We are BOC Limited, trading as “BOC Healthcare”, of the Priestley Centre, 10 Priestley Road, Surrey Research Park, Guildford, Surrey, GU2 7XY, England, (“BOC Healthcare”). We are part of the Linde Group of companies.
This document covers information we collect about you, whether via our website:http://www.bocclinicalservices.co.uk(our “Website”), or in connection with provision of our community services.
The clinical services we provide vary between services areas (not all services are provided in all areas), but as a whole include community based rehabilitation training and support for: individuals with long term conditions; who are on home oxygen therapy; or who have who have had a heart attack, heart surgery or recent heart procedure (our “clinical services”).
Please read this notice carefully to understand how your personal information will be treated.
1. PERSONAL INFORMATION THAT WE COLLECT
We collect a range of personal information, including:
date of birth;
email address; and
information about your physical and mental medical condition and history including: notes made by doctors and clinicians, test results and details and records about your treatment and care;
information about medicines that have been prescribed to you; and
information about decisions and assessments made in relation to you.
IP address (when accessing our Websites); and
other personal information that you choose to provide to us when you complete our online contact forms or otherwise make contact with us.
We either collect this information directly from you, or from health professionals, the NHS, and/or from relatives and others who provide care to you.
2. HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information as follows:
to provide you with our clinical services.
to communicate with you, including to respond to information requests /enquiries submitted and/or to obtain your feedback on our products and services;
to notify you about changes to our products and services;
to provide you with information relating to the service we provide;
to monitor the quality of our products and services:
we audit our products and services by selecting oxygen at home customers at random and visiting those customers at home (provided that the customer agrees) to check that the oxygen installation has been completed and maintained to the appropriate standards;
to investigate any complaint you make; and
to monitor and/or record telephone conversations to or from you in order to offer you additional security, resolve complaints, improve our service standards and for staff training purposes.
General Business Purposes:
to keep full and accurate records of the care that we provide to you;
for invoicing, account maintenance, recordkeeping, internal reporting
to ensure data security and to provide you with access to secure areas of our Websites;
for logistical purposes, including to plan and log delivery routes;
to provide evidence in any dispute or anticipated dispute between you and us;
for fraud detection and prevention and risk management purposes;
to protect the rights, property, and/or safety of BOC, its personnel and others.
to customise various aspects of our Website to improve your experience; and
as we may otherwise consider necessary to support the operation of our Websites.
3. LEGAL BASIS FOR PROCESSING
Personal information contained in your NHS referral/in connection with your attendance at our clinics
You have given the NHS your consent for your clinical provider (for example your GP or a Practice Nurse) to make a referral to us so that we can provide you with our clinical services; and
[so that we can share your personal information about your attendance at our clinics with:
your clinical provider (for example your GP, Practice Nurse or Hospital Consultant);
We will only handle this personal information in accordance with the terms of the consent that you provided to the NHS.
Other personal information that we collect from you directly
We also process other personal information about you, which we collect directly from you (for example when your use our Website and when you contact us directly.
where you and/or you clinical provider have consented to this;
where necessary to comply with legal obligations, including in relation to health and safety and environmental legislation, complaints and investigations or litigation;
to protect your vital interests or the vital interests of another person, e.g. where you or they are seriously injured or ill;
for our legitimate interests in:
management of our relationship with you, and communicating with you;
operating our Website;
supplying our services; and
our internal business purposes which include processing for the purposes of:
reporting and statistics;
ensuring the quality of our services;
investigating and responding to queries and complaints;
fraud detection and prevention;
training our personnel; and
protecting our rights, property and safety (and that of you and others).
You can object to processing carried out on the basis of our legitimate interests at any time by contacting firstname.lastname@example.org or by calling us on: 0800 0121858. See also “Your Rights – The right to object”.
4. HOW WE SHARE YOUR PERSONAL INFORMATION
We only share your personal information that we are processing on the basis of your consent as provided to the NHS, in line with the terms of that consent.
We share other personal information that we collect directly from you with:
our software providers in connection with provision of our Website;
The performance of services by our third party service provider(s) may be subject to a separate privacy statement provided to you by the relevant third party. You should read any such statement carefully.
5.HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We retain your personal information for no longer than is necessary for the purposes for which the personal information is collected. When determining the relevant retention periods, we will take into account factors including:
any specific retention periods required by the NHS;
legal obligation(s) under applicable law to retain data for a certain period of time;
statute of limitations under applicable law(s);
(potential) disputes, and
guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information once this is no longer needed.
7. LINKS TO THIRD PARTY WEBSITES
Our Websites contain links to other Internet websites. Unless otherwise explicitly stated, we are not responsible for the privacy practices or the content of such websites, including such sites' use of any personal information. Nevertheless, in the event you encounter any third party associated with our Websites (or who claims association with our Websites) who you feel is improperly collecting or using information about you, please contact email@example.com; we will be happy to forward your message to the third party.
We use reasonable security methods to protect the personal information that we process, including Internet standard encryption technology ("SSL" or "Secure Socket Layer" technology) to encode personal information that you send to us through our Websites. SSL works by using a private key to encrypt data that's transferred over the SSL connection. To check that you are in a secure area of the Website before sending personal information to us, please look at the bottom right of your website browser and check that it displays an image of a closed padlock or an unbroken key.
9. YOUR RIGHTS
The following section explains your rights. The various rights are not absolute and each is subject to certain exceptions or qualifications.
We will grant your request only to the extent that it follows from our assessment of your request that we are allowed and required to do so under data protection laws. In some cases you may need to contact the NHS or your clinical provider to exercise your rights. We will let you know if that is the case. Nothing in this Privacy Notice is intended to provide you with rights beyond or in addition to your rights as a data subject under data protection laws.
What does this mean?
1. The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal information and your rights. This is why we’re providing you with the information in this Privacy Notice.
2. The right of access
You have the right to obtain a copy of your personal information (if we’re processing it), and other certain information (similar to that provided in this Privacy Notice) about how it is used.
This is so you’re aware and can check that we’re using your personal information in accordance with data protection law.
We can refuse to provide information where to do so may reveal personal information about another person or would otherwise negatively impact another person's rights.
3. The right to rectification
You can ask us to take reasonable measures to correct your personal information if it’s inaccurate or incomplete. E.g. if we have the wrong date of birth or name for you.
4. The right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal information where there’s no compelling reason for us to keep using it or its use is unlawful. This is not a general right to erasure; there are exceptions, e.g. where we need to use the information in defence of a legal claim.
5. The right to restrict processing
You have rights to ‘block’ or suppress further use of your personal information when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your personal information, but may not use it further. We keep lists of people who have asked for further use of their personal information to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability
You have rights to obtain and reuse certain personal information for your own purposes across different organisations. This enables you to move, copy or transfer your personal information easily between our IT systems and theirs (or directly to yourself) safely and securely, without affecting its usability. This only applies to your personal information that you have provided to us that we are processing with your consent or to perform a contract which you are a party to (such as pay and compensation services), which is being processed by automated means.
7. The right to object
You have the right to object to certain types of processing, on grounds relating to your particular situation, at any time insofar as that processing takes place for the purposes of legitimate interests pursued by BOC or by a third party. We will be allowed to continue to process the personal information if we can demonstrate “compelling legitimate grounds for the processing which override [your] interests, rights and freedoms” or we need this for the establishment, exercise or defence of legal claims.
10. UPDATING THIS NOTICE
We may make minor changes to this Privacy Notice. When we make these changes we will publish the updated policy on our Website. If we make any significant changes, we will take additional steps to inform you of these.
11. CONTACT US
For further information regarding these rights, about this Privacy Notice generally or to make a complaint please contact us at firstname.lastname@example.org or by calling us on: 0800 0121858.
Please provide as much information as possible to help us identify the information you are requesting, the action you are wanting us to take and why you believe this action should be taken.
Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result we are not in a position to identify you, we may refuse to action your request.
We will generally respond to your request within one month of receipt of your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted.
We will not charge you for such communications or actions we take, unless:
you request additional copies of your personal data undergoing processing, in which case we may charge for our reasonable administrative costs, or
you submit manifestly unfounded or excessive requests, in particular because of their repetitive character, in which case we may either: (a) charge for our reasonable administrative costs; or (b) refuse to act on the request.
If after contacting BOC you are still unhappy you may also complain to the Information Commissioner, all contact details are available on the Information Commissioner's Website: https://ico.org.uk or you can call: 0303 123 1113.