Privacy Notice

This Privacy Notice sets out what personal information we may collect from you and how that information may be used when browsing the Gary L Ross Website – garylross.co.uk and when you interact with us via social media. This Privacy Notice does not cover any links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave this website, we encourage you to read the privacy policy of every website you visit. The Gary L Ross website is not intended or designed for persons under the age of 18. We do not intend to or knowingly collect personal information from anyone under the age of 13, in accordance with applicable laws. If you are under 18 and wish to ask a question or use this website in a way that requires you to submit any personal information, please ask your parents or guardian to do it on your behalf. If we learn that we have unknowingly collected personal information from someone under the age of 13, we will delete such information as quickly as possible.

Introduction

Gary L Ross is an independent provider of private healthcare, offering treatment to private patients and NHS patients. In order to provide healthcare services, it is necessary that we collect and process certain information about you (“personal data”).  Gary L Ross is committed to protecting and respecting your personal information. This Privacy Notice explains what personal information we may collect from you and how that information may be used. Please take your time to read this Privacy Notice carefully. This Privacy Notice is provided below in the following format:

1. About us
2. What personal information do we collect from you and where do we collect it from?
3. Why do we collect your personal information?
4. Who do we share your personal information with?
5. What marketing activities do we carry out?
6. Your rights
7. How long do we keep your personal information for?
8. International data transfers
9. How to contact us

 

About us

In this Privacy Notice we use “we”, “us”, “our” or “Gary L Ross” to refer to http://garylross.co.uk/ website and employees or staff members reasonably acting on its behalf in the course of their duties.  

What personal information do we collect from you and where do we collect it from?

We may collect information about you when you request any information about us or our services, submit your personal details and/or complete any forms on the website, contact us via social media or use our live chat facilities on our website. This information will come directly from you. In limited circumstances we may also receive information about you on your behalf, such as where you have asked a family member to contact us, or if your GP contacts us directly. Personal information, or personal data, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may also collect special categories of personal information about you. This includes personal information relating to details about your health, and genetic and biometric data, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, or trade union. If you provide personal information to us about other individuals (including medical or financial information) you should inform the individual about the contents of this Privacy Notice. We will process such information in accordance with this Privacy Notice. We have set out details below about the types of personal information we are likely to collect and use about you when you use our websites or interact with us via social media. The extent of the information we collect and use will depend on what information you choose to provide to us or what information is provided to us on your behalf.

Personal data

• General information you provide, such as your name, address, contact details, date of birth, gender and next of kin
• Information relating to appointments
• Information regarding your ability to pay for services and payment information
• Information regarding your experiences with us
• Information you provide in surveys or feedback
• Information relating to any complaint you may make against us or our staff
• Information about your areas of interest, if you are signing up to receive our update emails
• Information you send in any job application or speculative enquiries in relation to job vacancies, such as employment history or qualifications
• Information when you visit our website. Gary L Ross uses Google Analytics and cookies in order to improve our service and user experience and to analyse how the website is used. Aside from the approximate location (IP address), the information collected by Google Analytics is anonymous traffic data including browser information, device information, and language. The collected information is used to provide an overview of how people are accessing and using Gary L Ross’s websites.

Special categories of personal data

• Details of your current or former health condition, including information about medication, lifestyle and other information that may be relevant to your health e.g. employment history, family conditions; race; ethnicity; sex life or sexual orientation, religious or philosophical beliefs
• In limited circumstances, we may process other sensitive personal information including details of your political opinions; and trade union membership, for example, where it is relevant to your health or social history

Why do we collect your personal information?

We process your personal information for the purposes set out in this Privacy Notice. We will only use your personal data when the law allows us to. When the information that we process is classed as “special categories of personal information”, we must have a specific additional legal justification in order to use it as proposed. We rely on the following legal grounds for processing your personal data:

Legal grounds for processing personal information:

• The use is necessary to provide you with healthcare and other related services.
• The use is necessary for fulfilling our contract with you for the delivery of healthcare.
• The use is necessary for fulfilling our legitimate interests (e.g. an appropriate business need) and those interests are not overridden by your privacy rights.

Additional legal grounds for special categories of personal data:

• The use is necessary to provide you with healthcare and other related services.
• The use is necessary to protect your vital interests where you are physically or legally incapable of giving consent.
• The use is necessary for an insurance-related purpose or to protect or exercise our legal rights.
• The use is necessary to comply with a legal or regulatory obligation.
• The use is necessary for service improvement, evaluation and audit (in order to improve the healthcare services that we provide)
• You have given us your explicit consent.

Complying with our legal and regulatory requirements

Legal grounds:

• The use is necessary for compliance with a legal obligation.
• The use is necessary for fulfilling our legitimate interests (e.g. an appropriate business need) and those interests are not overridden by your privacy rights.
• You have given us your explicit consent.

Additional legal grounds for special categories of personal data:

• The use is necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
• The use is necessary in order for us to establish, exercise or defend our legal rights.
• You have given us your explicit consent.

Safeguarding purposes (for example, in order to ensure the health and safety of an individual)

Legal grounds:

• The use is necessary for compliance with a legal obligation.
• We need to use the information to protect your vital interests or the vital interests of a third party.
• The use is necessary to provide you with healthcare and other related services.

Additional legal grounds for special categories of personal data:

• We need to use the information to protect your vital interests or the vital interests of a third party and you or the third party are physically or legally incapable of giving consent.
• We need to use the information for reasons of substantial public interest, such as the use being necessary in protecting an individual from neglect or physical, mental or emotional harm and protecting the physical, mental or emotional wellbeing of an individual.
• You have given us your explicit consent.

Preventing and investigating fraud. This might include sharing your personal information with third parties such as the police or fraud prevention agencies, or carrying out fraud, credit, anti-money laundering and other checks

Legal grounds:

• The use is necessary to provide you with healthcare and other related services.
• The use is necessary for fulfilling our legitimate interests (e.g. an appropriate business need) and those interests are not overridden by your privacy rights.

Additional legal grounds for special categories of personal data:

• We need to use the information for reasons of substantial public interest.

Carrying out marketing activities and providing marketing information to you

 Legal grounds:

• The use is necessary for fulfilling our legitimate interests (e.g. an appropriate business need) and those interests are not overridden by your privacy rights.
• You have given us your consent.

For employment and pre-employment purposes, such as considering job applications from you, carrying out pre-employment checks and entering into an employment contract

Legal grounds:

• Taking steps at your request so that you can enter into an employment contract with Gary L Ross, or for the purposes of that contract.
• We have a legal or regulatory obligation to use your personal information.
• The use is necessary for fulfilling our legitimate interests (e.g. an appropriate business need) and those interests are not overridden by your privacy rights.
• You have provided your consent to our use of your personal information.

Additional legal grounds for special categories of personal data:

• We need to use the information for reasons of substantial public interest.
• It is necessary for the management of our healthcare services.
• It is information that you have made public.
• You have provided your explicit consent.

 

Who do we share your information with?

From time to time, we may share your personal information with others. We will keep your personal information confidential and only share it with those listed below for the purposes explained in the previous section.

Sharing within Gary L Ross

We may share your information with other companies, for example, in order to provide you with healthcare services or progress your employment application, for example with our partner surgeons and medical practitioners with whom we work closely. Sharing with third parties We may share information with the following third parties:

• Clinicians or other healthcare professionals involved in your treatment
• Other staff involved in your healthcare, such as receptionists, secretaries and administrative assistants
• Organisations from which you are receiving healthcare services, such as your GP or dentist
• Third parties who are involved in your healthcare, such as insurers
• Other private sector healthcare providers
• The Private Healthcare Information Network
• Third parties involved in research or audit projects
• NHS organisations, including NHS Resolution, NHS England, Clinical Commissioning Groups, NHS Foundation Trusts, NHS Trusts, or the Department of Health as well as third parties that have contractual relationships with such NHS organisations
• Government bodies such as the Home Office and HMRC
• Regulators, such as the ICO, the Care Quality Commission, Health Inspectorate Wales, and Health Improvement Scotland
• The police and other third parties where reasonably necessary for the prevention or detection of crime
• Anyone that you have asked to communicate with us on your behalf, or have named as an emergency contact, such as your representative, next of kin or carer
• Debt collection agencies
• Our insurers
• Our third party services providers and advisers, such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document storage and management providers and tax advisers
• Preferred partners for credit agreements
• Credit referencing agencies
• Any third parties involved in the sale, transfer or disposal of all or a part of our business

We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax and telephone.  

What marketing activities do we carry out?

We may use your information to provide you with information about products or services which may be of interest to you where you have provided your consent for us to do so. To enable us to provide you with email marketing services, the information you register with on our website may be processed by a third party company. At Gary L Ross, we take patient confidentiality seriously. Where you are receiving marketing information by email, you can unsubscribe by clicking on the link within the email that has been sent to you, or by emailing us your request.

What automated decision-making do we carry out in relation to your personal information?

An automated decision is a decision made by computer without any human input. We do not currently carry out automated decision-making (‘profiling’) in respect of your personal information. However, as explained above when you visit our websites, Gary L Ross uses cookies to improve services and user experience and to analyse how the website is used. This may include targeted advertising if you have opted-in to these cookies.  

Your rights

Under certain circumstances, you have rights under data protection laws in relation to any personal information that we hold about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Under data protection law we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you:

• The purposes for which we use your personal information.
• The types of personal information we hold about you.
• Who your personal information has been or will be shared with, including in particular organisations based outside the EEA.
• If your personal information leaves the EU, how we make sure that it is protected.
• Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for.
• If the personal data we hold about you was not provided by you, details of the source of the information.
• Whether we make any decisions about you solely by computer and if so details of how those decisions are made and the impact they may have on you.
• Your right to ask us to amend or delete your personal information.
• Your right to ask us to restrict how your personal information is used or to object to our use of your personal information.
• Your right to complain to the Information Commissioner’s Office.

If you are a patient of Gary L Ross and you wish to request details of or a copy of your medical records, please contact the hospital at which you have received the care and treatment. For all other requests for any personal information we may hold (such as employment records, if you are an ex-employee) please direct your request to your point of contact at Gary L Ross, using the appropriate contact details. Under the same laws, you also have the following rights: The right to request correction of your personal information The right to request erasure of your personal information The right to object to the processing of your personal information The right to request a transfer of your personal information The right to object to marketing The right not to be subject to automatic decisions (i.e. decisions that are made about you by computer alone) The right to complain to the Information Commissioner’s Office More information can be found on the Information Commissioner’s Office website:  https://ico.org.uk/  

How long do we keep personal information for?

We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice and in order to comply with our legal and regulatory obligations.  

International data transfers

We (or third parties acting on our behalf) may transfer, store or process information about you in countries outside the EEA. Where this is the case we take the required steps to ensure that your personal information is protected.  

How to contact us

To call or email us, you can contact us here.