There are laws, including the General Data Protection Regulation (GDPR), which govern what information we collect and how we collect it – these laws are designed to protect your privacy as an individual. Sulis Hospital is committed to upholding these laws and to being open and transparent about how we use information collected on our website, and how we contact you for marketing purposes where you have opted-in.
Who we are and what we do
In this Privacy Notice we use "we" or "us" or "our" or "Sulis" to refer to Sulis Hospital Bath.
Sulis Hospital is a company that runs hospitals, rehabilitation and health services in the UK. This privacy notice relates to website visitors, users of social media and other digital marketing campaigns we run. A separately privacy notice is available for our patients.
Sulis Hospital is a Data Controller and a Data Processor under the terms of the EU General Data Protection Regulation (GDPR). We are legally responsible for ensuring that all personal information that we process about you is done in compliance with data protection laws. All Data Controllers must notify the Information Commissioner’s Office of all personal information processing activities. Our registration number is Z2035600 and our entry can be found in the Data Protection Register on the Information Commissioner’s Office website.
What personal information do we collect?
Information you give us
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual. Sulis Hospital is the data controller for information submitted through our website. We will use your information to process your enquiry and contact you with relevant information.
This information may be visible to Sulis Hospital’s IT providers, website developer and hosting company, who all work on behalf of Sulis Hospital. We will share your information with these companies under the strictest data protection arrangements. If you would like further information regarding these third party companies, please contact our DPO using the details found below.
You may give us information about yourself by filling in forms on the website. This may include any personal or medical information you provide when you enquire about any of our services, apply for a job with us or when you report a problem with the site.
The personal information we hold about you may include the following:
- Contact details, such as postal address, email address and telephone numbers
- Responses to surveys or questionnaires
- Correspondence relating to a complaint or claim
- Your specific information requirements
If you provide it to us through the website, we will also hold information known as a special category of personal data under the law, meaning that it must be handled even more sensitively. The special categories of personal information we hold about you may include the following:
- Details of your current or former physical or mental health. This may include information about any healthcare you have received (both from Sulis Hospital directly and other healthcare providers such as GPs or hospitals (private and/or NHS)) and details of medicines previously and currently taken.
- Details of services you have received from us
- Details of your lifestyle and social circumstances
- Details of your nationality, race and/or ethnicity
- Details of your religion
- Details of any genetic data or biometric data relating to you
- Data concerning your sex life and/or sexual orientation.
You may also choose to opt-in to hear from us by email about our latest news, offers, events, health blogs and information about our services. This can be done through the website or by completing a printed sign-up form. This is separate from regular enquiries, so we will only add you to our mailing list where you have told us to do so. You can unsubscribe at any time.
Calls to Sulis Hospital may be recorded for quality assurance purposes which include assessing the internal effectiveness of calls and also the range of services we provide. We use a company called Infinity who act on our behalf for the call tracking. The content of the calls will not be used for direct marketing purposes.
Please note that while Sulis Hospital takes every possible precaution under UK and international law to protect our website and any information you provide once we have received it via the website, it must be understood that the use of the internet is not without risk and you should always bear this in mind when considering what information you provide.
We cannot guarantee the security of any information you provide to us while it is transiting the internet and any information you send this way will be at your own risk. You will always remain responsible for the security of your own systems and devices.
Information we may collect automatically
In order to ensure that your visit to our website is as easy and productive for you as we can make it, we use tools (such as Google Analytics) to collect certain types of ‘background’ information every time you click on our website pages. This will include:
- Technical information, used to connect your computer to the Internet, such as browser type and version, Internet Protocol (IP) address, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit, including all webpages visited by you on the site, services you viewed or searched for, page response times, time spent on each page, page interaction information (such as scrolling, clicks, and what you hold your mouse over), and any phone number used to call us.
- Information about your browsing sessions help us track user interaction with our website so that we can use this information to improve your experience.
Automated Decision Making
We use third party providers such as Google, Facebook and other social media platforms to display relevant and focused adverts to target audiences. This is a form of automated decision making, undertaken by third parties, which can be based on specific criteria. For instance, adverts may be displayed in Google search results to reflect your search terms, or an event promotion on Facebook based on criteria such as demographics, location and job title. You have a right to not be subject to decisions that are made about you by computer alone. To update your preferences for advertising in this way, please contact these third party providers directly.
Information from third parties
Sometimes we exchange your information with certain other organisations (known as ‘third parties’) and we receive information from them about you which can help us to deliver effective patient care. This includes your personal information and special categories of personal data. Such third parties may include:
- Consultants and their medical secretaries to process your enquiry or appointment booking
- NHS providers and GP practices
- Private medical insurers
- Solicitors (personal injury claims for treatments)
- If you engage with us through social media platforms.
How we use and store your personal information
Using your information
In order to comply with any changes in the law, or to offer a better user experience, we may update this policy periodically. If these changes result in any material difference to the manner in which we process your personal data then we will alert you to these changes when you next visit our website. You should check this page from time to time to ensure that you are happy with any changes.
Where we retain any information you provide to us, we will use it to better understand your needs and to provide you with the best service we can offer. This may include holding information for the following purposes:
- To answer an enquiry sent by you. For example, we will use your personal information to reply regarding a consultation request. In order to achieve this, we may pass on your information to external medical secretaries and consultants in order to provide you with information regarding a specified consultant.
- Internal record keeping and database maintenance
- To improve our products and services using anonymous statistics
- From time to time, we may also use your information to contact you for market research purposes. Such contact will be strictly optional and imposes no obligation. We may contact you by email, phone or mail. We may use the information to customise the website according to your interests.
- To enable us to contact you where you have opted-in to hear from us.
Outside these circumstances, there may be rare occasions when we are required by law (for example, to comply with law enforcement or national security regulations) to pass on information to certain authorities or government agencies. In such cases, we will abide by data protection principles and share the minimum information necessary.
The table set out in the Schedule below summarises the purposes for which we process your personal information and our legal justification for each of our processing activities. If you would like any further details on our purposes for processing your personal information, please contact the DPO using the details found below.
How long do we keep personal information for?
We will only keep your personal information for as long as reasonably necessary to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which your personal information will be stored, please contact our DPO for further details.
Transfers to third countries
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area ("EEA"). Under the EU General Data Protection Regulation (GDPR), companies transferring information outside of the EEA must ensure that such transfers are subject to appropriate safeguards to ensure an adequate level of data protection. Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected.
Under data protection law you have certain rights in relation to the personal information that we hold about you. These include rights to know what information we hold about you and how it is used. You may exercise these rights at any time by contacting Sulis Hospital’s DPO (our DPO’s contact details can be found below).
There will not usually be a charge for handling a request to exercise your rights. If we cannot comply with your request to exercise your rights we will usually tell you why. There are some special rules about how these rights apply to health information as set out in the relevant legislation. If you make a large number of requests, or it is clear that it is not reasonable for us to comply with a request, then we do not have to respond or we can charge you for responding.
Your rights include:
- The right to access your personal information
You are entitled to a copy of the personal information we hold about you and details about how we use it. Please note that in some cases we may not be able to fully comply with your request. For example, if your request involves the personal data of another person and it would not be fair to that person to provide it to you.
- The right to restriction of processing
In some circumstances, you can ask us to suspend the use of your personal data. Sometimes we won’t be able to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercising or defending legal claims.
- The right to data portability
You can ask us to transfer your personal information to you or to another individual or organisation. The information must be transferred in an electronic format.
- The right to object to processing
You can ask us to stop processing your information where we are relying on legitimate interests as the legal ground for processing (when we refer to ‘legitimate interests’, this means that we have an appropriate business need to process your personal information and this business need does not cause harm to you).
- The right not to be subject to automatic decisions
You have a right to not be subject to decisions that are made about you by computer alone. To find out more about the way we use automated decision making, please see the section of this Privacy Notice titled ‘Automated Decision Making’).
- The right to withdraw consent
In some cases we need your consent in order for our use of your personal information to comply with data protection legislation. Schedule 1 sets out instances where we will rely on your consent for the purpose of processing your personal information. You have the right to withdraw your consent at any time. You can do this by contacting Sulis Hospital’s DPO whose details can be found below.
- The right to complain to the Information Commissioner's Office
You can complain to the Information Commissioner's Office if you are unhappy with the way that we have managed any of your rights above, or if you think we have not complied with our legal obligations. More information can be found on the Information Commissioner’s Office website. Making a complaint will not affect any other legal rights or remedies that you have.
Security and storage
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Updating personal information we hold about you
We store and handle all personal information we hold about you according to the rules laid down by the law and the codes of practice which govern information processing.
If you believe that any information we are holding about you is wrong or incomplete, please contact us and we will amend any information found to be incorrect.
You may contact us at any time to unsubscribe from any of our services or to request that we remove your details from our records (with the exception of direct healthcare data).
Our Online Marketing
You will only receive marketing information from us where you have indicated consent to receive it. Please contact the local site directly if, for example, you are receiving marketing information not related to the website. We pay for advertising on Google (Google Adwords), where we provide relevant content based on search terms. We also use Facebook for Business, paying for targeted adverts about relevant content, blogs and events. You can unsubscribe from marketing delivered by us at any time. Contact your local Sulis Hospital site or email email@example.com
Terms and Conditions
This website is developed and operated as a service by Sulis Hospital. By visiting and using this website, you are agreeing to these terms and conditions of use which are governed and construed by UK law:
- You are agreeing to use this website and all subsidiary sites for lawful purposes including but not limited to your agreement not to introduce any malicious or technologically harmful material such as viruses, Trojans, worms, logic bombs or any attack on this website or subsidiary websites including but not limited to denial-of-service attacks.
- You are agreeing not to attempt to gain unauthorised access to this website or the server on which it is stored or any associated servers, computers or databases.
- You are agreeing to use this website in a way that does not infringe the rights of anyone else.
- You are agreeing to contact us should you wish to direct another website to connect with this website by user clicks.
- You are agreeing to request permission from us should you wish to associate your website with this one or to say that your website is endorsed by Sulis Hosptial.
- You are agreeing to not hold Sulis Hosptial responsible for the content or information provided or held by any other organisation whose website you access via any link on the Sulis Hospital website. You also agree to not seek redress from Sulis Hosptial for any claims or disputes which may arise from your use of third party websites.
- We will always report any unlawful or suspicious activity to the relevant law enforcement bodies and will cooperate fully in any criminal proceedings against you.
Although we always endeavour to provide content on our website that is relevant and up-to-date, we cannot guarantee or provide any conditions or warranties that the information will be:
- free from potentially harmful code or other mechanisms such as bugs or viruses
While we provide a description of the clinical and other services offered by Sulis Hospital, individual advice should always be sought in a consultation with a medical professional.
Any loss or damage experienced by the user or any associate as a result of visiting or using the Sulis Hospital website will not be the responsibility of Sulis Hospital. This applies in all circumstances including where the loss or damage was predictable, arose in the normal course of events or where the organisation or its agents had been previously advised that the loss or damage was likely to occur.
Additionally, Sulis Hospital will not be held responsible for any direct, indirect or consequential losses; any loss or damage caused by civil wrongs (‘tort’, including negligence), breach of contract or otherwise; the use of this website and any websites that are linked to or from it; the inability to use this website and any websites that are linked to or from it.
There may be circumstances where Sulis Hospital will accept liability for:
- death or personal injury arising from our negligence
- fraudulent misrepresentation
- any other liability which cannot be excluded or limited under applicable law.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over any other website. Therefore, we cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this privacy statement.
Data Privacy Impact Assessments
The organisation conducts Data Privacy Impact Assessments for all high risk personal data processing. These may be available on request by contacting us at firstname.lastname@example.org. Please note that some information may be redacted where it is corporately sensitive.
Sulis Hosptial has appointed a data protection officer (“DPO”). The DPO helps ensure that Sulis Hospital complies with data protection law and acts as a contact point for all patients.
You can contact our DPO: