GenesisCare UK has updated its privacy notice to reflect compliance with data protection law (current and future) and any secondary legislation and guidance implemented or issued as a result of these.

Cookies

 

GenesisCare UK is a trading name of Genesis Cancer Care UK Limited. We are a specialist, provider of cancer care diagnostic and treatment services in the UK. Our company registration is 05796994 and our registered office is Wilson House, Waterberry Drive, Waterlooville, Hampshire, PO7 7XX. GenesisCare is registered with the Information Commissioners Office, registration number Z9493925.

This privacy notice applies to anyone who asks about, buys or uses our services in any way (for example, by email, through our website, or by telephone). We take privacy seriously and we want you as our service user, to understand the information we collect about you, how we process and protect the personal information which we collect about you, from you and from third parties, so that you can be confident that the information is being used safely and in ways that are reasonably expected, and what rights you have in respect of your personal information.

When we refer to ‘we’, ‘us’ and ‘our’, means GenesisCare UK.

GenesisCare has two health-related subsidiaries: Birmingham Prostate Clinic Limited (which operates as Birmingham Prostate Clinic) and Berkshire Health Limited (which operates as The Forbury Clinic).

What information do we collect and use?

We strictly control access to and the use of your health and care information and will comply with data security and protection requirements, legislation and the guidance and protocols issued by the regulating medical organisation

When you register with us we will collect information about you which can include:

Who do we collect information from?

How do we secure your data?

 

Depending on the circumstances we may be the controller of your data or we may be a joint controller but in all cases we have security measures to protect your personal information and everyone working at GenesisCare is subject to the Common Law Duty of Confidentiality and to data protection legislation, which means that staff have a legal duty to protect and secure your information and preserve confidentiality. This also applies to those who receive data from us.

We protect your data in many ways:

What is your information used for?

We use your information for a number of purposes and to do so we must have a legal justification under data protection law.

The legal justification will depend on the type of data (personal or special category) and the purpose for which we intend using your information.

We have set out individually those purposes for which we will use your data below along with the justification.

Please note that failure to provide your information further to a contractual requirement with us or a consultant may mean that we are unable to register you as a patient or facilitate the provision of your healthcare on the GenesisCare UK’s systems.

Who Do We Share Your Information With?

It is important that you understand that we may share your information with others. We may share your personal information within our group of companies and with third parties.

 

National data opt-out programme

The national data opt-out puts into effect the opt-out model proposed by the National Data Guardian and enables patients receiving NHS funded care to choose how their confidential patient information is used for purposes beyond individual care such as research and planning, with some exceptions.

We comply with this requirement by providing a choice for all patients to opt-out of their data being used for Research and Planning on the registration form.  Please note:

  • The opt-out will not apply to anonymous data or data that has been de-personalised in accordance with the ICO’s managing data protection risk code of practice.
  • Some exemptions will exist where there is an overriding public interest or other legal basis, which aligns with legal exemptions from the Common Law Duty of Confidentiality. For example, the opt-out will not apply to patient data that is required for validating invoices or where a court order has been obtained.
  • Also exempt: Two specific registries, one collecting data on all individuals with a cancer diagnosis and one on those with a rare disease, but they will continue to operate their own opt-outs.
  • Patients who have opted out can still give their consent for a specific use of data, like a specific research trial.

Further information on the national data opt-out programme can be found at https://digital.nhs.uk/services/national-data-opt-out-programme.

How long do we keep your personal information for?

We retain information in accordance with our legal obligations and national best practice. We ensure compliance through regular auditing and ensure information is securely disposed of when it has reached the end of its retention period. We implement data retention periods for different categories of personal data and/or different processing purposes, including where appropriate, archiving periods. We will only keep your personal information for as long as reasonably necessary in order to support patient care and continuity of care; support evidence-based clinical practice and to assist clinical and other audits; to support our legitimate business interests and to comply with our legal and regulatory requirements.

GenesisCare UK’s retention policy for most medical records is 30 years in line with the NHSX Records Management Code of Practice 2021.

Your Rights

Under data protection law you have a number of specific rights in relation to the personal information that we hold about you. These include rights to know what information we hold about you and how it is used. You may exercise these rights at any time by contacting us using the details at the foot of this privacy notice and without adversely affecting your care.

We will not usually charge for handling a request to exercise your rights. If we cannot comply with your request to exercise your rights we will usually tell you why.  Unless there are grounds for extending the statutory deadline, we will respond within one month of receipt of a Rights request.

There are some special rules about how these rights apply to health information as set out in legislation including the Data Protection Act as well as any secondary legislation which regulates the use of personal information.

If you make a large number of requests or it is clear that it is not reasonable for us to comply with a request then we do not have to respond. Alternatively, we can charge for responding.

  1. The right to be informed – This is fulfilled through our privacy notices.

  2. The right of access to your personal information – You have the right to request details and a copy of the personal data we hold about you and details about how we use it. We must confirm whether we have personal data about you, and we also need to provide you with a copy of your personal data. We will usually provide you with your personal data in writing, unless you request otherwise. If you have made the request electronically (eg by email) the personal data will be provided to you electronically where possible. In some cases we may not be able to fully comply with your request, for example if your request involves another person’s personal data and it would not be fair to that person to provide it to you.

  3. The right to rectification – This enables you to require that incomplete information is completed, or incorrect information is corrected. This ensures your information is accurate and up-to-date.

  4. The right to erasure – This is also known as the right to be forgotten. In some circumstances, you have the right to request that we delete the personal information we hold about you. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data where there is no compelling reason for its continued processing. If we have disclosed the personal data in question to third parties, we will inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so. However there are exceptions to this right. For example, we can refuse to delete your personal data if we need to keep for tasks which are in the public interest, or for establishing, exercising or defending legal claims. If you make such a request and we comply with it, please be aware that we will retain a note of your name, the request made and the date we complied with it.

  5. The right to restriction of processing – In some circumstances you have a right to ‘block’ or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it other than in relation to the establishment, exercise or defence of legal claims or for reasons of important public interest. We are able to retain just enough information about you to ensure that the restriction is respected in future.

  6. The right to data portability – Where you have provided the information to us, and where the processing is being carried out by automated means and based on your consent or pursuant to the performance of a contract with you, you have the right to obtain the information that GenesisCare UK processes about you and use it for your own purposes. This means you have the right to receive the personal information or where it is technically feasible, have the information transferred to an individual or organisation of your choice, and the information must be provided by us in an electronic format.
  7. The right to object – you have the right to object to processing based on our legitimate business interests (including profiling), direct marketing (including profiling) and processing for purposes of scientific or historical research or statistical research purposes. The objection must be on grounds relating to your particular situation.

  8. The right not to be subject to automated decisions – (i.e. decisions that are made about you by computer alone) that have a legal or other significant effect on you. GenesisCare UK does not carry out automated decision-making in relation to patients. In the event that our policy in this respect changes, we shall update this privacy notice.

  9. Your right to withdraw consent – In some cases to comply with data protection legislation we need your consent in order to use your personal information. Where we rely on this, you have the right to withdraw your consent to our continuing and further use of your personal information. You can do this by contacting our DPO whose details are at the foot off this privacy notice.

Your right to complain to the Information Commissioners Office

 

You can complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations. Whilst you are not obliged to do so, we would appreciate you making us aware of any issue prior to notifying the Information Commissioner’s Office and giving us the opportunity to respond.

Please contact:

You can contact the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at casework@ico.org.uk, or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephone 0303 123 1113 (local rate call).  Website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.

Queries

If you have any queries or would like to exercise your rights or to establish whether any rights apply to you, please speak with the GenesisCare Health Care Professional who is involved in your care.

You can also contact our Data Protection Officer:
Email: DPO@genesiscare.co.uk or write to GenesisCare, 69 Alma Rd, Windsor SL4 3HD, marking your communication “Private and Confidential – FAO GenesisCare Data Protection Officer”

Telephone: 07841 207263

Updates to this Privacy Notice

We may update this Privacy Notice from time to time to ensure that it remains accurate. In the event that these changes result in any material difference to the manner in which we process your personal data then we will provide you with an updated copy of the Policy and signpost you to the specific changes.

Revised November 2021