Personal data is:
'Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;'
'Special categories' of personal data (sensitive personal data) relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
1.2.Why does AppointmentHub collect and store data?
AppointmentHub needs to collect, process and store personal information about you in order to deliver efficient and effective services.
Legal basis for processing
We often have two main legal bases for processing personal data. Firstly, where it is necessary for the purposes of the legitimate interests pursued by AppointmentHub or by a third party to process your information. We can do that so long as we do not interfere with your fundamental rights or freedoms.
Secondly, because we have your consent (i.e. agreement) to us processing your personal information. Our customers are asked to give consent when signing up to use AppointmentHub .Under the GDPR, consent is a legal basis for processing personal information. You can withdraw your consent at any time. This is explained further below in the section entitled 'Your rights under GDPR'.
To process personal data about criminal convictions or offences, we must have both a lawful basis for the processing and either legal authority or official authority for the processing.
The other reasons we can rely upon to process your personal information under GDPR is as follows:
Where we are under a legal obligation or an obligation under a contract to process/disclose the information.
Where we need to protect the vital interests (i.e. the health and safety) of you or another person.
Some personal information is treated as more sensitive. The legal basis for processing these special categories of personal information is more limited. To lawfully process special categories of personal data, we must identify a lawful basis for the processing and meet a separate condition for the processing. The basis we can use these are:
With your consent;
Where we need to protect the vital interests (i.e. the health and safety) of you or another person;
Where you have already made your personal information public;
Where we or another person needs to bring or defend legal claims; and/or
Substantial public interest grounds
1.3.What data we collect from users of the site?
We may collect the following personal data ("User Data") from you when you use our online services:
Detailed personal information such as age, sex, date of birth, contact details (telephone numbers and email addresses)
1.4.Who the personal information relates to?
We collect and hold personal information about:
Patients - This includes current and former patients who have signed-up to the Site
Specialists - This includes current and former specialists who have signed-up to the Site
We will minimise our holding and use of sensitive categories of personal information.
1.5.What use do we make of user data?
We will use your data this is collected for the following purposes:
Provide you with our services
Dealing with your enquiries and requests
Administering your account
Monitoring to improve or tailor the services we provide
Provide you with information and offers from us that we believe you may find useful or interesting, such as marketing or promotional materials, if you have opted-in to receive such information.
1.6.Protecting and sharing information
AppointmentHub may make User Data available to successors in title to our business.
We may engage third party companies and individuals to facilitate our services, to provide the services on our behalf and to perform services related to administration of the services or the Site (including, without limitation, payment processing, maintenance, hosting and database management services). These third parties may have access to or be provided with your Data only to perform these tasks on our behalf. These third parties that operate through websites may have their own privacy policies. We encourage you to read the privacy policies and other terms of such websites before using the services.
Our staff only have access to your personal information when and if they need to use it to provide the service to you. We will also disclose information as required by law.
1.7.How long do we hold your data for?
In most cases we hold the majority of your data for up to  years.
1.8.Your rights under GDPR
Right to be informed: We will provide you with a privacy notice to tell you how we are using your personal data.
Right of access: You have the right to obtain access to your own personal data at any time so you are aware of and can verify the lawfulness of processing. Information will be supplied within one month of receipt of the request. This can be extended by a further two months where requests are complex or numerous. This will be provided free of charge unless you ask for multiple copies or the request is manifestly unfounded or excessive. We can also refuse your request if it adversely affect the rights and freedoms of others or is manifestly unfounded or excessive. You can make a subject access request by contacting email@example.com
Right of rectification: You have the right to have your personal data rectified if it is inaccurate or incomplete. If we have disclosed this to third parties, we will tell you if this is appropriate and we will inform them of the rectification where possible.
We must respond within one month, extendable by two months where the request for rectification is complex.
Right of erasure: You have the right to request the deletion of personal data where there is no compelling reason for its continued processing or if we are processing it in an unlawful manner – for example if we are using it for a different purpose than originally stated.
Right to restrict data processing: Under certain circumstances, you have a right to 'block' or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it. We can retain just enough information about you to ensure that the restriction is respected in future.
Right to data portability: You can obtain and reuse your personal data for your own purposes across different services. This right applies where the processing is based on your consent or for the performance of a contract; and when processing is carried out by automated means.
Right to object: You have the right to object to:
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
Direct marketing (including profiling); and
Processing for purposes of scientific/historical research and statistics.
If we process personal data for the performance of a legal task or our organisation's legitimate interests, you must have an objection on "grounds relating to you particular situation"
We must stop processing the personal data unless:
We can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
The processing is for the establishment, exercise or defense of legal claims.
The Personal Data is essential to the continuation of the tenancy or is in the 'vital interests' of the tenant.
Right to Withdraw Consent at any Time: You may contact AppointmentHub to request this. Although we may not be able to accept your request for certain types of data, please contact us if you wish to discuss this further.
Right to complain: about any matter relating to our service, including how we use your personal data:
In the first instance please contact us at firstname.lastname@example.org
If you wish to complain about our use of your personal data you may complain to the UK Information Commissioner's Office (ICO) at ico.org.uk
While it is unlikely, we may be required to disclose your User Data by a court order or to comply with other legal requirements. We will use all reasonable endeavours to notify you before we do so, unless we are legally restricted from doing so.
1.10.No commercial disposal to third parties
We will not sell, rent, distribute or otherwise make User Data commercially available to any third party without your prior permission.
1.11.Storage of user data
Given that the internet is a global environment, using the internet to collect and process User Data necessarily involves the transmission of data on an international basis. Therefore, by browsing our Site and communicating electronically with us, you acknowledge and agree to our processing of your User Data in this way.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your User Data, we cannot guarantee the security of your User Data transmitted to our Site; any transmission is at your own risk. Once we have received your User Data we will use procedures and security features to try to prevent unauthorised access.
1.14.Information about us
Please contact us at the following email address with any questions and/or complaints about our service to you email@example.com
AppointmentHub Operated by VIPGP HEALTHCARE LTD
25 The Lunds,
Kirk Ella, Hull HU10 7JJ
phone: 020 8191 75 85