Spencer Private Hospitals Privacy Notice
Our Privacy Notice is intended to set out what personal data and information Spencer Private Hospitals, our Clinicians and Staff may collect and hold from you and how that information may be used and / or shared.
Should you have any questions or comments, you can contact our dedicated data protection team via the contact information below.
About ‘US’ - Spencer Private Hospitals
Through this Privacy Notice we will refer to "us", "we", "our" or "Spencer" to refer to Spencer Private Hospitals as a company and organisation who hold and process your personal data.
We will refer closely to the Clinicians, Doctors and Clinical Teams that provide your care throughout our Privacy Notice and we will refer to these groups of people as Clinicians.
Our Privacy Notice will provide you with an overview of how we will handle your data from the time of collection and thereafter. We will provide you with details of how we will use the data we hold and how we will comply with the laws in doing so.
Our Privacy Notice sets out your individual rights and how to access your data.
How to contact us:
During the C-19 Pandemic, we have limited access to post sent to our offices. Please refrain where possible from using post, instead please make use of our online forms, or email contact addresses to send correspondence directly to the team.
In cases of urgency you can contact Nigel Hurley on 07583 867301
Data Protection Team
Telephone: 01304 222682
Post: Data Protection Office, Spencer Private Hospitals, 2nd Floor, Atina House, 5 Bench Street, Dover. CT16 1JH
We are registered with the Information Commissioners Office and our Registration Number is Z6746009
Our Data Protection Officer is:
DPO Center Ltd and can be contacted on 0203 797 1289
Who do we collect Personal Information from?
The personal information that we collect very much depends on the relationship you have with us. From Patients to Staff, to Family, Friends and Relatives, Contractors and Visitors to our sites, we will collect different information about you.
At times it will be necessary for us to share some of this information with individuals and teams within the organisation and also with external parties where necessary.
When doing so we must comply with the General Data Protection Regulation 2016, and other such laws to protect your information.
What information do we collect and how do we store it?
We may collect “personal data” such as name, address and telephone number or in some cases more detailed and specialised data defined as “special category data” such as healthcare records, race, sex or at times criminal conviction details about you.
For example, as a patient it will be necessary to collect information about your health and previous care.
Personal Information will be collected on completion of a Registration Form Document as part of this document you will also be provided with the options available for us to communicate with you.
If you provide personal information to us about other individuals such as Next of Kin, financial or medical information, you must advise them of you doing so and ensure that they are provided with a copy of this Privacy Notice detailing how we will process their information.
We collect information in many formats, including but not limited to paper and electronic records. We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes as set out in this Privacy Notice. If you would like further information regarding the periods for which your personal information will be stored and how, please contact our Data Protection Office for further details.
It is important that you remember to keep us updated of any changes to your personal information.
At Spencer we may collect some or all of the following information from you:
Personal data is any information that can be directly or indirectly used to identify you as an individual.
Special Categories Personal Information:
As a patient Spencer Private Hospitals we will need to collect information about your health and previous care to enable us to treat you. This type of information is known as special category data and if collected for a specific reason under the General Data Protection Regulation.
Special Category Data
Health care information
Race / Ethnicity
Sex / Sexual Orientation
Next of Kin
Genetic / Biometric Data
Criminal Conviction History
How do we collect your information?
We may collect your personal data and information from a number of different sources, such as GPs, Dentists, Other hospitals, NHS and Private Providers, Mental Health Providers and Clinicians (including their Medical Secretaries). They may also be occasions when we need to obtain information directly from you or another organisation on your behalf such as: When you enter into a contract with us for the provision of healthcare services
When you submit a query to us through our website, by email or by social media When you correspond with us by letter, email and telephone* When you take part in our marketing activities We could obtain information from other healthcare organisations in the following forms such as Medical records from your GP, Clinicians, Medical Secretaries, Dentist and NHS or any private healthcare organisations.
It may be necessary for us to seek information and share information with other organisations such as third parties. More often this could be in the form of Insurance Companies, Government bodies and Healthcare Organisations.
We may disclose information to the third parties about you. We have taken time to list below those that we may share with:
- Your clinician (including their medical secretaries)
- A doctor, nurse, carer or any other healthcare professional involved in your treatment
- Your GP, Your dentist
- Other private healthcare providers
- Members of support staff involved in your care, such as receptionists, administrators and porters
- Anyone that you ask us to communicate with or provide as an emergency contact, e.g. your next of kin or carer
- National and other professional research/audit programmes and registries, such as the National Joint Registry.
- Third parties who assist in the administration of your healthcare, such as insurance companies
- NHS organisations, including NHS England, Department of Health
- Private Healthcare Information Network (PHIN) NHS England & NHS Digital, Clinical Commissioning Groups & Commissioning Support Units
- Regulatory bodies such as the Care Quality Commission
- Our insurance providers
- Our third party providers such as IT suppliers, lawyers, auditors, marketing agencies and alike
- Government bodies, including the Ministry of Defence, the Home Office and HMRC
- Debt collection agencies
- The police and other third parties where reasonably necessary for the prevention or detection of crime
We may communicate with these third parties in a variety of ways including email, post, fax and telephone.
How will we communicate with you?
At Spencer we are most likely to contact you by letter, telephone, SMS text message service. We may also contact you by email but only when you have provided consent for us to do so.
On completion of Registration Form Document, you will be given the opportunity to choose your preferred means of communications.
When contacting you in these ways, we will be doing so based on the information you or a third party has supplied to us and your preferences for us doing so.
Marketing and Surveys
We may use your personal information to contact you with information about products or services which may be of interest to you where you have provided your consent for us to do so. We may also provide your personal information to market research agencies for collecting your feedback which will be used to develop better products and services for you.
At times it is also necessary for us to contact you to engage you in the participation of surveys regarding the services we offer. Surveys are largely sent post-treatment by SMS Messaging. This contact is not a form of marketing, but a means for Spencer to gain constructive feedback on patient experiences, treatments and improvement. You will be contacted to take part only if you have consented to do so on completion of the Patient Registration Document.
Our Patient Satisfaction Surveys (MJOG) are voluntary, and your participation is greatly appreciated, however if you do not wish to take part in these, you just need to tell us so that we can update your preferences for contact.
We also conduct post-surgery outcome surveys in accordance with national guidance and will invite NHS funded patient to participate in these as part of your treatment journey with us. The aim is to monitor the outcomes of your treatment. These surveys are not a form of marketing and are called Patient Reported Outcome Measures (“PROMs”). We collect this information for NHS funded patients who have undergone specific surgeries e.g Hip and Knee Replacements. The results are shared with NHS England. A leaflet explaining the survey and its intended feedback will be sent to you before your treatment takes place. This is usually via post with your booking information, but may also be provided to you directly at the hospital. If you decide to take part in the survey subsequent surveys will also be sent to you and set intervals to establish the benefit you have gained from treatment.
For private patients we share anonymised informtion relating to activity and treatments within Spencer Hospitals to PHIN (Private Hospital Information Network). Please visit https://www.phin.org.uk/hospital/spencer-private-hospitals-margate?hid=17945 for more information.
We may from time to time conduct marketing campaigns designed specifically to target key areas. For example Cosmetic Surgery, and so we will rely on a computer generated decision of which target audiences may be appropriate. This is classed as automatic decision making or profiling.
We may then focus our marketing to you depending on the outcome of that profiling. This could include targeted ads through social media platforms such as Facebook, Twitter and LinkedIn.
You have the right to object to auto-profiling and can do so by contacting our Data Protection Team.
Why do we process your information?
We will process your information for a number of reasons, however we will let you know why we are processing it and the legal basis we have for doing so. Below sets out in more detail the common legal basis that will be used to justify the processing of your personal data, and also in addition the most common ones for processing of special category data.
- Consent – We will use consent for some if not all of the information we process about you. This will be done via the patient registration document that you read and sign when you first attend with us. You will be asked to give clear consent for us to process the personal data and for a specific purpose. By doing this you are entering into a contract with Spencer Private Hospitals, to provide you with healthcare services.
- Contract – By entering into a contract with us, you will provide us with the necessary legal basis to process your information under contractual grounds. Often for the purposes of providing you with healthcare, on the basis of a contract between you and Spencer or one of its Clinicians.
- Legal obligation – In short, when you are obliged to process the personal data to comply with the law.
- Vital interests – We would use this basis when it is absolutely necessary to do so and in the interests of protecting someone’s life. We will only do this when it is not possible to obtain consent direct from the patient.
- Public task - The processing is necessary for us to perform a task in the public interest . This is unusual in relation to the provision of your care, however if required to process your information in the public interest, we would do so in accordance with this privacy notice.
- Legitimate interests - We will use this basis for processing of your personal information. We will only process if we have an appropriate business need to and that in doing so the business need does not cause harm to you. In the main we will rely on this basis to process for activities such as maintaining our records, developing and improving the business and quality assurance.
During the C19 Pandemic there may be a delay in responses to Subject Access and Freedom of Information Requests whilst we work on collating your information. We are doing our upmost to return these within the required time, however due to remote working and restricted access to the hospitals, there may be a delay in returning this information to you. Should there be a delay we will be in contact with you to advise.
Under the new General Data Protection Regulation you have access to certain rights in relation to the personal information that we hold and process about you. In particular you may exercise these rights at any time by contacting us using the details below. We will not charge you for exercising your rights. If we cannot accommodate your requests we will contact you to advise why.
In this section each right is explained in more detail and advise on how to action these rights with us.
The Right To Be Informed:
You, the individual have the right to be advised what personal information we hold, why we process it, how we store it and where we share it.
The Right To Access Your Information:
You have the right to access the information we hold for you. You can access this information by submitting a Subject Access Request (SAR). Your information will be supplied to you usually in writing, unless otherwise requested. We will attempt to provide your information in a common requested format where possible. A separate policy is available which sets out the process for Subject Access Requests. Please contact our Data Protection Office for more information.
The Right To Rectification:
You have the right to question and update information that you think may be wrong, or has not been updated. If you think this may be the case you can contact our Data Protection Team via the contact information below.
The Right To Erasure:
You have the right to request your information to be erased. On receiving such a request your information will be assessed on its own individual merit and on a case by case basis. Depending on the grounds under which the request has been submitted and in relation to the type of information we hold, It is possible that the request can be refused should the information held be required in the public interest, including public health or for the purposes of defending against legal claims.
The Right To Restrict Processing: You have the right to restrict processing of your personal information. You can limit the use of your personal information, amend your preferences and communication means at any time. Please contact our Data Protection Office for advise on how to exert this right.
The Right To Data Portability: You have the right to request your data be portable and in an accessible format, You can also request us to pass your information to other organisations in a similar common format. To do this please contact our Data Protection Team.
The Right To Object:
You have the right to object to our use of your personal data, in these circumstances we will need to work with you to establish if this is applicable to all data we hold or certain aspects of it. If you wish to object to our usage please contact our Data Protection Office.
Your Right To opt Out Of Automatic Decision Making And Profiling: From time to time we may use computer generated software to analyse data and activity across our business. This service automatically monitors and records your information and uses it to guide us on marketing drives, customer preference and areas of interest. If you would prefer not to be included in the analysis, please contact us.
International data transfers
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area ("EEA"). Where we make a transfer of your personal information outside of the EEA we will only transfer information that is relevant and necessary and we will take the required steps to ensure that your personal information is protected before we transfer it.
Comments and Complaints
Should you wish to comment or complain, you can do so by contacting our Data Protection Team on the contact information above or you can also contact the Information Commissioners Office directly using the link below.
or by telephone 0303 123 1113.
Making a complaint will not affect any other legal rights or remedies that you have.
If you would like further information about any of the areas covered in this Privacy Notice or have this provided in other accessible format, or if you have any other questions about how we collect, store or use your personal data, please contact our Data Protection Office.
If you have any concerns or wish to provide feedback on this privacy notice or any of the services offered by Spencer Private Hospitals, please contact our Data Protection Office.
The security of your information is important to us, and so if you have any concerns regarding the accessing of your information, the conduct of our clinicians or staff in relation to your data, we urge you to contact our Data Protection Office At Spencer we comply with EU General Data Protection Regulation and relevant data protection laws. We also apply guidance from professional bodies and governance committees to ensure your data is accessed and processed lawfully. These include the General Medical Council and the Nursing and Midwifery Council.
Privacy Notice – Updated May 2018
Link to Cookies Policy