For the purposes of Data Protection Laws, the Data Controller is WhiteLodge Specialist Care, with a registered address at:
5 The Quadrant Coventry, CV1 2EL.
Definitions: When we refer to ‘we’, ‘us’ and ‘our’ we mean WhiteLodge Specialist Care. When we refer to ‘personal information’ or ‘data’ we mean information which relates to or is obviously about you, from which you can be identified.
What personal data may we collect from you?
Depending on your contact with us and use of our services, personal information we collect from you may include the following:
- Email address
- Telephone number(s).
Where you are using our website, we may automatically collect personal data about you, including:
- Internet protocol (IP) address used to connect your computer to the internet
- Browser type and version
- Time zone setting
- Browser plug-in types and versions
- Operating system and platform
- Full Uniform Resource Locators (URL)
- Clickstream to, through and from our site (including date and time)
- Products you viewed or searched for
- Page response times
- Download errors
- Length of visits to certain pages
- Page interaction information (such as scrolling, clicks and mouse-overs)
- Methods used to browse away from the page.
When do we collect personal data?
We may collect personal data about you if you:
- Are a customer enquiring about, using or in receipt of any of our services
- Visit our website or other digital platforms we operate
- Enquire about any of our products
- Register to receive email newsletters
- Opt in to receive marketing communications from us
- Fill in a form or survey for us
- Participate in a competition or promotion or other marketing activity
- Contact us directly e.g. by email, telephone, social media or the online contact form
- Make a payment to us
- Are involved in an incident or near miss
- Make a complaint
- Have agreed to a third party (e.g. another business) sharing information about you with us.
How and why do we use your personal data?
We process your personal information for a number of legitimate reasons and lawful bases. When we process your personal data, we do so with your consent and/or as necessary to provide the products or services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our clients, or fulfil other legitimate interests of WhiteLodge Specialist Care Ltd. whilst always taking into account your interests, rights and freedoms.
A breakdown of our key reasons for using/processing your personal information is as follows
• To enable us to carry out our obligations to you arising from any contract entered into between you and us including the provision by us of services to you
• To provide you with information, products or services we offer that you request from us
• To provide you with information about products or services we offer that may be of interest to you – see the ‘Marketing’ section for further details
• To confirm event registrations
• To notify you about changes to our products or services
• To respond to requests where we have a legal or regulatory obligation to do so
• To respond to your messages and enquiries
• To assess the quality of service you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
• To conduct and analyse market research
• To make sure that incidents and complaints are handled and investigated efficiently
• To ensure that content from our website is presented in the most effective manner for you and for your computer
• To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with
• To keep our records up to date.
How do we keep your personal data secure?
We protect all personal data that we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. We conduct assessments to ensure the ongoing security of our information systems.
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable Data Protection Laws. Wherever possible, retention periods will be calculated using the Information Governance Alliance’s ‘Records Management Code of Practice for Health and Social Care 2016’ – appendix 3 indicates specific timescales for storing a variety of record types.
The transmission of information via the internet cannot be guaranteed as completely secure; however, we ensure that any information transferred to and from our website is via an encrypted connection. Once we have received your information, we will use strict procedures and security features for the prevention of unauthorised access.
At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.
Disclosure of your personal data
In the usual course of our business we may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you
- Organisations providing IT systems support and hosting in relation to our website(s) and/or other digital platforms that you use
- Third party debt collectors for the purposes of debt collection
- Third party service providers for the purpose of storage of information and confidential destruction
- Third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent
- If you are involved in an incident or a near miss, we will enter details pertaining to the event into an online system called Datix; from this, certain incidents may be reported externally to a professional or regulatory body such as the National Reporting & Learning System (for anything relating to patient safety) or Health & Safety Executive (for any incident meeting the requirements for reporting under the Reporting of Injuries, Diseases and Dangerous Occurrences Regulations) – wherever possible, we will always inform you of this.
Where a third party data processor is used, we ensure that they operate under contractual restrictions with regards to confidentiality and security, in addition to their obligations under Data Protection Laws.
We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so. In these circumstances, wherever possible and in compliance with current legislation, you will be kept fully informed of this.
Unless you have consented to receive marketing communications by electronic means from us, by indicating on the form on which we collect your data, we will only contact you by electronic means (email or SMS) with information about products and services similar to those which you previously purchased or enquired about from us.
We will only use your preferred communication channels to contact you and you will be given the option to select or amend this when opting in or on receipt of each piece of correspondence.
You have the right to ask us to stop processing your personal information for marketing purposes by clicking on the ‘unsubscribe’ link embedded within the email that has been sent to you. Alternatively, and for non-web based marketing information, please write to:
Marketing Department – WhiteLodge Specialist Care Ltd, 2nd Floor Management Corridor, Warwick Hospital, Lakin Road, Warwick, Warwickshire CV34 5BW.
In all cases, please allow one month for us to update our systems.
You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information and to ask us not to use automated decision-making which will affect you. Your rights, in more detail, are as follows (certain exceptions apply):
• Right of access: see ‘accessing your personal information and exercising your rights’ below
• Right to rectification: the right to have inaccurate information about you corrected or removed
• Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased
• Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
• Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest, or where we have let you know the processing is necessary for our or a third party’s legitimate interests. You can object to our use of your information for profiling purposes where it is in relation to direct marketing
• Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
• Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide your chosen product/service
• Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
Accessing your personal information and exercising your rights
You can find out if we hold any personal information about you by making a ‘Subject Access Request’. If we do hold any information about you we will:
- Give you a description of it
- Tell you why we are holding it
- Tell you who it could be disclosed to; and
- Let you have a copy of the information in an intelligible form.
To make a ‘Subject Access Request’ for any personal information we may hold about you, or to exercise any of the rights listed above, or to make a complaint about privacy issues, you may address your request to:
Data Protection Officer, WhiteLodge Specialist Care Ltd, 2nd Floor Management Corridor, Warwick Hospital, Lakin Road, Warwick, Warwickshire CV34 5BW.
Alternatively you can email the Data Protection Officer at: email@example.com.
If you make a request, we will ask you to confirm your identity if we need to, and we may ask you to provide further information that helps us to understand your request better. If we cannot meet your request, we will explain why.
Requests are free of charge, unless manifestly unfounded or excessive in which case a reasonable charge will be made. Request will be processed within one month of receipt, but this might be extended to two months in case of a complex request or if the identity of the requestor cannot be verified. In all cases where we expect to exceed one month in order to process a request, we will inform the requestor of this within the first month, at which point we will provide an estimated date of completion.
What are Cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device. Cookies perform a number of different tasks such as enabling you to navigate between pages efficiently, remembering your preferences and generally improving your user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
Category 1 Cookies:
These cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of the website. Without these cookies, services you have asked for cannot be provided. Your consent is not required for the delivery of those cookies which are strictly necessary to provide services requested by you. We use these types of cookies.
Category 2 Cookies:
Category 3 Cookies:
These cookies allow our website to remember the choices you make (such as your user name, language or the region you are in) and provide enhanced, more personalised features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video. The information these cookies collect is generally anonymised and they cannot track your browsing activity on other websites. We do not use these cookies on our website.
Category 4 Cookies:
These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation. We do not use these cookies on our website.
The definitions used above are consistent with those supplied by the International Chamber of Commerce ‘ICC UK Cookie Guide’ April 2012.
- Collect any personally identifiable information without your express permission
- Collect any sensitive information without your express permission
- Pass personally identifiable data to third parties
- Pay sales commission.