Skip to main content

Privacy policy

Introduction

Connexus Health & Rehabilitation (referred to as “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our clients that communicate (online or offline) with us, at events, over the phone, via our website, helpdesk, and social media platforms.

We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information.

Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018.

This policy should be read together with our Cookie Policy that can be found on our website.

Data Controller

Connexus Health & Rehabilitation is part of Connexus Medical Appointments Limited who are the data controller for the personal information we process, unless otherwise stated. We are registered with the Information Commissioner’s Office (the ICO) with registration number Z3293705.

Connexus Medical Appointments Limited is part of the Connexus Group of companies, (a private limited company registered in England with the company number 07821240),

You can contact us either by phone, email, or post. • By phone: 0808 1963 688 • By email: chrenquiry@connexus-health.co.ukus-health.co.uk • By post: 850 Ibis Court, Centre Park, Warrington, WA1 1RL

Our Data Protection Officer can be contacted at the above address or by emailing cmadataprotection@connexus-health.co.uk

How we collect your personal information

We collect Personal Data directly from you via our Website (www.connexus-health.co.uk) and other communications between us when you use or apply for our services. This includes:

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect about you, from third party organisations or that you have voluntarily provided to us on this website or from enquiry/contact forms, event/exhibition or other contact methods includes:

Identity Data

Includes first name, maiden name, last name, marital status, title, date of birth, gender, passport information, driving licence information or other identification information, NHS Number, CCTV footage if you visit the practice.

Contact Data

Includes present and previous address, email address, telephone numbers, registration form, LinkedIn profile.

Employment Data includes the industry you work within.

Financial Data includes payment card details. This is retained in line with Payment Card Industry Data Security Standards (PCI DSS).

Technical Data

Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website. Records of conversations. (Calls may be recorded for training and monitoring purpose).

Profile Data

Includes information you provide us, services offered and used, your marketing preferences, feedback, and survey responses

Healthcare Related Data

That helps us diagnose medical treatment and provide the most appropriate form of treatment. This may include details of previous or ongoing medication and drugs which may be prescriptive or non-prescriptive, details of alcohol consumption, or personal information that is/has affected your mental wellbeing/safety.

Other Personal Data

You voluntarily provide, which may include people appointed to act on your behalf and special category personal data, for example data which you provide about your health where this relates to your ability to meet your obligations under the agreement. We have details of any accident you may have had including the date and any photographic evidence.

Aggregated Data

Such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

How we use your information and Legal basis

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Contract: the processing is necessary to enter into a contract you have with us.
  • Legal obligation: the processing is necessary for us to comply with the law. For example, Money Laundering Regulation and associated laws.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. For example, to understand how customers use our services so we can develop new services and improve the services we currently provide.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

Purpose/Processing Activity Lawful bases for processing
To contact you, following your enquiry or to reply to any questions Performance of a contract
Customer Service enquiries: reply to suggestions, issues or complaints you have contacted us about Legitimate interest
Fulfilling our contract to provide you with the agreed service. Performance of a contract
Taking payment from you or giving you a refund Performance of a contract
Process medical details/history provided by you or received from a Doctor/Medical Expert Performance of a contract/consent
Helping us understand more about you as a client, the services you consume, so we can serve you better. Legitimate interest
Marketing/analytics from our website using cookies. Consent (where required)
For the purposes of arranging medical appointments with medical experts and obtaining such medical reporting either from the medical expert and your General Practitioner Performance of a contract
For research and statistical analysis about our service Legitimate interest

Who we might share your information with

We may share your personal data with other organisations in the following circumstances:

If the law or a public authority says we must share the personal data.

If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk).

Insurers that have asked us to produce a report following an accident.

Solicitors/Legal Advisors who have asked us to produce a report following an accident.

Medical Experts/General Practitioners (GP’s)/Consultants/Rehabilitation Providers who we need to share any information with.

Diagnostics Providers who carry out specialist investigation.

External Auditors who audit us to ensure we are working within regulations.

In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

If the company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

To protect the rights, or safety of our clients or others.

How we keep you updated on our services

We will send you relevant news about our services in a number of ways including by email, but only if we have a legitimate interest to do so and we have completed a legitimate interest assessment for the processing activity.

Newsletters and marketing communications might be sent from our own domain (www.connexus-health.co.uk)

Each email communication will have an option to object to the processing, if you wish to amend your marketing preferences, you can do so by calling us on the number displayed on our website and update your preferences.

Your rights over your information

Your personal information is protected under data protection law and you have several rights (see below) available to you depending on our reason for processing. Please contact our Data Protection Officer should you wish to exercise these rights. We may need to verify your identity before we can act on your request.

You have the right to:

Request access

To your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, subject to certain exceptions.

You have the right to:

Request rectification

Of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Request erasure

Of your personal data. You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances. It may not always be possible for us to delete the information we hold about you, for example, if we have an ongoing relationship with you or we are required to retain information to comply with our legal obligations.

Object to processing

Of your personal data when it is based upon our legitimate interests or for the purpose of statistical analysis, profiling or direct marketing.

Request restriction of processing of

Your personal data. This is not an absolute right and only applies in certain circumstances. For example, where you contest the accuracy of your personal information, it may be restricted until the accuracy is verified, or where the processing is unlawful but you object to it being deleted and request that it is restricted instead.

Request data portability

Of your personal data to you or to a third party. You have the right to receive, move, copy, or transfer your personal information to another controller.

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent

At any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

For more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers, such as us, are available publicly. You can access them here Your data matters.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

How long we keep your information for

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and never retain your information for longer than is necessary.

Unless otherwise required by law, your data will be stored for a period of seven years after our contract with you expires or two years after our last contact with you or some other identifiable action, at which point it will be deleted.

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

If your information is transferred to a third party their Data Retention Policy may differ to ours.

Automated Processing

We do not automate any of our services.

Security

Data security is of great importance to Connexus Health & Rehabilitation and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

  • Limiting access to our buildings to those that we believe are entitled to be there by use of passes.
  • Implementing access controls to our information technology; and
  • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, website and offices.

Transferring your data abroad

We do not transfer your personal data outside the European Economic Area (EEA), and should we require to do so, we will ensure we have standard contractual clauses in place.

Keeping your information accurate

It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes during your relationship with us. This should include any change of address, telephone numbers and health matters that may affect the management of your account.

Complaints

If you have any questions about how we treat your personal data and protect your privacy please email cmadataprotection@connexus.co.uk or call us on the number below.

Connexus Health & Rehabilitation: 0808 196 3688

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) make-a-complaint or call 0303 123 1113.

Changes to this Privacy Policy

This version was last updated on 10 May 2021 and historic versions can be obtained by contacting us at compliance@connexus.co.uk. If changes to this privacy notice have a major effect on what we do with your personal data or on you personally, we will give you enough notice to allow you to exercise your rights (for example, to object to the processing).

Updated May 2021.