Customer Privacy Policy

Effective date: October 05, 2018

This Privacy Notice explains what information we collect about you, how we store this information, how long we retain it and who we may share your information with.

We also publish a number of specific notices, which will also be available on our website.

Scope of Policy

This policy sets out how we process and protect any information about those who are end users of the products provided by Quantum Analytica, that is staff or patients whose data is processed.

For the purpose of the General Data Protection Regulation (GDPR) and any additional data protection legislation, the data controller responsible for your personal data is the healthcare provider who employs or engages you and that has made our products and services available to you for your use. Quantum Analytica are the Data Processor for this information.

This policy should be read in accordance with the privacy policy published by the Data Controller responsible for your own data.

Why we process personal information about you

Quantum Analytica works with a range of different health and care providers to develop tools and products that can support health and care professionals or commissioners to improve productivity and financial control, health outcomes or to reduce health inequalities. To do this, we collect and maintain relevant and appropriate information about health, treatment and care records for patients along with information relating to staff. This personal information can be held in a variety of formats, including electronic information within our own database systems, in other computer systems and through video and audio files.

Where possible, we will always look to anonymise / pseudonymise your personal information so as to protect patient confidentiality, unless there is a legal basis that permits us to use it and we will only use / share the minimum information necessary.

Personal information we need to collect about you and how we obtain it

Personal data means any information about an individual from which they can be identified. We may collect, use, store and transfer the following data about you that you have provided to us:

• Identity data, including name, job title, username, identifiers, marital status, title, accessibility and dietary requirements.
• Contact data, including address, email address and telephone numbers.
• Technical data, including internet protocol address, your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Profile data, including your username and password, purchases you have made your interests, preferences, feedback and survey responses.
• Usage data, including information about how you use our website, products and services.
• Marketing and communications data, including your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not knowingly collect any sensitive data about you, nor do we collect any information about criminal convictions and offences.

Keeping your data secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions as per the requirements set out by the Data Controller and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify the Data Controller and any applicable regulator of a breach where we are required to do so.

Where your data is stored

Data collected as part of our services will be stored in accordance with the Data Controller’ instructions. We do not transfer your personal data outside the European Economic Area (EEA).

Your rights

If we need to use your personal information for any reasons beyond those stated above, we will discuss this with you and ask for your explicit consent. The Data Protection Act 2018 gives you certain rights, including the right to:

• Request access to the personal data we hold about you, e.g. in health records. The way in which you can access your own health records is further explained in our Access to Health Records Procedure.
• Request the correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. This is also explained in our Access to Health Records Procedure.
• Refuse / withdraw consent to the sharing of your health records: Under the Data Protection Act 2018, we are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal / withdrawal.
• Request your personal information to be transferred to other providers on certain occasions.
• Object to the use of your personal information: In certain circumstances you may also have the right to ‘object’ to the processing (i.e. sharing) of your information where the sharing would be for a purpose beyond your care and treatment (e.g. as part of a local / regional data sharing initiative).
• We will always try to keep your information confidential and only share information when absolutely necessary.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

Our data protection officer

David Howell - Information governance lead / Data Protection Officer

If you have any questions about this Privacy Policy, please contact us:

• By post: York House, Crowthorne, RG45 6DU
• By email: david@quantum-analytica.co.uk

The information commissioner

The information commissioner’s office (ICO) (opens in a new tab) is the body that regulates our company under the Data Protection legislation. If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the ICO at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 1231113 (local rate) or 01625 545745 if you prefer to use a national rate number

Fax: 01625 524510

Email: casework@ico.org.uk