• Patients
  • Privacy notice for consultants and other external individual

We are committed to respecting and protecting your privacy whenever we use your personal information.

GenesisCare UK is a trading name of Genesis Cancer Care UK Limited.  For the purposes of this privacy notice reference to GenesisCare UK includes the GenesisCare UK subsidiaries.

The registered office for GenesisCare and its subsidiaries is Wilson House, Waterberry Drive, Waterlooville, Hampshire, PO7 7XX.  Other registration detail is as follows:

Company name Company registration number Information Commissioners Office registration number

GenesisCare UK

05796994 Z9493925
Berkshire Health Limited (BHL) 07238700 Z274620
Birmingham Prostate Clinic (BPC) 05509497 ZA441424

This Privacy Notice

The following privacy notice sets out what information about you GenesisCare UK collects, how that information may be used, the lawful basis for processing and who it will be shared with.  We also explain for how long it will be retained, how we will secure it, and your legal rights.

This Privacy Notice applies to the following groups of individuals:

  • Consultants who have applied for, currently hold or have held Practising Privileges with GenesisCare UK
  • External Individuals such as Oncologists, Surgeons, GPs, etc. who do not hold Practising Privileges with GenesisCare but have expressed an interest in or refer into GenesisCare UK
  • Medical Secretaries and other Health and Care Professionals and Workers who are not employed by GenesisCare (we will only collect minimal information for this group, relevant to the business relationship).

How we obtain your information

We obtain your personal data either directly from you or through a third party whom you have nominated to provide us with information, such as a referee.

GenesisCare works closely with Consultants and External Individuals to support the delivery of our services and we will look to identify potential compatible business opportunities. We do this by collecting information, for example:

  • Directly from you i.e., if you apply for practising privileges or would like to work with GenesisCare
  • Where available in the public domain such as Consultant Finders, professional profiles, social media channels
  • Through recommendations and third party service providers such as Wilmington Healthcare

The information we collect

We will collect, use and store your personal data for a wide variety of reasons in connection with the professional relationship between us. The table below describes the data we handle and what we need it for.  It also explains the basis we can rely on to request and retain data about you as well as who it will be shared with.

/content/dam/asset-migration/other/UK_Privacy_Notice_for_Consultants_and_Other_Clinical_External_Individuals_ 1.jpg
/content/dam/asset-migration/other/UK_Privacy_Notice_for_Consultants_and_Other_Clinical_External_Individuals_2.jpg
/content/dam/asset-migration/other/UK_privacy_Notice_for_Consultants_and_Other_External_Individuals_3.jpg
/content/dam/asset-migration/other/UK_Privacy_Notice_for_Consultants_and_Other_External_Individuals_4.jpg
/content/dam/asset-migration/other/UK_Privacy_Notice_for_Consultants_and_Other_External_Individuals_5.jpg
/content/dam/asset-migration/other/UK_Privacy_Notice_for_Consultants_and_Other_External_Individuals_6.jpg

International transfers of your personal data

GenesisCare UK is part of a global organisation and we (or third parties acting on our behalf) may store or process personal data within the GenesisCare group of companies for administrative and management purposes. The group companies are located in Spain and Australia and the United States. This processing is based on our own or a third party’s legitimate business interests.

As a global organisation we may engage global suppliers for the provision of services to the GenesisCare Group of companies and such suppliers may also be located outside the UK.

Where we transfer your personal data to a third country or international organisation, we will ensure adequate safeguards and measures are in place to protect your personal data from unlawful use and ensure your fundamental rights are capable of being upheld. We would normally achieve this by:

  • Only transferring personal data to countries deemed capable of providing an adequate level of protection; or
  • Implementing Standard Contractual Clauses; and
  • Adopting technical, organisational and contractual measures, where required, having undertaken a Data Transfer Impact Assessment to ensure that your rights in the country of transfer are essentially equivalent to your rights in the UK.

In certain situations, it may be possible to legitimise the transfer by relying on a derogation. For example, if:

  • You have explicitly consented to the proposed transfer; or
  • The transfer is necessary for the performance of a contract.

In all cases any transfer of your personal data will be compliant with applicable data protection law. If you would like further information regarding the steps we take to safeguard your personal data when making international transfers, please contact the DPO, details at the end of this Privacy Notice.

Data Protection Designation

The data protection designation (e.g., controller, joint controller, processor) will depend on the circumstances and may change if relationships alter. Please seek further information from the Data Protection Officer (DPO) if required, details at the end of this privacy notice.

The controller of your personal data will generally be GenesisCare UK or its applicable subsidiary. 

Where we share information with third party suppliers working under our instructions (i.e., suppliers who act as processors of the data we share for the purposes outlined in the table), we ensure that strict contractual arrangements and safeguards are in place. These companies have no right to use your information except on our behalf for the specified purposes or when required to do so by law.

In certain circumstances GenesisCare and a third party will be a joint controller of your data. This is where GenesisCare and a third party will jointly determine the means and purposes of the processing. Examples of where joint controllership may occur are where your data is used for:

  • Education and conferences
  • Publications, websites, e.g., patient stories, doctor profiles
  • Digital marketing activities
  • Other healthcare organisations
  • Social media and professional networking organisations
  • eMDT activities
  • Research activities where GenesisCare UK has determined the means and the purposes
  • Management of our subsidiary and affiliated entities and related activities (e.g. provision of systems, services and support).

Data Security

We hold your details on our referral engagement software which documents details of consultants and doctors and connects with our events management software.

We will secure your information by:

  • Establishing a network of individuals across the organisation who are accountable and responsible for information risk management
  • Existence of various organisational measures including policies and procedures, providing regular training in handling personal data lawfully and conducting regular compliance checks
  • Technical measures including lockable rooms, cabinets, individual log in credentials, encryption and secure disposal of confidential waste
  • Ensuring only appropriate individuals have access to relevant and proportionate information about you
  • Carrying out checks on third parties who process personal data on our behalf.

Data Retention

We retain records in accordance with our Records Lifecycle and Retention Procedure which is based on legal and best practice requirements. When the retention period expires the record will be securely destroyed. The following are examples:

/content/dam/asset-migration/other/UK_Privacy_Notice_for_Consultants_and_Other_External_Individuals_7.jpg

Rights of access, correction, erasure, and restriction

Under data protection law you have a number of specific rights in relation to the personal data that we hold about you. These include rights to know what information we hold about you and how it is used. You may exercise these rights at any time by contacting the DPO, details at the end of this privacy notice and without adversely affecting your care.

We will not usually charge for handling a request to exercise your rights. If we cannot comply with your request to exercise your rights, we will usually tell you why. Unless there are grounds for extending the statutory deadline, we will respond within one month of receipt of a Rights request. If the data relates to health, we may be required to apply special rules to comply with data protection legislation.

  • The right to be informed – This is fulfilled through our privacy notices.
  • The right of access to your personal data – You have the right to request details and a copy of the personal data we hold about you and details about how we use it. We must confirm whether we have personal data about you, and we also need to provide you with a copy of your personal data. We will usually provide you with your personal data in writing unless you request otherwise. If you have made the request electronically (e.g., by email) the personal data will be provided to you electronically where possible. In some cases, we may not be able to fully comply with your request, for example if your request involves another person’s personal data and it would not be fair to that person to provide it to you.
  • The right to rectification – You can require that incomplete information is completed, or incorrect information is corrected. This ensures your information is accurate and up to date.
  • The right to erasure – This is also known as the right to be forgotten. In some circumstances, you have the right to request that we delete the personal data we hold about you. The broad principle underpinning this right is to enable you to request the deletion or removal of personal data where there is no compelling reason for its continued processing. If we have disclosed the personal data in question to third parties, we will inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so. However, there are exceptions to this right. For example, we can refuse to delete your personal data if we need to keep for tasks which are in the public interest, or for establishing, exercising or defending legal claims. If you make such a request and we comply with it, please be aware that we will retain a note of your name, the request made and the date we complied with it.
  • The right to restriction of processing – In some circumstances you have a right to ‘block’ or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it other than in relation to the establishment, exercise or defence of legal claims or for reasons of important public interest. We are able to retain just enough information about you to ensure that the restriction is respected in future.
  • The right to data portability – Where you have provided the information to us, and where the processing is being carried out by automated means and based on your consent or pursuant to the performance of a contract with you, you have the right to obtain the information that GenesisCare UK processes about you and use it for your own purposes. This means you have the right to receive the personal data or where it is technically feasible, have the information transferred to an individual or organisation of your choice, and the information must be provided by us in an electronic format.
  • The right to object – You have the right to object to processing based on our legitimate business interests (including profiling), direct marketing (including profiling) and processing for purposes of scientific or historical research or statistical research purposes. The objection must be on grounds relating to your particular situation.
  • The right not to be subject to automated decisions – This relates to decisions that are made about you by computer alone that have a legal or other significant effect on you. GenesisCare UK does not carry out automated decision-making in relation to Consultants and Other Clinical External Individuals. In the event that our policy in this respect changes, we shall update this privacy notice.
  • Your right to withdraw consent – In some cases to comply with data protection legislation we need your consent in order to use your personal data.  Where we rely on this, you have the right to withdraw your consent to our continuing and further use of your personal data. You can do this by contacting the DPO, details below.

Information Commissioners Office

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, for example if you are unhappy with the way that we have dealt with a request from you to exercise your rights, or if you think we have not complied with our legal obligations.

Whilst you are not obliged to do so, we would appreciate you making us aware of any issue prior to notifying the ICO and giving us the opportunity to respond. Please contact the DPO, details below. 

Making a complaint will not affect any other legal rights or remedies that you have.

Information Commissioner’s Office, at casework@ico.org.uk, or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephone 0303 123 1113 (local rate call). Website: https://ico.org.uk/

Questions and queries

If you have any queries or would like to exercise your rights or to establish whether any rights apply to you, please contact: the GenesisCare Information Governance Manager at infogov@genesiscare.co.uk, or at GenesisCare, 69 Alma Rd, Windsor SL4 3HD. Telephone 01753 418444.

Data Protection

If you have any questions about this privacy notice or how we handle your personal data please contact the relevant DPO:

Company name Email Telephone number

GenesisCare UK

dpo@genesiscare.co.uk

07841 207 263 – Data Protection Officer

BHL BHLdpo@genesiscare.co.uk

07956 616 414 – Data Protection Officer

BPC BPCdpo@genesiscare.co.uk

07956 616 414 – Data Protection Officer

Revised December 2022