We would like your experience of our web site to be a pleasant one and wish to reassure you of any concerns you may have over your privacy. This statement outlines:
- What personally identifiable information is collected through this web site;
- How the information is used by FIPO; and
- How you can correct or update information.
1. Your Personal Data – what is it?
Personal Data relates to a living individual who can be identified from that data (the “Data Subject”).
Personal Data includes any information identifying a Data Subject or information relating to a Data Subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal Data includes Special Categories of Personal Data but excludes anonymous data or data that has had the identity of an individual permanently removed. Personal Data can be factual (for example, a name, email address, location or date of birth) or an opinion about that person’s actions or behaviour.
Identification can be by the information alone or in conjunction with any other information in our possession or likely to come into such possession.
Special Categories of Personal Data includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data or data concerning health.
The General Data Protection Regulation (the “GDPR”) and the Data Protection Act 2018 (the “DPA 2018”) govern the processing of Personal Data.
2. Who are we?
The Federation of Independent Practitioner Organisations (“FIPO”) is the data controller (80 Harley Street London W1G 7HL, 020 7580 1211, firstname.lastname@example.org, http://www.fipo.org) This means it decides how your Personal Data is processed and for what purposes.
3. How do we process your Personal Data?
FIPO complies with its obligations under the GDPR and the DPA 2018 by keeping Personal Data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting Personal Data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect Personal Data.
We use your Personal Data for the following purposes:
- To enable us to provide a voluntary service for the benefit of patients seeking advice on dealing with consultants, hospitals or private medical insurers;
- To administer membership records of its sponsors;
- To add doctors to FIPO’s dashboard on MyL2P’s database and auditing purposes in relation to the consultant appraisal process (see further here http://www.fipo.org/docs/CApps.htm for details about the MyL2P process);
- To communicate with our Board members;
- To comply with our legal and reporting obligations with our auditors and to Companies House;
- To respond to communications that were not answered immediately;
- To perform trend analysis, into private healthcare, private medical insurance and related issues;
- To collate information where necessary for regulatory purposes and inquiries in the public interest;
- To collate information for educational purposes;
- To maintain the consultants’ directory on our website;
- To maintain an address book of contacts for mass recipient correspondence such as newsletters and event announcements;
- To fundraise and promote the interests of the profession;
- To manage our employees and volunteers; and
- To maintain our own internal accounts and records.
Where Personal Data is not obtained directly from the Data Subject this will be anonymised as far as possible consistent with the above purposes.
4. What is the legal basis for processing your Personal Data?
Where we are processing Personal Data:
- Processing is necessary for the performance of a contract with the Data Subject or to take steps to enter into a contract;
- Processing is necessary for compliance with our legal and reporting obligations including our returns to Companies House; [changes to the FIPO Board, Appraisal records for auditing purposes);
- Processing is necessary to protect the vital interests of a Data Subject or another person. This will usually be in a situation where the health or life of a patient is at risk;
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. In this context FIPO acts in an advisory capacity to PHIN (Private Healthcare Information Network) but is not responsible for the publication or veracity of data published by PHIN.
- Processing is necessary for our legitimate interests or a third party, except where such interests are overridden by the interests, rights or freedoms of the Data Subject. In order for FIPO to deliver wholly on its services offered and to effectively respond to enquiries to the fullest, it requires the processing of Personal Data. This is line with FIPO’s objective to promote Patient Care and high standards of professional practice.
Where we are processing Special Categories of Personal Data:
- Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement. FIPO is fully compliant with guidelines regarding appraisals;
- Processing is necessary to protect the vital interests of a Data Subject or another individual where the Data Subject is physically or legally incapable of giving consent. This will usually be in a situation where the health or life of a patient is at risk;
- Processing relates to Personal Data manifestly made public by the Data Subject;
- Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity;
- Processing is necessary for reasons of substantial public interest on the basis of EU or Member State law;
- Processing is necessary for reasons of preventative or occupational medicine, for assessing the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional;
- Processing is necessary for the reasons of public interest in the area of public health;
- Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes.
5. Sharing your Personal Data
Your Personal Data will be treated as strictly confidential. It will only be shared with the following recipients or categories of recipients to the extent reasonably necessary for carrying out the purposes listed at paragraph 4:
- MyL2P where you upload your Personal Data to the MyL2P appraisal website with your explicit consent;
- Companies House and other statutory or regulatory bodies for the purposes of compliance with a legal or regulatory obligation;
- Other regulatory bodies or relevant third parties (e.g. Competition and markets Authority, Financial Conduct Authority, PHIN, hospitals, consultant groups) where the processing is necessary for our legitimate interests or those of a third party except where such interests are overridden by the interests, rights or freedoms of the data subject;
- Webmaster to upload onto the website directory; and
- Ymlp.com website where sending event notices en masse to our contacts,
in each case subject to the requirements of the GDPR/ DPA 2018 where applicable.
6. How long do we keep your Personal Data?
We keep your personal data for no longer than reasonably necessary and we only retain your data for the above purposes. We use the following criteria to determine how long to retain your Personal Data:
- As to the MyL2P appraisal database for the duration of the individual consultant’s use of the service;
- As to our subscribership/ membership for as long as the individual/organisation is a member or otherwise affiliated with us;
- As to events attendance an electronic attendance list is kept on our automated systems for up to 6 years. Hardcopies are shredded at the end of the accounting year;
- As to Personal Data pertaining to Board members up until the Board member steps down; and
- In all other cases, a duration that is no longer than reasonably necessary for our legitimate interests, except where such interests are overridden by the interests, rights or freedoms of the Data Subject.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR/ DPA, you have the following rights with respect to your personal data:
- The right to request a copy of your Personal Data which FIPO holds about you;
- The right to request that FIPO corrects any Personal Data if it is found to be inaccurate or out of date;
- The right to request your Personal Data is erased where it is no longer necessary for FIPO to retain such data;
- The right to withdraw your consent to the processing at any time where consent is relied on by FIPO as a processing condition;
- The right to request that we provide the Data Subject with his/her Personal Data and where possible, to transmit that data directly to another data controller (known as the right to data portability), where applicable;
- The right, where there is a dispute in relation to the accuracy or processing of your Personal Data, to request a restriction is placed on further processing;
- The right to object to the processing of your Personal Data (where applicable);
- The right to lodge a complaint with the Information Commissioner’s Office.
8. Transfer of personal data outside the EEA
We will only transfer Personal Data outside the EEA if one of the following conditions applies:
(1) the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subjects’ rights and freedoms;
(2) appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism;
(3) the Data Subject has provided explicit consent to the proposed transfer after being informed of any potential risks; or
(4) the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.
9. Further processing
If we wish to use your Personal Data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
10. What personally identifiable information is collected through this web site and how it is used by FIPO
General information, such as which pages users access, is automatically collected by our web server through use of your IP addresses. An IP address is a number automatically assigned to your computer whenever you are on the internet. We use your IP address to monitor the number of pages accessed, help diagnose problems with our server, and to administer our web site. We do not link your IP address to anything personally identifiable, so you will remain anonymous in the analysis of these logs.
11. Contact form
By its very nature the contact form on this web site requires the enquirer to submit some basic contact information. This information includes contact name, organisation name, telephone number and your email address. We will use this contact information only in response to your specific enquiry. These contact details will never be passed on to any third parties.
12. Email contact
Direct email communications with FIPO will not result in your email address being added to a mailing list.
14. Content Labelling
This site has been labelled with ICRA (this is a content description system, which allows webmasters and digital content creators to self-label content into categories).
Unless otherwise stated, the design and layout of this website, and all the material published on this website, including text, graphics, photos, logos, and attached documents, is the copyright of FIPO. You may not copy any material from this site without prior permission.
17. External Links
Links to external websites are provided only for your convenience. FIPO does not check nor endorse any external linked websites. Since these external sites are not under the control of FIPO we are not responsible for their content.
18. Limitation of Liability
FIPO will not be liable for any damages arising out of the use, inability to use, or results of use of this website, any websites linked to this site, or any material or information contained on this site.
19. Errors or Omissions
FIPO has taken every care in compiling information and material for this website. If you believe that any of the information provided on this website is inaccurate or misleading please contact us with the details.
20. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact:
80 Harley Street
020 7580 1211
Monday, Wednesday and Friday 08:30-13:30
You can contact the Information Commissioner’s Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.