We collect and use personal information to:
• Deliver our products and services to customers
• Enter into and maintain contracts with customers and suppliers
• Recruit and administer staff
• More detail about what personal data we hold and how we use it is provided below
We use APIs for integrating our AI into host systems. Our APIs do not allow you or anyone else to submit any patients’ personal information so our information exchange is anonymous. An API only processes diagnostic codes, age and demographics which are not combined with any other data or personal context. The API does not allow inclusion of or store any personal information. However, we store the request history for statistical analysis in order to improve our services.
We do everything we can to keep our communication safe and private. Every request must be made using a secure connection. We support all currently registered TLS versions and have support for SSL 2 and SSL 3.
We process personal information about:
Visitors to our website
Customers and other business contacts
Current and former employees
We process patient data to help healthcare organisations achieve sustainable improvements in their performance.
We are a data controller for anonymised and pseudonymised patient data in different parts of the world to which we apply a range of advanced AI tools.
In carrying out these activities, aggregated data or data models may be used to inform research and insight that we publish.
For some services we act as a data processor under the instruction of our customers. We use the minimum data necessary to produce the best results, subject to the strict terms of an agreement and outlined in that provider’s privacy information.
VISITORS TO OUR WEBSITE
CUSTOMERS AND OTHER BUSINESS CONTACTS
We collect information about people when they contact us to enquire about our products and services and during the course of any contract they may take with us. This will include contact details and correspondence. We use this information for contracts administration, to deliver services to customers, to keep people updated about Dr Foster products and services, to monitor usage of tools for security and to inform development.
We also collect usage statistics for our tools for security and to inform development. Processing this security information is necessary to fulfil the terms of our contracts and to meet obligations under the General Data Protection Regulation (GDPR), the NHS Data Security and Protection Toolkit.
We also process information about current and prospective customers to keep them informed of our products and services through marketing messages. You can opt out of direct marketing from us at any time. Each direct marketing message from us includes an opt-out button. Customers can also manage their communication preferences through our website.
We collect prospective customer data from a number of sources including recommendations, public directories, networking events and from scientific publications.
Correspondence through Outlook is processed through Microsoft Office. We use Mailchimp to manage mailing lists. Mailchimp is based in the USA and is certified to the EU-U.S. Privacy Shield Framework.
We process contact details and correspondence relating to current, former and prospective suppliers. This includes correspondence about how suppliers meet their data protection and security obligations. The information is processed to negotiate and enter into contracts and to provide evidence of compliance with our legal and contractual obligations.
Correspondence through Outlook is processed through Microsoft Office.
We receive queries and CVs related to job vacancies either directly from candidates or from recruitment agencies. We use this information to complete the recruitment process, to monitor statistics and to provide assurance that the process is run fairly. We keep candidates informed of when we need references from third parties. References are sometimes managed through a third party agency.
We process job application data as necessary to take steps prior to entering into a contract and for the performance of a contract with successful applicants. We process special category data, relating to health and ethnic background for example, to meet legal obligations relating to employment and to safeguard your fundamental rights.
For unsuccessful candidates we keep copies of application information, such as CVs and covering letters, for up to one year after the end of the recruitment process for the advertised vacancy. The information is retained as part of our commitment to monitoring equality and diversity and to provide assurance that the process is run fairly. It is also retained so that we can consider applicants for similar vacancies during that time.
We keep anonymised statistics about candidates to inform and improve our recruitment process. We will not be able to identify individuals from these statistics.
Information relating to successful candidates will be transferred to an employee file once they start work with us.
Data relating to job applications is processed through Microsoft Office.
CURRENT AND FORMER EMPLOYEES
Employees are provided with a detailed notice about how we use their information. This is provided when they join the company and is available to current staff on our intranet. We also hold information provided to us by employees about next of kin and emergency contacts. Data on employee files for former employees are kept for six years after the end of employment except where required for longer (for example, when necessary to comply with obligations under the Health and Safety at Work Act 1974).
You have a number of rights relating to your personal information including:
You have the right to request a copy of any personal information we hold about you. However, we are not able to identify you from the pseudonymised and anonymised data from any source.
You have the right to request the correction of any information we hold about you. If you believe that any data we hold about you is incomplete then you also have the right to request that we complete this.
This is also known as the right to be forgotten. You can request that your personal information is erased if it is no longer necessary for us to keep it, or you withdraw consent that you have previously provided, or you object and there are no overriding grounds to keep it or if it is unlawful to continue to keep it.
You can request that the use of your personal information is limited to storage only and that we use it for no other purpose in certain circumstances.
You have the right to object to us processing your data where we are doing so on the basis of legitimate interests.
If you have provided information on the basis of your consent or for a contract then you can request that we send a digital copy to you or directly to another organisation. This only applies where the processing is automated.
Making a request You can make a request to us using the contact details below. We must respond to you within one month. You can manage any NHS patient data related choices at https://www.nhs.uk/your-nhs-data-matters .The Information Commissioner’s Office website has more information about your personal data rights.
Disclosures to third parties
In exceptional circumstances we may be asked to share information with police or other investigators, if it would prevent or detect crime or safeguard a person’s wellbeing. Each instance will be judged on its own merit and any sharing of information will be done within the law.
How to contact us
For general enquiries please email firstname.lastname@example.org.