PRIVACY NOTICE
Introduction
Travel Health Ltd Ltd ( “we”, “our” or “us”) understand that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits our websites, travelhealtlhltd.co.uk and any current or future subdomains and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
Please read this Privacy Policy carefully and ensure that you understand it.
It is likely that we will need to update this policy from time to time. We’ll let you know about significant changes, but you’re welcome to review the policy whenever you wish.
It also describes your choices regarding the use, access and deletion of your personal information.
Definitions
Cookie – means a small text file placed on your computer or device by our sites when you visit certain parts of our sites and/or when you use certain features of our sites
Cookie Law – means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
Personal data – means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”) or the Data Protection Act (“DPA”) 2018
Contact and data protection officer
Travel Health Limited as a registered Data Controller with the Information Commissioner’s Office (ICO – the UK’s regulator for data protection) within tier 2 has registration number ZB963568
If you have any questions about this notice, or would like to invoke your rights then please contact us on:
Travel Health Ltd
Building B
Arena Business centre
Watchmoor Park
Riverside Way
Camberley
Surrey
GU15 3YL
Tel No; 01276 402312
Company number: 11908668
Mail: [email protected]
Or get in touch with our Data Protection Officer:
Micheline Wehbe
Which personal data do we process and with what purpose
We process your personal data for a variety of purposes as set out in the sections below, which also shows our lawful basis under UK data protection legislation (UK GDPR) for doing so.
When you visit our websites
Purpose
When you visit our websites, we collect information about your behaviour to obtain statistics on the site use and for marketing on social media.
Legal basis for processing of personal data
The processing of personal data is based on your consent. Please note that you can withdraw your consent at any point.
Categories of personal data
We collect only personal data provided by you, which consists of IP address and your browsing behaviour.
Retention
The information used for statistics purposes is kept for 24 months, after which it is automatically deleted.
Automated decision-making and profiling
The collected personal information is not used for automated decision-making nor profiling.
Cookies
We use cookies on our websites. Please consult our cookie policy for additional information.
Links to other websites
There may be links on our websites that lead to other sites or our partners. We cannot be held responsible for the content of these sites or collection of personal data carried out there and you should read their Privacy Notices for information about their processing.
When you get vaccinated by us
Purpose
When you get vaccinated by us, we process your information to carry out the medical procedure (vaccination).
The provided details will not be used to sign you up to a newsletter, unless you specifically give a consent to marketing, when making the registration.
Legal basis for processing of personal data
The legal basis for processing your personal data is the performance of our contract with you (or our legitimate interests in performing the contract if the vaccination has been arranged by someone else other than you, e.g. your employer). We process your health-related data for reasons of providing preventive or occupational medicine in accordance with UK GDPR and the Data Protection Act 2018.
Recipients of personal data
Unless you have specifically requested (and permitted us) to share your information with your GP, the personal data remain within our control and is not shared with third parties other than the technology providers who support our service delivery (see Who Do We Share Your Personal Data With below).
Retention
We store your personal data as long as it is either required by the applicable legislation or as long as we consider it may be relevant for health professional reasons or for the sake of our continued servicing to you. Since information about vaccinations can in principle be relevant throughout life, we have no fixed routines for deleting such data.
If you have signed up for a newsletter, contact personal data are stored as long as you are actively subscribed to the newsletter or until you withdraw your consent. The personal information is also deleted if technical reception of the e-mail is refused (e.g. if the e-mail account is closed).
In case you book a consultation for vaccination, but do not attend, your data are deleted after 3 months.
Automated decision-making and profiling
The collected personal information is not used for automated decision-making nor profiling.
Recipients of personal data
The personal data remain within our control and is not shared with third parties other than the technology providers who support our service delivery (see Who Do We Share Your Personal Data With below).
Retention
The personal data will be deleted when it is no longer relevant, in most cases, within 12 months of the request getting resolved.
Automated decision-making and profiling
The collected personal information is not used for automated decision-making nor profiling.
When you write an e-mail to us
Purpose
When you write to us, we process the provided personal information with the aim of solving the query you have approached us with.
Legal basis for processing of personal data
Your data are processed because we have a legitimate interest in managing and responding to your query. If any special category data are included (such as health related data) then we process those for the purpose of delivering preventative medicine and the provision and management of healthcare in accordance with UK GDPR and the Data Protection Act 2018.
Categories of personal data
We strive to collect only information that is absolutely necessary to resolve your request – usually though it will include demographic details (name, date of birth, …), travel information, as well as relevant elements of medical history.
Recipients of personal data
The personal data remain within our control and is not shared with third parties other than the technology providers who support our service delivery (see Who Do We Share Your Personal Data With below).
Retention
The personal data will be deleted when it is no longer relevant, in most cases, within 12 months of the request getting resolved.
Automated decision-making and profiling
The collected personal information is not used for automated decision-making nor profiling.
When you visit our social media websites
Purpose
We, Meta, LinkedIn, and Twitter collect and process your personal data when you visit or interact with company pages (“fan pages”) or profiles. The purpose of the processing is to be able to market ourselves to potential customers, retain inquiries and similar related purposes.
We follow the ICO’s current guidelines regarding shared data responsibility and strive to ensure that visitors to our social media pages receive information about personal data. At present, this entails, among other things, that we continuously try to enter into a dialogue with our suppliers regarding the regulation of joint data responsibility and the distribution of responsibilities. As mentioned below in this policy, visitors to our social media pages also have the opportunity to exercise their rights, e.g. the right to access, the right to object and the right to deletion.
Note! If you do not want your information to be processed, please refrain from visiting our social media pages, as it is not currently possible for us to change our partner’s data collection settings.
Legal basis for processing of personal data
The processing of personal data is based on our legitimate interests in marketing our business and taking into consideration balancing those interests with yours. Information that would require consent is not processed.
Categories of personal data
Typically, we collect contact information in the form of name, e-mail, or phone number. If we receive special category information, such as health related data, it will be deleted as soon as it comes to our attention.
Recipients of personal data
Apart from the social media platform your personal data are not shared.
Retention
Since the personal data published on the social media pages are provided directly by you on our publicly accessible page, the information will initially remain on the page as long as it exists. As the submitter of the information, you can always object to the balancing of interests, with a view to having any postings deleted.
Automated decision-making and profiling
The collected personal information is not used for automated decision-making nor profiling.
When you answer customer satisfaction survey
Purpose
When you respond to a customer satisfaction survey, we process your information with the goal of improving our service and resolving potential grievances.
Legal basis for processing of personal data
The processing of personal data is based on our legitimate interests in understanding your customer experience, taking into consideration balancing those interests with yours. Information that would require consent is not processed.
Categories of personal data
Typically, we collect contact information in the form of name, e-mail or phone number plus your survey responses. If we receive special category information, such as health related data, it will be deleted as soon as it comes to our attention.
Recipients of personal data
The personal data remain within our control and is not shared with third parties other than the technology providers who support our service delivery (see Who Do We Share Your Personal Data With below).
Retention
The personal data are deleted after 6 months from its collection.
Automated decision-making and profiling
The collected personal information is not used for automated decision-making nor profiling.
When you report medical problem or launch a complaint
Purpose
When you report a medical problem or launch a complaint with us, we process the personal data with the purpose of handling and resolving the query.
Legal basis for processing of personal data
The processing of personal data is based on legal obligations to collect, handle and report about specific enquiries.
Categories of personal data
We ask for basic demographic data together with relevant medical information.
Recipients of personal data
We may share your personal information with the key public health institutions (NHS, CQC) but we will not share it with third parties other than the technology providers who support our service delivery (see Who Do We Share Your Personal Data With below).
Retention
The report/complaint together with its associated information is kept for 3 years after which it is deleted.
Automated decision-making and profiling
The collected personal information is not used for automated decision-making nor profiling.
How do we keep your data secure
We take sensible steps to keep your data secure and ensure we can uphold your rights and meet our obligations under UK GDPR:
- Data processed on our systems is encrypted both while in transit and at rest
- Systems themselves are hardened and regularly tested for technical weaknesses
- Physical protections are put in place to prevent unauthorised access
- Access to personal data is provided only to staff with a legitimate need and a strong authentication (with multiple factors) is enforced
- Our employees are subject to appropriate DBS background checks depending on their job role and are also subject to an obligation of confidentiality. All staff receive training on data protection matters
- We ensure that appropriate contracts are in place with our suppliers who process your personal data to protect your rights, to ensure that they take appropriate security measures to safeguard your data, and that any international transfers are done correctly under UK GDPR
Data subject rights
You have a number of rights relating to the processing of your data (see details below), if you would like to use them or have any questions then please contact us at reception @travelhealthltd.co.uk
We won’t charge you for handling your request, however we may reject it or require a compensation in case of frequent, repeated or unfounded requests.
Right to be informed about the collection and use of personal data
You have the right to be fully informed about why and how we process your information. This privacy notice is intended to meet that requirement, but please do contact us if you have any questions. If we obtain your personal data from a third party (e.g. a social media platform) then we will disclose this origin to you.
Right to access personal data
You have the right to request a copy of the data we hold about you.
Right to restrict the processing of personal data
You have the right to ask us to restrict the processing of personal data whilst we check its accuracy: if you think the processing is unlawful; if you believe we no longer need to process the data but you need us to store it due to pending legal claims; or when you object to our processing based upon our legitimate interests and we are assessing the validity of that.
Right to erase data
You have the right to ask us to delete the data we hold about you. Where we are holding the data to fulfil a legal obligation or a contract with you, your organization or a third party then we will need to retain the data in accordance with the data retention requirements shown above.
Right to rectify inaccurate or incomplete personal data
If you believe some of the data we hold are wrong or incomplete then you have the right to ask us to correct it.
Right to data portability
You can request a copy of the data you provided in a digital format which you can then supply to another provider when we are processing your personal data to fulfil a contract with you, or because we have your consent.
Right to object to automated decision-making and profiling
You have the right, in certain circumstances, not to be subject to decisions based on automated processing (including profiling) if it has a significant or legal impact on you. This doesn’t apply if the processing is necessary to fulfil a contract with you, or if you have given us your consent to do so.
We do not currently use any technology to make automated decisions about you.
Right to complain
You are always welcome to reach out to us at the address provided in section (Contact and Data Protection Officer) if you have a question or would like to complain about our handling of your personal information. Should you not be satisfied with our response, you can launch a complaint with the Information Commissioner’s Office (ICO) on their helpline 0303 123 1113 or online at www.ico.org.uk.
Please note that the ICO will normally ask you to contact us first.