COVID-19: Please remember to bring an appropriate face covering to your appointment. Your temperature will be checked on arrival. COVID-19: All visitors and patients must wear a face covering and temperatures will be checked on arrival.

Fair Processing Notification – Public

We are One Stop Doctors Ltd, a company incorporated in England and Wales trading under name of OSD Healthcare. Our Company number is 09692848 and our registered address is One Medical House, Boundary Way, Hemel Hempstead, Hertfordshire HP2 7YU.

OSD Healthcare are committed to ensuring that your privacy is protected. We will continue to comply with the provisions of the Data Protection Act (DPA) 2018, as well as the General Data Protection Regulation (EU 2016/679) (GDPR) where applicable, together with any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to the GDPR and DPA.

OSD Healthcare is the data controller of any data you pass to us pursuant to this notification. Our Data Protection Officer can be contacted via our Governance team at dataprotection@osdhealthcare.co.uk

This Fair Processing Notification sets out how we collect personal information from you and how the personal information you provide will be processed by us.

What information does OSD Healthcare hold and how will we use it?

Information you give OSD Healthcare can be broken down into specific areas outlined below:

  1. Marketing:

Purpose of the processing
You may give / share with us information about you by completing enquiry forms on our website or by requesting via the website that we send you marketing information.

The information you give us may include your name, email address, address/location and phone number.

This does not include all personal data processed by OSD Healthcare but only personal data it collects through the website.

Lawful basis for processing OSD Healthcare rely on the following legal basis to process your information;

Article 6:

  • (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; or

(f) legitimate interest – it is necessary to process personal data for your legitimate interest.

Recipient or categories of recipients of the shared data Your information will be shared within OSD Healthcare and its contracts service suppliers for the purpose of your direct healthcare.

OSD Healthcare will not share or pass on your information for any other purpose without your consent or legitimate interest, or where required by law.

Right to restrict (in some circumstances) Right to ask for certain information not to be shared.
Right to object (in some circumstances) You have the right to object to some or all the information being shared for any other purpose for that which it was collected i.e. research.
Right to access and correct You have the right to access the data that is being shared and have any inaccuracies corrected.
Retention period The data will be retained for active use during the processing and thereafter according to best practice and the law.
Right to complain You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/ or calling their helpline Tel: 0303 123 1113 (local rate).

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)

 

2. Provision of Healthcare Services

Purpose of the processing We collect information about you when you contract with us for healthcare or information about you is shared with us from other parties (i.e. your GP or hospital).

The information you give us may include your name, email address, address/location and phone number, medical condition (including other relevant clinical information), names of next of kin, GP and employment and financial information.

Lawful basis for processing OSD Healthcare rely on one of the following legal basis to process your information;

  1. Consent – the individual has given clear consent for you to process their personal data for a specific purpose;
  2. Contract – the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract;
  3. Legal obligation – the processing is necessary for you to comply with the law (not including contractual obligations);
  4. Vital interest – the processing is necessary to protect someone’s life;
  5. Public task – the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  6. Legitimate interest – the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

For sharing health data we rely on the following:

Article 9 – Processing of personal data of racial or ethnic origin, data concerning health: Article 9(2)(h)

  •  (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.
Recipient or categories of recipients of the shared data Your information will be shared within OSD Healthcare and its service suppliers.

We may also share your health data with other care providers for the purpose of direct care. (e.g. your GP or referring clinician).

OSD Healthcare will not share or pass on your information for any other purpose without your consent or where required by law.

Rights to object (in some circumstances) You have the right to object to some or all the information being further processed for any other purposes than for direct care. Contact our Data Protection Officer or speak to one of our staff.
Right to access and correct You have the right to access the data that is being shared and have any inaccuracies corrected.

There is no right to have accurate medical records deleted except when ordered by a court of Law.

Retention period The data will be retained for active use during the processing and thereafter according to (best practice) NHS Records Management Code of Practice 2016 and the law.
Right to Complain You have the right to complain to the Information Commissioner’s Office if you believe we have not complied with your individual rights. You can use this link https://ico.org.uk/global/contact-us/

or calling their helpline Tel: 0303 123 1113 (local rate).

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).

Right to restrict (in some circumstances) You have the right to ask for certain healthcare information not to be further processed unless we have a legal reason to share.

We will retain this information while we are corresponding with you or providing services to you or a patient you represent. We will retain this information as per policy for the minimum retention periods.

More Information

Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. However, if you are still looking for more information then you can contact us through the website addresses provided.

Back to top