HealthBus is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. HealthBus processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When you make an enquiry with us about any of the services we offer, we’ll ask you to provide some contact information. This may include some or all of the following:
- full name
- previous names
- current home address
- previous residential addresses
- date of birth
- landline and mobile phone number
- email address
- When applicable, your bank details.
How do we use your personal information?
You will agree that we need to have your personal information in order to do our job properly. Information such as name, address, are essential when processing workstreams. This information is stored on our system and backed up regularly on a secure server in the UK. We will also use your personal data to confirm your identity.
The law requires us to comply with a number of regulations. Where necessary, we use your personal data to allow us to fulfil our legal and regulatory requirements.
We will only share personal information with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
We use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with certain third parties including, but not limited to:
Equifax for Money Laundering checks and credit score reports.
Your bank details and the DD facility is looked after by one of our close partners (SmartDebit) which are FCA regulated and holds an ISO 27001:2013 security certificate.
We use third parties to support us with our Information Technology and marketing departments. Personal data may be stored with any one of them.
We do not share your information with or introduce you to another third party without your written or oral consent.
We do not record calls however we may keep the time and date we have spoken to you if something of importance was discussed during this conversation.
We do not keep any information on unsuccessful candidates who did not join our team.
All of our Pcs and portable devises are encrypted.
We do not send sensitive information via email without encrypting the content and attachments. Non-sensitive details are sent normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
How long do we keep your information for:
In order to comply with legislation, we keep information and data for seven years from the end of the financial year. We also keep information for seven years from the date our relationship has ended.
Your right of access. You have the right to access your personal data and supplementary information. Individuals have the right to obtain:
- confirmation that their data is being processed
- access to their personal data
- other supplementary information
Right to Rectification. Individuals have the right to request that inaccurate personal data is rectified or completed if it is incomplete.
Right to be forgotten. You have the right to have your personal data erased if:
- the personal data is no longer necessary for the purpose which it was originally collected
- we rely upon consent as our lawful basis for holding the data and you withdraw that consent
- we have processed your personal data unlawfully
The right to be forgotten does not apply where processing is necessary for comply with a legal obligation. As an example, we are required to retain records that demonstrate our workings and evidence for our calculation. These records contain personal information and sensitive data. We will not remove or delete any personal information or data until such time as our obligation has been fulfilled in respect of each transaction.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to provide the information requested or refuse to respond. In these instances, we will inform you and explain our reason.
Before we proceed with any request, we will take steps to verify the identity of the person making the request.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Under the Legitimate Business Interest rules and the Soft Opt-In rules, we will continue to send our clients our newsletters.
Should you wish to unsubscribe to those, you may tick the relevant option at the bottom of each email.
We do not send any marketing materials to individuals or organisations who are not our client unless we have their verbal or written consent to do so.
Sensitive personal information will be sent via a secured channel of communication or any other agreed method. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
When you send us confidential information over an email, this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.
Should you have any concerns or questions on the above, please contact us.