Privacy statement for Websites
Ramsay Health Care UK Operations Limited (“Ramsay”) is committed to ensuring the privacy and confidentiality of your personal information, and to protect it from unauthorised access and disclosure.
Ramsay complies with the Data Protection Act 1998, and the General Data Protection Regulation 2016/679 (“GDPR”) and any local or European laws on data protection, as amended from time to time. Ramsay and is registered as a data controller as defined in the GDPR with the data protection regulator in the UK, the Information Commissioner’s Office “ICO”), www.ico.org.uk.
How we use your information
- visitors to our Websites;
- visitors who submit a general enquiry via our contact page or who correspond with us phone, email or otherwise;
- those who use our services, e.g. who subscribe to our newsletter or request a publication from us;
- job applicants and our current and former employees;
- those who send a written complaint or enquiry to our Data Protection Officer;
- those who participate in a survey posted on a Website; and
- those who participate in a competition posted on a Website.
Visitors to our Websites
Ramsay collects data on visitors to its Websites including usage and behaviour patterns via a third party service, Google Analytics (Google LLC). This is to review the number of visits to each part of the Website and how the user accessed the Website only. Information collected, which may contain Personal Information, includes:
- date and time of visit;
- pages accessed;
- browser or mobile platform used to access the Website;
- source used to find and access the Website (i.e. Google Search Engine);
- location of the visitor (town level only);
- search queries from external and internal search engines;
- page interaction information including aggregated contact form completions; and
- technical information, including browser type and version, operating system and platform.
When you use our Website, we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
We may collect your personal information if you choose to provide this to us via an online form or by email. Examples are where you:
- Submit a general enquiry via our contact forms;
- Register to receive email Newsletters;
- Register for an Open Event place via our event registration form;
- Make an enquiry via a telephone number displayed on the Website; or
- Send a written complaint or enquiry to our Data Protection Officer
Use and disclosure
We will use personal information collected via our Website:
- for the purposes for which we have been given it, and
- if we have a legal ground to justify it.
We have set out below a non-exhaustive list of instances where you have shared your personal information with us voluntarily in the first place via email or telephone enquiries, giving us as a result your consent for us to use that information to reply to you:
- to confirm treatment/specialist availability or
- to confirm a treatment price quotation,
- to book an initial consultation
- to confirm an event registrations
If we receive your email address because you sent us an email message, the email will be used or disclosed for the purpose for which you have provided it only and we will not add your email address to an emailing list or disclose this to anyone else without your consent.
Your personal information will also be used in delivering electronic Newsletters to you if you have consented by opting-in to our E-Newsletter via our Website.
We may share your personal information with any member of the Ramsay’s Group including any of its subsidiaries, Ramsay’s holding company and its subsidiaries for administrative purposes, and/or compliance with a legal obligation (such as employment law).
Personal information submitted via a Website or telephone calls may be shared with healthcare consultants working for Ramsay who provide the treatment for which you may be enquiring about under strict confidentiality agreements.
Ramsay may also share anonymised information with analytics and search engine providers in order to assist us in improving and optimising our site.
We will not disclose your personal information to other any third parties in the UK unless we have a legal basis for it, and we have the appropriate measures and safeguard in place to ensure its protection. We will not send your personal information to any third parties outside of the European Economic Area unless we have got a legal basis for it, and the recipient country benefits from a “adequacy decision” from the European Commission. For the remaining non-EEA countries, information may only be if there is a legal basis for it, and with a contractual arrangement in place with the third party as prescribed by the European Commission.
If we collect your personal information from our Website, we will process it in a way that is adequate, relevant and limited to what is necessary in relation to the purposes for why it is processed. We will maintain and update your information as necessary to keep it accurate or when you advise us that your personal information has changed. We will keep your information in a form which permits your identification for no longer than is necessary. We will hold personal information collected from web enquiry forms for a period of 12 months from when the enquiry is closed.
Ramsay is committed to protecting the security of your personal information within its control. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information. Although the transmission of information via the internet is not completely secure, we will use our best endeavours to protect your information from loss, misuse or alteration when it is within our control.
If you choose to complete our online forms or make enquiries via telephone numbers displayed our Website, we will ensure that your contact details are stored on password protected databases. All information is encrypted between your computer and the Ramsay web server using Secure Sockets Layer (SSL) ensuring that communications are secure. We also conduct regular penetration tests to ensure that the server is tested for its security and no patient information is stored directly on the website servers.
Staff members associated with Website maintenance only may access to our Website’s administration system. When they do, they are subject to confidentiality obligations. The access to the Websites and the Websites service are also password protected.
Access and correction of personal information
Ramsay is committed to facilitate the exercise of your rights as data subjects. You can find out if we hold any of your personal information by making a ‘Subject Access Request’ (“SAR”). If any information is held about you, Ramsay will:
- give you a description of your personal information it holds about you;
- the purposes for which it is being held;
- the recipients or classes of recipients to whom it is or may be disclosed;
- let you have a copy of your personal information in an intelligible form;
- inform you as your right as a data subject, including the right to contact the ICO
To make a SAR to Ramsay for any personal information we may hold about you, or to make a complaint about privacy issues, you may address your request to our Data Protection Officer at the address provided below:
- Data Protection Officer
- Ramsay Health Care UK Operations Ltd
- Level 18 Tower 4225 Old Broad St
- EC2N 1HQ
Alternatively you can also email us at DataProtectionofficer@ramsayhealth.co.uk.
If we do hold your personal information and you believe it is incorrect you may submit a request to Ramsay to correct any alleged mistakes through the contact details above.
Requests are free of charge, unless manifestly unfounded or excessive in which case Ramsay will charge a reasonable fee. Request will be processed within one month of receipt but this might be extended to two months in case of a complex request or if the identity of the requestor cannot be verified.
Ramsay, as a health care provider, is subject to legal and regulatory obligations which may limit or restrict the enforcement of your rights on some occasions.
Links to other websites
We may create links to third party websites. We are not responsible for the content or privacy practices employed by those responsible for any third party websites we are linked to.
Our internal website search is powered by a third party supplier, Cludo UK Ltd. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Ramsay or any third party.
In the interests of training and continually improving our services, enquiry calls to Ramsay Hospitals may be monitored or recorded. Enquiry calls recorded will be held for a period of 90 days by our third party call tracking supplier, Infinity Tracking Ltd. Private calls to and from patients in our hospitals are not recorded. Enquiry calls will also be tracked for analytical purposes to monitor the marketing source of the call such as Search Engine, Pay Per Click Advertising or Print Advertisements.
Any email sent to us, including any attachments, may be monitored and blocked if the email you send to us is potentially a threat to our Websites and/or information systems or is deemed illegal in our reasonable opinion.
We will only send you marketing information where you have agreed to opt in to receive it. We will only use your preferred communication channels to contact you and you will be given the option to select this when opting in. You can stop us from contacting you for marketing purposes by clicking on the ‘unsubscribe’ link embedded within the email that has been sent to you. Doing so will remove your personal data from our contacts list automatically.
When individuals apply to work at Ramsay, we will only use the information they supply to us to process their applications and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure Barring Service (DBS) previously known as the Criminal Records Bureau (CRB) we will not do so without informing applicants beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 6 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
We use a third party supplier, Campaign Master UK Limited (“Campaign Master”), to deliver our email newsletters. If you register to receive the newsletter, we will share your personal information with Campaign Master so that they can send you our newsletter in accordance with your request. We also monitor how our e-newsletter is read in order to improve the content of future editions. Your personal information and consent to receive marketing emails will be retained for 24 months.
For more information on how your information will be processed by Campaign Master, please see Campaign Masters privacy notice.
We also like to improve our services by asking for your views. We may contact you for market research but it will be your choice if you wish to take part in this.
We use Hootsuite Inc to manage social posts and interactions. Private messages will be stored in Hootsuite for a period of three months. Hootsuite will not be shared with any other organisations.
Any personal information shared and/or collected on social media pages is not collected by Ramsay but by the social media platform. Any personal information shared and/or collected on Ramsay’s social media pages shall be subject to the privacy notices and other policies of the relevant social media platform. The content of Ramsay’s social page is not owned by Ramsay but by the social media platform.
Changes to this privacy notice