Privacy Notice – Patients & Visitors

Our Privacy Notice is intended to set out what personal data and information Spencer Private Hospitals, our Clinicians and Staff may collect and hold from you and how that information may be used and / or shared.

Should you have any questions or comments, you can contact our dedicated data protection team via the contact information below.

Privacy Policy

Through this Privacy Notice we will refer to "us", "we", "our" or "Spencer" to refer to Spencer Private Hospitals as a company and organisation who hold and process your personal data.

We will refer closely to the Clinicians, Doctors and Clinical Teams that provide your care throughout our Privacy Notice and we will refer to these groups of people as Clinicians.

Our Privacy Notice will provide you with an overview of how we will handle your data from the time of collection and thereafter. We will provide you with details of how we will use the data we hold and how we will comply with the laws in doing so.

Our Privacy Notice sets out your individual rights and how to access your data.

In cases of emergency you can contact the Data Protection Team

Telephone07851 261482 / 07583 867301

Email: dataprotection@spencerhospitals.com

Post: Data Protection Office, Spencer Private Hospitals, Units 2 & 4 Almond House, Betteshanger Road, Betteshanger, Deal, Kent, CT14 0EN

We are registered with the Information Commissioners Office, our Registration Number is Z6746009

Our Data Protection Officer is:

DPO Centre Ltd and can be contacted on 0203 797 1289

The personal information that we collect very much depends on the relationship you have with us. From Patients to Staff, to Family, Friends and Relatives, Contractors and Visitors to our sites, we will collect different information about you.

At times it will be necessary for us to share some of this information with individuals and teams within the organisation and with external third parties where necessary.

When doing so we must comply with the UK General Data Protection Regulation, and other such laws to protect your information.

We may collect “personal data” such as name, address and telephone number or in some cases more detailed and specialised data defined as “special category data” such as healthcare records, race, sex or at times criminal conviction details about you. For example, as a patient it will be necessary to collect information about your health and previous care.

Personal Information will be collected on completion of a Registration Form as part of this document you will also be provided with the options available for us to communicate with you. If you provide personal information to us about other individuals such as Next of Kin, financial or medical information, you must advise them of you doing so and ensure that they are provided with access to our Privacy Notice detailing how we will process their information.

It is important that you remember to keep us updated of any changes to your personal information.

We collect information in many formats, including but not limited to paper and electronic records. We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes as set out in this Privacy Notice. If you would like further information regarding the periods for which your personal information will be stored and how, please contact our Data Protection Office for further details.

At Spencer we may collect some or all of the following information from you:

Personal Data

Personal data is any information that can be directly or indirectly used to identify you as an individual.

Special Category Data

As a patient at Spencer Private Hospitals we will need to collect information about your health and previous care to enable us to treat you. This type of information is known as special category data and if collected for a specific reason under the UK General Data Protection Regulation.

Personal Data

Special Category Data

Name

Health care information

Address

Nationality

Telephone Numbers

Race / Ethnicity

Email Address

Religion

Financial

Sex / Sexual Orientation

Next of Kin

Genetic / Biometric Data

Emergency Contacts

Criminal Conviction History

How do we collect your information?

We may collect your data from several different sources, such as GPs, Dentists, Other hospitals, NHS and Private Providers, Mental Health Providers and Clinicians (including their Medical Secretaries). They may also be occasions when we need to obtain information directly from you or another organisation on your behalf.

For example:

  • When you enter a contract with us for the provision of healthcare services
  • When you submit a query to us through our website, by email or by social media
  • When you correspond with us by letter, email and telephone
  • When you take part in our marketing activities
  • We could obtain information from other healthcare organisations in the following forms such as Medical records from your GP, Clinicians, Medical Secretaries, Dentist and NHS or any private healthcare organisations.

Calls to our 0330 019 4890 telephone number may be answered by our external answering service called Money Penny. The information collected from you will be the minimum needed to either answer or redirect your call. The information you volunteer to us will be used for the purpose of responding to you or to improve the call answering service we provide. Please do not volunteer any medical or other sensitive information to the Moneypenny answering agent.

It may be necessary for us to seek information and share information with other organisations such as third parties. More often this could be in the form of Insurance Companies, Government bodies and Healthcare Organisations.

We may disclose information to the third parties about you. We have taken listed below some examples of those that we may share with:

  • Your clinician (including their medical secretaries)
  • A doctor, nurse, carer or any other healthcare professional involved in your treatment
  • Your GP, Your dentist
  • Other private healthcare providers
  • Members of support staff involved in your care, such as receptionists, administrators and porters
  • Anyone that you ask us to communicate with or provide as an emergency contact, e.g. your next of kin or carer
  • National and other professional research/audit programmes and registries, such as the National Joint Registry, The Tissue Registry and Trust Pilot.
  • Third parties who assist in the administration of your healthcare, such as insurance companies and pre-assessment software companies
  • NHS organisations, including NHS England, Department of Health
  • Private Healthcare Information Network (PHIN) NHS England & NHS Digital, Clinical Commissioning Groups & Commissioning Support Units
  • Regulatory bodies such as the Care Quality Commission
  • Our insurance providers
  • Our third-party providers such as IT suppliers, lawyers, auditors, marketing agencies and alike
  • Government bodies, including the Ministry of Defence, the Home Office and HMRC
  • Debt collection agencies
  • The police and other third parties where reasonably necessary for the prevention or detection of crime

This is not an exhaustive list, we may communicate with third parties in a variety of ways including email, post, fax and telephone.

At Spencer we are most likely to contact you by letter, telephone, email and SMS text message service.

On completion of a Registration Form Document, you will be given the opportunity to choose your preferred means of communications. When contacting you in these ways, we will be doing so based on the information you or a third party has supplied to us and your preferences for us doing so.

We may use your personal information to contact you with information about products or services which may be of interest to you where you have provided your consent for us to do so. We may also provide your personal information to market research agencies for collecting your feedback which will be used to develop better products and services for you.

At times it is also necessary for us to contact you to engage you in the participation of surveys regarding the services we offer. Surveys are largely sent post-treatment by SMS Messaging or Email. This contact is not a form of marketing, but a means for Spencer to gain constructive feedback on patient experiences, treatments and improvement. You will be contacted to take part only if you have consented to do so.

Our Patient Satisfaction Surveys are voluntary, and your participation is greatly appreciated, however if you do not wish to take part in these, you just need to tell us so that we can update your preferences for contact.

We also conduct post-surgery outcome surveys in accordance with national guidance and will invite NHS funded patient to participate in these as part of your treatment journey with us. These surveys are not a form of marketing and are called Patient Reported Outcome Measures (“PROMs”). We collect this information for NHS funded patients who have undergone specific surgeries e.g. Hip and Knee Replacements. The results are shared with NHS England. A leaflet explaining the survey and its intended feedback will be sent to you before your treatment takes place. This is usually via post with your booking information, but may also be provided to you directly at the hospital. If you decide to take part in the survey subsequent surveys will also be sent to you and set intervals to establish the benefit you have gained from treatment.

For private patients we share anonymised information relating to activity and treatments within Spencer Hospitals to PHIN (Private Hospital Information Network). Please visit https://www.phin.org.uk/hospital/spencer-private-hospitals-margate?hid=17945 for more information.

We may from time to time conduct marketing campaigns designed specifically to target key areas. For example Cosmetic Surgery, and so we will rely on a computer-generated decision of which target audiences may be appropriate. This is classed as automatic decision making or profiling. We may then focus our marketing to you depending on the outcome of that profiling. This could include targeted ads through social media platforms such as Facebook, Twitter and LinkedIn.

You have the right to object to auto-profiling and can do so by contacting our Data Protection Team.

We will process your information for several reasons; however we will let you know why we are processing it and the legal basis we have for doing so.

Below sets out in more detail the common legal basis that will be used to justify the processing of your personal data, and in addition the most common ones for processing of special category data.

  • Consent – We will use consent for some if not all the information we process about you. This will be done via the patient registration document that you read and sign when you first attend with us. You will be asked to give clear consent for us to process the personal data and for a specific purpose. By doing this you are entering into a contract with Spencer Private Hospitals, to provide you with healthcare services.
  • Contract – By entering a contract with us, you will provide us with the necessary legal basis to process your information under contractual grounds. Often for the purposes of providing you with healthcare, based on a contract between you and Spencer or one of its Clinicians.
  • Legal obligation – In short, when you are obliged to process the personal data to comply with the law.
  • Vital interests – We would use this basis when it is absolutely necessary to do so and in the interests of protecting someone’s life. We will only do this when it is not possible to obtain consent direct from the patient.
  • Public task - The processing is necessary for us to perform a task in the public interest . This is unusual in relation to the provision of your care, however if required to process your information in the public interest, we would do so in accordance with this privacy notice.

Legitimate interests - We will use this basis for processing of your personal information. We will only process if we have an appropriate business need to and that in doing so the business need does not cause harm to you. In the main we will rely on this basis to process for activities such as maintaining our records, developing and improving the business and quality assurance.

Under UK General Data Protection Regulation you have access to certain rights in relation to the personal information that we hold and process about you.

You may exercise these rights at any time by contacting us using the details below. We will not charge you for exercising your rights. If we cannot accommodate your requests we will contact you to advise why.

In this section each right is explained in more detail and advise on how to action these rights with us.

The Right To Be Informed:

You, the individual have the right to be advised what personal information we hold, why we process it, how we store it and where we share it.

The Right To Access Your Information:

You have the right to access the information we hold for you. You can access this information by submitting a Data Subject Access Request (DSAR). Your information will be supplied to you usually in writing, unless otherwise requested. We will attempt to provide your information in a common requested format where possible. A separate policy is available which sets out the process for Data Subject Access Requests. Please contact our Data Protection Team for more information.

The Right To Rectification:

You have the right to question and update information that you think may be wrong, or has not been updated.

The Right To Erasure:

You have the right to request your information to be erased. On receiving such a request your information will be assessed on its own individual merit and on a case-by-case basis. Depending on the grounds under which the request has been submitted and in relation to the type of information we hold, It is possible that the request can be refused should the information held be required in the public interest, including public health or for the purposes of defending against legal claims.

The Right To Restrict Processing:

You have the right to restrict processing of your personal information. You can limit the use of your personal information, amend your preferences and communication means at any time.

The Right To Data Portability:

You have the right to request your data be portable and in an accessible format, You can also request us to pass your information to other organisations in a similar common format.

The Right To Object:

You have the right to object to our use of your personal data, in these circumstances we will need to work with you to establish if this is applicable to all data we hold or certain aspects of it.

Your Right To opt Out Of Automatic Decision Making And Profiling: From time to time we may use computer generated software to analyse data and activity across our business. This service automatically monitors and records your information and uses it to guide us on marketing drives, customer preference and areas of interest.

International data transfers

We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the UK and European Economic Area ("EEA"). Where we make a transfer of your personal information outside of the EEA, we will only transfer information that is relevant and necessary and with your consent. We will take all required steps to ensure that your personal information is protected during transit.

Comments and Complaints

Should you wish to comment or complain, you can do so by contacting our Data Protection Team on the contact information above or you can also contact the Information Commissioners Office directly using the link below.

https://ico.org.uk/make-a-complaint/

or by telephone 0303 123 1113.

Making a complaint will not affect any other legal rights or remedies that you have.

If you would like further information about any of the areas covered in this Privacy Notice or have this provided in other accessible format, please contact our Data Protection Team.

The security of your information is important to us, and so if you have any concerns regarding the accessing of your information, the conduct of our clinicians or staff in relation to your data, we urge you to contact our Data Protection Team at Spencer we comply with UK General Data Protection Regulation and relevant data protection laws. We also apply guidance from professional bodies and governance committees to ensure your data is accessed and processed lawfully. These include the General Medical Council and the Nursing and Midwifery Council.

Privacy Notice – Updated November 2023.

Contact Us

There were problems with the following fields: