GDPR General Applications Privacy Notice :
GDPR regulations require that organisations that collect data about individuals address the following in a privacy notice and in their processes and practices:
1.1 This includes:
- Who is collecting the data?
- What data is being collected?
- What is the legal basis for processing the data?
- Will the data be shared with any third parties?
- How will the information be used?
- How long will the data be stored for?
- What rights does the data subject have?
- How can the data subject raise a complaint?
This relates to applications provided or operated by Sidqam Ltd.
Sidqam Ltd (‘we’ or ‘us’) take your privacy very seriously therefore we urge you to read this policy very carefully because it contains important information about us and:
- The personal information we collect about you, our users
- What we do with your information, and
- Who your information may be shared with.
Information we collect
1.2 a) Personal information you provide to us
We may collect the following personal information that you provide to us:
- Name
- Email address
- Telephone Number
Some examples of when we collect this information include:
- When you purchase or enquire about a product or service
- When we provide ongoing activity around a product or service, including support activities, access to updates, notifications about feature, security or licensing changes, account management, relicensing and other activities that relate to the sale and ongoing post-sale activities
- Data captured (processed) by any applications we provide
In addition, we collect the following personal data of the residents in your care home, in the capacity of a data processor:
- Name
- Contact details (including work postal address, email address and telephone number);
- Gender
- Date of birth
- NHS number
- Blood group
- Medical history and advisers, including GP details
- Next of kin and attorneys
- Status, i.e. discharged or deceased
- Job role for role-based access to the system
1.3 b) Personal information you provide about third parties
If you give us information about another person, you confirm that the other person has appointed you to act on their behalf and agreed that you:
- Shall consent on their behalf to the processing of their personal data;
- Shall receive any data protection notices on their behalf; and
- Shall consent on their behalf to the transfer of their personal data abroad.
If you store information about others in an application or platform that we have provided, then you will be the Data Controller and be responsible for legal duties in that role; Sidqam Ltd. will undertake its duties as data processor where appropriate.
If you require us to process any special categories of personal data, please advise us so that we can assure ourselves that the additional safeguards required are in place. We will not be held responsible for any failure on behalf of the Data Controller to notify us as Data Processors of specific requirements. Special categories include:
- Ethnic origin
- Political opinions
- Religious beliefs
- Philosophical beliefs
- Trade union
- Biometric data
- Health data
- Data concerning a natural sex
- Sexual orientation
We have safeguards in place to protect Health data in the system for the legitimate interest of either providing direct care or for contract administration by data controllers. We collect the following Special Category Personal Data of the residents in your care home, in the capacity of a data processor:
- resident health information; and
- information about a person's health
How we use the information we collect
Where an application is provided for your use we will not seek to expose, interrogate or analyse the data stored there except as required to do so by you or for other legal purposes.
We will only use data in such a way as to be consistent with the purposes of the application and/or service or acting as Data Processor on behalf of a Data Controller.
Third Parties
Using third party controllers and processors
As a data controller and/or data processor, we will have written contracts in place with any third-party data controllers (and/or) data processors that we use. The contract will contain specific clauses which set out our and their liabilities, obligations and responsibilities.
As a data controller, we will only appoint processors who can provide sufficient guarantees under GDPR and that the rights of data subjects will be respected and protected.
As a data processor, we will only act on the documented instructions of a controller. We acknowledge our responsibilities as a data processor under GDPR and we will protect and respect the rights of data subjects.
Who your information may be shared with :
We may share your information with:
- Law enforcement agencies in connection with any investigation to help prevent unlawful activity
- Other people or organisations consistent with the contracted service or as directed by you. If you ask us to do so, then we may request that you advise the following:
- External Data Processor
- Location [UK/EU/Non-EU]
- Safeguards in place to protect your personal data
Marketing
We would like to send you information about products, services, offers, competitions and our business which may be of interest to you. Such information could be sent by post, email, telephone, text message or automated call.
We will ask whether you would like us to send you marketing messages on the first occasion that you provide any relevant contact information (i.e. on purchase, signing up to a newsletter, entering a competition etc). If you do opt in to receive such marketing from us, you can opt out at any time (see ‘What rights do you have?’ below for further information). If you have any queries about how to opt out, or if you are receiving messages you do not want you can contact us using the details provided below.
1.4 Keeping your information secure
We will use technological and organisational measures to keep your information secure.
Sidqam Ltd. is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website (search by business name).
However, while we will use all reasonable efforts to secure your personal data, in using the site, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us using the details below.
What rights do you have?
1.5 Right to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of it, please:
- Email (using the contact details below)
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- Let us know the information you want a copy of, including any account or reference numbers, if you have them
We will provide an individual with a copy of the information requested, free of charge. This will occur within one month of receipt. We endeavour to provide data subjects access to their information in commonly used electronic formats such as CSV.
If complying with the request is complex or numerous, the deadline can be extended by two months, but the individual will be informed within one month.
We can refuse to respond to certain requests, and can, in circumstances of the request being manifestly unfounded or excessive, charge a fee. If the request is for a large quantity of data, we can request the individual specify the information they are requesting.
Once a subject access request has been made, we will not change or amend any of the data that has been requested. Doing so is a criminal offence.
1.6 Right to request transfer of data
We will provide the data requested in a structured, commonly used and machine-readable format. This would normally be a CSV file, although other formats are acceptable. We must provide this data either to the individual who has requested it, or to the data controller they have requested it be sent to.
1.7 Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
- Contact us using the contact details below
- Let us have enough information to identify you (eg account number, user name, registration details), and
- Let us know the information that is incorrect and what it should be replaced with.
1.8 Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- Email (using the contact details below)
- Let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- Let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone)
From time to time, we may also have other methods to unsubscribe from any direct marketing including for example, unsubscribe buttons or web links. If such are offered, please note that there may be some period after selecting to unsubscribe in which marketing may still be received while your request is being processed.
Reporting Breaches
Any breach of this policy or of data protection laws will be reported as soon as practically possible. This means within 72 hours of us becoming aware of a breach.
Sidqam Ltd. has a legal obligation to report any data breaches to UK Supervisory authority, which is the Information Commissioners Officer within 72 hours.
Contacting Us
If you have any questions about this policy or the information, we hold about you, please contact us by:
E-mail: direcht@sidqam.co.uk
Please note that this statement is provided for information purposes only and does not constitute a specific warranty or representation.
End User License Agreement (EULA)