Privacy Notice

Privacy Notice for Miss Anna Maino

I provide private medical services. When you use my website (annamaino.com), make an enquiry or use my services I may collect personal information about you. I am the controller and I am responsible for your personal data. I have written this statement to tell you:

what information I collect about you
how I collect that information
what I use your information for
my legal basis for processing information about you
who I may share the information with
how long I will retain this information
how I will communicate with you
what choices you have about what I can do with your information
how to access and update your information

How I collect personal information

I collect personal information from you and from third parties (anyone acting on your behalf, for example healthcare providers).

I collect personal information from you through your contact with me, including by phone (I may record or monitor phone calls to make sure I am keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through my website, by post, by filling in application or other forms, through social media or face-to-face (for example, in consultations, diagnosis and treatment).

I also collect information from other people and organisations.

I may collect information from:

a family member, or someone else acting on your behalf;
your parent or guardian, if you are under 18 years old;
doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
any service providers who work with me in relation to your medical treatment or health assessments; and
sources which are available to the public, such as the edited electoral register or social media.

Categories of personal information I process

I process two categories of personal information about you and (where applicable) your dependants:

standard personal information (for example, information I use to contact you or identify you); and
special categories of information (for example, health information, information about your race, ethnic origin and religion that allows me to tailor your care, and information about crime in connection with checks against fraud or anti-money-laundering registers).

Standard personal information includes:

contact information, such as your name, address, email address and phone numbers;
the country you live in, your age, your date of birth and national identifiers (such as your NHS number);
information about your employment;
details of any contact I have had with you, such as any complaints or incidents;
financial details, such as details about your insurance policy and your bank details;
the results of any anti-fraud checks I have made on you; and
information about how you use my website

Special category information includes:

information about your physical or mental health, including genetic information or biometric information (I may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact I have had with you such as from telephone calls, emails, faxes, information about complaints or incidents, and referrals from your insurance provider, quotes and records of medical services you have received);
information about your race, ethnic origin and religion.

What I use your personal information for

I process your personal information in order to provide medical services. I also set out some legal reasons why I may process your personal information (these depend on what category of personal information I am processing).

By law, I must have a lawful reason for processing your personal information.

I process standard personal information about you if this is:

necessary to provide the services set out in a contract – if I have a contract with you, I will process your personal information in order to fulfil that contract (that is, to provide you and your dependants with my services); or
in my or a third party’s legitimate interests; or
required or allowed by law; or
you have provided your consent to such use.

I process special category information about you because:

it is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health care or treatment, or to manage health-care systems (including to monitor whether I am meeting expectations relating to my clinical and non-clinical performance);
it is necessary for an insurance purpose (for example, advising on, arranging, providing or managing an insurance contract, dealing with a claim made under an insurance contract, or relating to rights and responsibilities arising in connection with an insurance contract or law);
it is necessary to establish, make or defend legal claims (for example, claims against me for insurance);
it is necessary for the purposes of preventing or detecting an unlawful act in circumstances where I must carry out checks without your permission so as not to affect the outcome of those checks (for example, to check lawful behaviour, or carry out investigations with other insurers and third parties for the purpose of detecting fraud);
it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a member’s complaint or a regulator (such as the Care Quality Commission or the General Medical Council) telling me about an issue);
it is in the public interest, in line with any laws that apply;
it is information that you have made public; or
I have your permission. As is best practice, I will only ask you for permission to process your personal information if there is no other legal reason to process it. If I need to ask for your permission, I will make it clear that this is what I am asking for and ask you to confirm your choice to give me that permission. If I cannot provide a service without your permission (for example, I cannot manage and run a health service without health information), I will make this clear when I ask for your permission. If you later withdraw your permission, I will no longer be able to provide you with a service that relies on having your permission.

Where I store your personal data

The information that I collect from you will be transferred to, processed and stored within the European Union or the US.

I am committed to ensuring that my suppliers have appropriate technical, administrative and physical procedures in place to ensure that your information is protected against loss or misuse. All information you provide to me is stored securely or on secure servers operated by a GDPR-compliant/Privacy Shield scheme third party.

With whom do I share personal data?

I may disclose your information to the third parties listed below for the purposes described in this Privacy Notice. This would be the minimum required for the purpose. This might include:

a doctor, nurse, optometrist or any other healthcare professional involved in your treatment;
other members of support staff involved in the delivery of your care, like receptionists and secretaries;
anyone that you ask me to communicate with;
NHS organisations, including NHS Resolution, NHS England, Department of Health;
other private sector healthcare providers;
your GP;
third parties who assist in the administration of your healthcare, such as insurance companies;
Private Healthcare Information Network;
our regulators;
the police and other third parties where reasonably necessary for the prevention or detection ofcrime;
my insurers;
debt collection agencies;
my third party services providers such as IT suppliers, auditors, lawyers, document management providers and tax advisers;
HMRC and the VAT Commissioner as they require;
with others pursuant to a court order.

What about privacy on other websites?

Please remember that posts on the annamaino.com website or my social media pages may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. You should consult these other sites’ privacy policies and please be aware that I do not accept responsibility for their use of information about you.

How long do I keep personal data for?

The GDPR requires that personal data should not be held for longer than is necessary for the purpose for which it is being processed. However, it is a fundamental requirement that all of my records are retained for a minimum period of time for legal, operational, and safety reasons. The length of time for retaining records will depend on the type of record.

In most cases, where clinical medical services have been provided (treatment or private assessment), records will be retained for 8 years after the last contact (25 or 26 years for children’s records). This period has been determined with patient safety in mind and is consistent with most other healthcare providers.

How I communicate with you

I am likely to do this by telephone, SMS, email, fax and/or post. If I contact you using the telephone number(s) which you have provided (landline and/or mobile), and you are not available which results in the call being directed to a voicemail and/or answering service, I may leave a voice message on your voicemail and/or answering service as appropriate.

Please note that although providing your mobile number and email address and stating a preference to be communicated by a particular method will be taken as an affirmative confirmation that you are happy for me to contact you in that manner, I am not relying on your consent to process your personal data in order to correspond with you about your treatment. As set out above, processing your personal data for those purposes is justified on the basis that it is necessary to provide you with healthcare services.

Should you choose to contact me using the contact form on the Contact me page or by email, none of the data that you supply will be stored by this website or passed to / be processed by third party data processors. Instead the data will be collated into an email and sent to a NHSmail account over the Internet. Whereas NHSmail is accredited to the Health and Social Care secure email standard and is suitable for sharing patient data, the transmission of information via the internet is not completely secure. I cannot guarantee the security of your data until it is delivered to me; any transmission is at your own risk.

Your rights

You have the right to access your information and to ask me to correct any mistakes and delete and restrict the use of your information. You also have the right to object to me using your information, to ask me to transfer information you have provided, to withdraw permission you have given me to use your information. For more information, see below.

You have the following rights (certain exceptions apply):

Right of access: the right to make a written request for details of your personal information and a copy of that personal information. I will provide this free of charge although where such requests are frequent or excessive then I may charge an administration fee.
Right to rectification: the right to have inaccurate information about you corrected or removed.
Right to erasure (‘right to be forgotten’): the right to have certain personal information about you erased.
Right to restriction of processing: the right to request that your personal information is only used for restricted purposes.
Right to object: the right to object to processing of your personal information in cases where my processing is based on the performance of a task carried out in the public interest or I have let you know the processing is necessary for my or a third party’s legitimate interests.
Right to data portability: the right to ask for the personal information you have made available to me to be transferred to you or a third party in machine-readable formats.
Right to withdraw consent: the right to withdraw any consent you have previously given me to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of my use of your personal information prior to the withdrawal of your consent and I will let you know if I will no longer be able to provide you your chosen product or service.

Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and I will let you know in my correspondence with you how I will be able to comply with your request.

If you make a request, I will ask you to confirm your identity if I need to, and to provide information that helps me to understand your request better. If I do not meet your request, I will explain why.

Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

How to Contact me

Information I hold about you should be up-to-date and accurate. Please advise me of any change to your information using the email below.

If you have any concerns about the way your personal information has been processed, please contact me, by email (a.maino@icloud.com) or by writing to me at:

Miss Anna Maino

c/o Marple Medical Practice

50 Stockport Road

Marple

SK6 6AB

Alternatively, you may contact the Information Commissioner’ s Office on 0303 123 1113.

Changes to this Privacy Notice

This privacy notice may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.

Change log

19/07/2018 – version 1.1

Privacy Notice instigated.

Privacy Notice for Miss Anna Maino

I provide private medical services. When you use my website (annamaino.com), make an enquiry or use my services I may collect personal information about you. I am the controller and I am responsible for your personal data. I have written this statement to tell you:

what information I collect about you

how I collect that information

what I use your information for

my legal basis for processing information about you

who I may share the information with

how long I will retain this information

how I will communicate with you

what choices you have about what I can do with your information

how to access and update your information

How I collect personal information

I collect personal information from you and from third parties (anyone acting on your behalf, for example healthcare providers).

I also collect information from other people and organisations.

I may collect information from:

a family member, or someone else acting on your behalf;

your parent or guardian, if you are under 18 years old;

doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;

any service providers who work with me in relation to your medical treatment or health assessments; and

sources which are available to the public, such as the edited electoral register or social media.

Categories of personal information I process

I process two categories of personal information about you and (where applicable) your dependants:

standard personal information (for example, information I use to contact you or identify you); and

special categories of information (for example, health information, information about your race, ethnic origin and religion that allows me to tailor your care, and information about crime in connection with checks against fraud or anti-money-laundering registers).

Standard personal information includes:

contact information, such as your name, address, email address and phone numbers;

the country you live in, your age, your date of birth and national identifiers (such as your NHS number);

information about your employment;

details of any contact I have had with you, such as any complaints or incidents;

information about your race, ethnic origin and religion.

What I use your personal information for

I process your personal information in order to provide medical services. I also set out some legal reasons why I may process your personal information (these depend on what category of personal information I am processing).

By law, I must have a lawful reason for processing your personal information.

I process standard personal information about you if this is:

necessary to provide the services set out in a contract – if I have a contract with you, I will process your personal information in order to fulfil that contract (that is, to provide you and your dependants with my services); or

in my or a third party’s legitimate interests; or

required or allowed by law; or

you have provided your consent to such use.

I process special category information about you because:

it is necessary for an insurance purpose (for example, advising on, arranging, providing or managing an insurance contract, dealing with a claim made under an insurance contract, or relating to rights and responsibilities arising in connection with an insurance contract or law);

it is necessary to establish, make or defend legal claims (for example, claims against me for insurance);

it is in the public interest, in line with any laws that apply;

it is information that you have made public; or

Where I store your personal data

The information that I collect from you will be transferred to, processed and stored within the European Union or the US.

With whom do I share personal data?

I may disclose your information to the third parties listed below for the purposes described in this Privacy Notice. This would be the minimum required for the purpose. This might include:

a doctor, nurse, optometrist or any other healthcare professional involved in your treatment;

other members of support staff involved in the delivery of your care, like receptionists and secretaries;

anyone that you ask me to communicate with;

NHS organisations, including NHS Resolution, NHS England, Department of Health;

other private sector healthcare providers;

your GP;

third parties who assist in the administration of your healthcare, such as insurance companies;

Private Healthcare Information Network;

our regulators;

the police and other third parties where reasonably necessary for the prevention or detection ofcrime;

my insurers;

debt collection agencies;

my third party services providers such as IT suppliers, auditors, lawyers, document management providers and tax advisers;

HMRC and the VAT Commissioner as they require;

with others pursuant to a court order.

How long do I keep personal data for?

How I communicate with you

Your rights

You have the following rights (certain exceptions apply):

Right of access: the right to make a written request for details of your personal information and a copy of that personal information. I will provide this free of charge although where such requests are frequent or excessive then I may charge an administration fee.

Right to rectification: the right to have inaccurate information about you corrected or removed.

Right to erasure (‘right to be forgotten’): the right to have certain personal information about you erased.

Right to restriction of processing: the right to request that your personal information is only used for restricted purposes.

Right to object: the right to object to processing of your personal information in cases where my processing is based on the performance of a task carried out in the public interest or I have let you know the processing is necessary for my or a third party’s legitimate interests.

Right to data portability: the right to ask for the personal information you have made available to me to be transferred to you or a third party in machine-readable formats.

If you make a request, I will ask you to confirm your identity if I need to, and to provide information that helps me to understand your request better. If I do not meet your request, I will explain why.

Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

How to Contact me

Information I hold about you should be up-to-date and accurate. Please advise me of any change to your information using the email below.

If you have any concerns about the way your personal information has been processed, please contact me, by email (a.maino@icloud.com) or by writing to me at:

Miss Anna Maino