ensure the confidentiality, integrity and availability of our systems and personal information.
We do not share any of the information you provide with third parties for marketing purposes and it will never be sold.
Every individual has rights in relation to how their data is processed. These rights are detailed below;
The right to know how your data is processed; this is explained to you in this privacy notice
The right to know what personal information we hold about you; this can be exercised by sending us a subject access request using the contact details below. We will respond within one month.
The right to rectification; you can make a request to have any inaccuracies in your data rectified or completed it if it is incomplete
The right to erasure; also known as the ‘right to be forgotten’. We willvcomply with any request for your data to be erased.
The right to restrict processing: you the right to limit the way that we use your data.
The right to object to processing; all processing will stop if you tell us why you object and we agree with you.
The right to data portability; you can ask us to transfer your data to another organisation or give it you.
Your rights are determined by the legal basis upon we process your information, therefore in some circumstances not all rights will be applicable. Further explanation on your rights and how they can be exercised are provided on our data subject rights document.
How long will you keep your personal data?
Where there is a contract between us, we will retain your personal data for the duration of the contract, and for a period of six years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities.
Where you have consented to marketing communications, you may change your preferences or unsubscribe from marketing communications at any time by clicking the unsubscribe link in an email from us.
Where do we store your personal data and how is it protected?
We take reasonable steps to protect your personal data from loss or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Where you have a username or password (or other identification information) which enables you to access certain services or parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure.
Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Right to Access
You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address given below. Please include with your request information that will enable us to verify your identity. We will respond with 30 days of request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information. Or if your request is manifestly unfounded or excessive.
Right to rectification
We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
Right to erasure
You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data is erased, please contact us using the contact details provided below.
Right to object
In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the pressing of your personal data, please contact us using the contact details provided below.
Right to restrict processing
In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have contested the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering.
whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.
Right to data portability
In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to request that your personal data is ported to you, please contact us using the contact details provided below.
Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.
Call Recording
All of our phone lines may be recorded/and or monitored to ensure that our service is safe and effective. Recordings may also be used for the detection of crime. These recordings are stored securely and are only accessible by authorised personnel. We will never share a call recording without your consent, unless a legal basis is established first, or if required by law.
Complaints
If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint to the applicable supervisory authority or to seek a remedy through the courts. Please visit https://ico.org.uk/concerns/ for more information on how to report a concern to the UK Information Commissioner’s Office.
Links to Third Parties
We link our website directly to other sites and our approved third parties that may handle or have access to your personal data. This privacy policy does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read any privacy policy of any external websites you visit via links on our website.
Changes to our Policy
Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Policy.