Data Privacy Policy

Return to homepage

Last updated: Aug 27, 2019

Mission Statement

We pride ourselves on the care and attention given as part of our clients' service and aim to do the same with patient data. Our number one data protection priority is that the confidential health information held internally is handled and protected with the greatest care and respect possible.

This document (dated 16th May 2018) aims to outline the practices, intentions and processes of Health Optimising (UK) Ltd with regards to data storage & processing in a fully transparent and coherent manner.

By producing this document, we are showing full compliance with the General Data Protection Regulation (GDPR) law which takes effect on 25th May 2018. This law aims to protect the personal data of consumers in an increasingly digital world and to help them better understand how personal data is used internally by companies.

If you have any questions, queries or concerns about anything mentioned in this document, or anything else relating to the storage of data at Health Optimising (UK) Ltd, then please don't hesitate to get in touch with us (http://www.healthoptimising.co.uk/contact.html) and we will put you in contact with our Data Protection Officer (DPO) to do our best to help you.

We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – www.healthoptimising.co.uk

Our policy document will go through:

  • What kinds of personal information about you do we process?
  • What is the source of your personal information?
  • Where, how and for how long do we store your personal data?
  • How you consented to allow us to proceed with your personal data? What is an approach to the storing of children's data, or data of persons who can't consent?
  • What are the legal grounds for our processing of your personal information (including when we share it with others)?
  • What should you do if you want to access your personal data, if your personal information changes or if you want to change or delete it?
  • How we react to data breaches?
  • How you can make a complaint should you so wish?
  • Contact information

WHAT KINDS OF PERSONAL INFORMATION ABOUT YOU DO WE PROCESS?

As part of our daily process for our clinical services, we need to process personal information about our clients to support an efficient administration process and perform our Health Optimising (UK) Ltd  services.

This includes:

  • Personal and contact details, such as title, full name, contact details and contact details history
  • Your date of birth, gender and/or age
  • Your place of birth, if needed for the service
  • Information about your health and lifestyle
  • Family members health history (if relevant)
  • Records of your contact with us such as via the phone number, or if you get in touch with us online using our online services or via our email.

The usage of our products and services:

  • information about how our clients use EasyPractice in order to continue optimizing our platform for a better user experience,
  • information about visitors to our website. This is done completely anonymously so we cannot know who is using it or where they are.
  • information about how often our clients open and read newsletters sent through our email marketing platform in order to optimise our outbound emails for greater uptake
  • Any call outs and claims and whether those claims were paid out or not (and details related to this)
  • payment information on our e-commerce platform when patients order products from our online store in order to process payments. Such information is fully encrypted and we provide a highly secure environment with tools that enable us to constantly and accurately detect and prevent fraudulent access.

WHAT IS THE SOURCE OF YOUR PERSONAL INFORMATION?

We’ll collect personal information from the following general sources:

  • From you directly, and any information from family members, associates
  • From The Health Optimising Group of companies if you already have an agreement with them
  • From business partners (other partners clinics), or others who are a part of providing our products and services or operating our business

DO YOU HAVE TO PROVIDE YOUR PERSONAL INFORMATION TO US?

We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.


HOW DO WE MAINTAIN THE CONFIDENTIALITY OF YOUR RECORDS?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with The GDPR. Every member of staff who works for a Health Optimising (UK) Ltd Clinic has a legal obligation to keep information about you confidential.

WHAT DO WE USE YOUR PERSONAL DATA FOR?

The primary reason behind processing personal details is for efficient administration to aid the process of onboarding a new client, engaging and managing with existing clients, as well as offboarding inactive or outgoing patients. Failure to have a full health picture may result in less effective assessment and treatment, which is why it is important that we process such information to support an accurate assessment and effective health protocol. Storing previous appointment notes, reports, prescriptions and other relevant information across a patient's lifetime at the clinic enables us to keep track of the progress of a patient over time also and provides context to future treatments.

We use your personal data, including any of the personal data listed in section 1 above, for the following purposes:

  • Assessing an application for our services (health assessments, treatments, etc.)
  • Managing the product or service you have with us
  • Updating your records
  • Managing any aspect of the product or service
  • To perform our services and internal processes
  • To improve the operation of our business and that of our business partners
  • To follow guidance and best practice under the change to rules of governmental and regulatory bodies
  • For management and auditing of our business operations including accounting
  • To monitor and to keep records of our communications with you and (see below)
  • To administer our good governance requirements and those of other members of our Health Optimising, such as internal reporting and compliance obligations or administration required for internal processes
  • For analysis and developing statistics on our digital platform, IT systems, as well as our outbound email marketing results. Analysing visitor usage on our website through the use of Google Analytics results in a better user experience for any future website visitors.
  • For direct communications, We'll send relevant information to you by SMS, email, phone, post, from our IT systems, social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match). Offers may relate to any of our products and services that we think may be of interest
  • To develop new products and services and to review and improve current products and services
  • To comply with legal and regulatory obligations, requirements and guidance
  • To provide insight and analysis of our customers both for ourselves and for the benefit of business partners either as part of providing products or services, helping us improve products or services, or to assess or improve the operating of our businesses
  • To share information, as needed, with partners (for example, other clinics, doctors, etc)
WHERE AND HOW WE ARE PROCESSING PERSONAL DATA?

Data stored on paper is stored under lock and key in a highly secure place within the Health Optimising (UK) Ltd  building.
Data stored digitally is currently stored in  our highly secured IT systems
All patient data are stored in our systems for 5 years after the year ends or until a patient submits a takedown request of their data by contacting us or our Data Protection Officer.
The patient data can be kept for as long as we need them to perform our clinical services but will be reviewed every 5 years, and all unnecessary files will be deleted in a secure manner.

In the event that a patient dies, their data will be removed immediately upon receipt of notification of their death by a next of kin or another contact.

IS YOUR PERSONAL INFORMATION TRANSFERRED OUTSIDE THE EU OR THE EEA?

We're based in Norway and other countries all around the world. In case you are an EU client, your personal information may sometimes be transferred outside the European Economic Area. If we do so we'll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.


HOW YOU CONSENTED TO ALLOW US TO PROCEED YOUR PERSONAL DATA? WHAT IS APPROACH TO THE STORING OF CHILDREN’S DATA, OR DATA OF PERSONS WHO CAN’T CONSENT?

By becoming a client of Health Optimising (UK) Ltd, you agree to our Data Privacy Policy (this policy) and usage of your email for communicating with you regarding your assessments and treatments as well as for marketing purposes.

Upon activation of new client accounts on our IT systems and digital platform, new patients agree to the  Terms & Conditions, Data Privacy Policy and use of their email for marketing purposes, which is completely GDPR compliant, by signing the consent form.

Existing clients of Health Optimising (UK) Ltd who receive e-communications will be sent a GDPR notification email which lets them opt-out should they wish to do so. Existing patients of Health Optimising (UK) Ltd who have opted out of e-communications and/or EasyPractice, will have been asked to double check, and sign a new consent form in-clinic.
Visitors are notified upon a visit of our website that we are using cookies to track their data anonymously and therefore measure user behavior on Google Analytics. They are not required to opt-in for consent but are allowed to block our website from tracking such information by visiting their web browser's security settings.‍

The GDPR law sets the age when a child can give their own consent to this processing at 16. If a child is younger then we will need to get consent from a person holding 'parental responsibility.
If the client is not able to consent, then his or her guardian shall sign and the explicit consent from.
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us.
International Transfer
‍Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside EU/EECand choose to provide information to a clinic located inside EU/EEC, please note that we transfer the information, including Personal Information, to EU/EEC and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of Ireland shall have exclusive jurisdiction over the matter.

WHAT ARE THE LEGAL GROUNDS FOR OUR PROCESSING OF YOUR PERSONAL INFORMATION (INCLUDING WHEN WE SHARE IT WITH OTHERS)?

We need to know your personal, sensitive and confidential data in order to provide you with the best  Health Optimising (UK) Ltd  services
Under the General Data Protection Regulation we will be lawfully using your information in accordance with:

  • Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”
  • Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems
  • This Privacy Notice applies to the personal data of our patients and the data you have given us about your carers/family members.
  • To comply with our legal obligations

WHEN DO WE SHARE YOUR PERSONAL INFORMATION WITH OTHER ORGANISATIONS?

We may share information with the following third parties for the purposes listed above:

  • The Health Optimising Group and partners
  • Postal services (only necessary data for shipping)

WHAT SHOULD YOU DO IF YOU WANT TO ACCESS YOUR PERSONAL DATA, IF YOUR PERSONAL INFORMATION CHANGES OR IF YOU WANT TO CHANGE OR DELETE IT?

Access to your personal information

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

  • Your request should be made to The Health Optimising (UK) Ltd Clinic
  • There is no charge to have one copy of the information held about you
  • We are required to respond to you within one month
  • You will need to give adequate information (for example full name, address, date of birth and details of your request) so that your identity can be verified, and your records located with the information we hold about you, at any time.

Data change requests

All of the data which we store is wholly owned by the patient or user in question, who are therefore entitled to submit a change request. You should tell us so that we can update our records. This can be done either by email to us or our Data Protection Officer (see contact information at bottom of document). This change request should clearly outline the type of data which should be changed and the content of this data which is to be changed, along with basic details such as name and contact information. An example of this could be changing a name, an address or a telephone number.

These requests can be made free of charge unless they are deemed unfounded or excessive by the Data Protection Officer and executive team of Health Optimising (UK) Ltd  We must comply with these requests within 30 days of acknowledgement of receipt of a request.

Takedown requests

All of the data which we store is wholly owned by the patient or user in question, who are therefore entitled to submit a takedown request in order to remove their data from our paper and digital systems.

Please note that in doing so, a patient could potentially jeopardise any future involvement they have with Health Optimising (UK) Ltd or other clinics by losing valuable clinical and diagnostic information. The loss of this information is permanent and non-reversible.

This can only be done by submitting a clear and well-written email to us or our Data Protection Officer (see contact information at bottom of document) outlining your personal information, the extent of the takedown (i.e. what data) and if possible any reasoning behind requesting the takedown.

Confirmation of a successful takedown will then be sent to the client in question upon completion, along with an assurance that their email will no longer be stored in our internal system and that communication would cease moving forward.

These requests can be made free of charge unless they are deemed unfounded or excessive by the Data Protection Officer and executive team of Health Optimising (UK) Ltd .

We must comply with these requests within 30 days of acknowledgement of receipt of a request.

How we react to a data breach?

Please note that the likelihood of a data breach happening is extremely low, but not impossible. We are constantly developing our information security to maintain the protection of your personal data, and reduce any data breach risks to a minimal level.
Our policy on handling data breaches is fully compliant with the GDPR.


HOW WE PROCESS COMPLAINTS

Any complaints with regards to our handling, storing and sharing of patient data within the clinic, whether this is on paper or digitally, are handled by our Data Protection Officer (DPO).

Please email our Patient Service Team contact@healthoptimising.co.uk who will liaise with our DPO to do our best to help you.

They will review all complaints and decide on the best person to forward this onto if additional information or detail is required from our technological consultant and/or partners. Otherwise, they will provide a response in a timely manner, as per our hours of business.

If a complaint is passed on that requires managerial input, then it will be given to the relevant Clinic Manager to review and discuss with our executive team.

CONTACT INFORMATION

If you have any questions, queries or concerns about anything mentioned in this document, or anything else relating to the storage of data at Health Optimising (UK) Ltd, then please don't hesitate to get in touch with our Patient Service Team (contact@healthoptimising.co.uk) who will liaise with our Data Protection Officer (DPO) to do our best to help you.