OneWelbeck Group (OWG) is a group of companies working together for the provision of all OneWelbeck services. For an up-to-date list of all companies in the OWG, please clicking here. All companies in the OWG adhere to the provisions of this Privacy Notice.
The company that is responsible for collecting information online or otherwise, where such information is relevant across the OWG, is Ambulatory Surgery Interational Limited (trading as Welbeck Health Partners, WHP). WHP is therefore the data controller of such personal information, responsible for deciding how such information is collected and used. Unless otherwise stated, where this document refers to we/us, this means WHP. WHP has a registered office address at 112 Jermyn Street, St James, London, England, SW1Y 6LS and it is registered with the Information Commissioner’s Office: ZA524494. You can contact us with any queries at DPO@OneWelbeck.com.
WHP is committed to protecting the privacy and security of your personal data. This notice applies to everyone who visits our website, uses our app or who otherwise interacts with us in the course of business. This notice explains how we collect and process personal information about you, so that you are aware of how and why we are using such information. If you are a patient, we have a different privacy notice for you which you can access by clicking here and which (as well as other matters) applies to the collection of information about your health.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
If you have questions
If you have any questions about this privacy notice or how we handle your personal information, please email DPO@OneWelbeck.com. We would welcome the opportunity to deal with any complaint directly and you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO website is at https://ico.org.uk.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time. We may also notify you in other ways from time to time about the processing of your personal information.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
What kind of information will we hold about app & website visitors?
During the course of your visit to our website or use of our app, we may collect, store and use the following categories of personal information about you:
- If you choose to accept the cookies identified to you and/or if the collection of such data is in our legitimate business interests:
- Technical Data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Usage Data: includes information about how you use our website, products and services. For more information about the specific cookies that we use and how to disable them, click here.
- If you choose to provide them to us online or otherwise, your contact details (e.g. name, address, phone number, email address).
- If you choose to provide other information about your health to us through our app, (and other related information) this will be treated in accordance with our Patient Privacy Notice.
What kind of information will we hold about other individuals that we interact with in the course of our business?
In the course of operating our business, we will collect and use the contact details and other business information of our business partners and potential business partners. We consider that it is in our legitimate business interests to do so.
How is your personal information collected?
As you interact with our website or our app, we may automatically collect Technical and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
We collect personal information about our business contacts, from our business contacts directly in the course of business and otherwise from publicly accessible sources.
How do we keep your information safe?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long do we keep your information?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Why do we use personal information about you?
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Typical uses of your Technical and Usage Data are:
- To monitor our website and/or app activity in order to improve our online services;
- To help us to understand how visitors arrive at our website, browse or use our website and app highlight areas where we can improve areas such as navigation and marketing campaigns.
We use Contact Data as you would expect, to make contact with individuals who we consider may be interested in working with us in someway or who have asked us specifically to contact them about something. We use other business data to assess and identify business opportunities.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may have to share your data with third parties, including:
- third-party service providers (data “processors” who support our services and only process your personal information on our instructions and subject to specific contractual obligations) such as cookie companies collecting certain information online; and
- another company in the OWG (which may act as a data processor or data controller or a joint data controller). Your personal information might be shared for our general business administration, efficiency and accuracy purposes. You can see a list of all companies in the OWG that process personal data by clicking here. This Privacy Notice governs all use of data by all companies in the OWG.
All our third-party service providers and other entities in the OWG are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Sharing with 3rd parties in the course of business
Transfers of data outside of the European Economic Area (EEA)
In the ordinary course of the provision of our services we do not expect to transfer any of your personal data outside the EEA. In the event that we need to transfer your personal information outside the EEA, we will only do so lawfully and you can expect a similar degree of protection to your personal information as you would expect in the UK. We can provide more information about this if you would like us to in the event that any transfer of data is contemplated
Your rights of access, correction, erasure and restriction
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request the restriction of processing or request that we transfer a copy of your personal information to another party, please email firstname.lastname@example.org.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please email DPO@OneWelbeck.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.