For the purposes of the Data Protection Act 1998, Divine Healthcare Business Solutions Ltd is the data controller (i.e. the company who is responsible for, and controls the processing of, your personal data).
Personal data we may collect about you
We will obtain personal data about you (such as your name, address, telephone number, email address and opinions) whenever you complete an online form or post on our forums.
For example, we will obtain your personal data when you register to use this website, send us feedback, post material, contact us for any reason, sign up to a service, enter a competition, purchase goods or services.
We may monitor your usage of this website. This may include monitoring how many times you visit, which pages you go to, traffic data, location data and the originating domain name of a users internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
Occasionally, we may receive information about you from other sources which we will add to the information which we already hold about you in order to help us provide goods and services and improve and personalise our service to you.
How we may use your personal data
We will use your personal data for the purposes described in the data protection notice that was brought to your attention at the time your data were obtained.
These purposes include:
- to help us identify you and any accounts you hold with us;
- statistical analysis;
- customer profiling and analysing your purchasing preferences;
- marketing – see Marketing and opting out below;
- fraud prevention and detection;
- billing and order fulfilment;
- customising this website and its content to your particular preferences;
- to notify you of any changes to this website or our services which may affect you;
- security vetting; and improving our services.
Marketing and opting out
We may share your personal data with organisations who are our business partners and we or they may contact you, unless you have asked us or them not to do so, by mail, telephone, SMS, text/picture/video message, email or via any other media about specific products, services, promotions or special offers which may be of interest to you.
If you prefer not to receive any further marketing communications from us, you can opt out at any time. See further Your rights below.
Disclosure of your personal data
We may disclose your personal data to:
- other companies within our group;
- our agents and service providers (e.g. providers of web hosting or maintenance services);
- law enforcement agencies in connection with any investigation to help prevent unlawful activity; or
- our business partners in accordance with the Marketing and opting out section above.
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by password and username which are unique to you; and
- we store your personal data on secure servers.
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.
We may monitor and record communications with you, such as, telephone conversations and emails for the purpose of quality assurance, training, fraud prevention and compliance).
Information about other individual
If you give us information on behalf of someone, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
- give consent on his/her behalf to the processing of his or her personal data;
- receive on his/her behalf any data protection notices;
- give consent to the transfer of his/her personal data abroad; and
- give consent to the processing of his or her personal data.
Subject access rights
Because of the data we hold subject access rights in respect of that personal data are set out here:
- Right to Access – this means that data subjects can ask us for a copy of all personal data we hold about them. This enables the data subject to receive a copy of the personal information we hold about them and to check that we are lawfully processing it. We will
- Correction Right – if a data subject believes that any of the information we hold about them is incorrect or out of date, they have the right to correct such information by providing us with the correct up to date information. In addition, they can ask us to delete the incorrect or out of date information and we will be happy to do so unless we are prevented from doing so by law or regulation.
- Right to be Forgotten – this enables a data subject to ask us to delete or remove personal information where there is no good reason for us continuing to process it. However, where we are obliged to keep personal data because of a regulatory or legal requirement, we will not be able to delete the data and must continue to retain it.
- Right to Restrict Processing – in some limited circumstances data subjects have the right to restrict the processing of their data.
- Right of Objection to Processing – data subjects have the right to object to us using their data for direct marketing purposes and profiling.
- Data breach. We will report any data or security breaches to the ICO within 72 hours of becoming aware of any such breach.
- Right to Complain If data subjects have any concerns about our handling of their personal data, they have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) by visiting https://ico.org.uk/concerns/ or telephoning the ICO helpline on 0303 123 1113.