BACKGROUND:
Integris Solutions Limited understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.integrisltd.com (“Our Site”) and (subject to the limited exceptions in section 7, below). We do not collect personal data about you unless you contact us (see section 5, below).
We will only use the information that we collect about you lawfully and in accordance with the EU General Data Protection Regulation 2018. Under the terms of the GDPR legislation, we are required to clearly and concisely explain to you how we will treat any personal and/or private data collected from you.
Please read this Privacy Policy carefully and ensure that you understand it. We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies.
1. Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
| “personal data” | means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and |
| “We/Us/Our” | means Integris Solutions Limited, a limited company registered in England under company number 8019336 whose registered address is 20 – 22 Wenlock Road, London, N1 7GU and whose main trading address is. |
2. Information About Us
- Our Site is owned and operated by Us Integris Solutions Limited. Our Companies House registration number is 8019336
- Our VAT number is 137 9538 75.
- Our Data Protection Officer is Caroline Todd, and can be contacted by email at info@integrisltd.com ,by telephone on 01424 753416 or by post at 20 – 22 Wenlock Road, London, N1 7GU.
3. What Does This Policy Cover?
This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.
4. Your Rights
As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
- The right to be informed about Our collection and use of personal data;
- The right of access to the personal data we hold about you (see section 10);
- The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 11);
- The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in section 6 but if you would like Us to delete it sooner, please contact Us using the details in section 11);
- The right to restrict (i.e. prevent) the processing of your personal data;
- The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
- The right to object to Us using your personal data for particular purposes; and
- Rights with respect to automated decision making and profiling.
If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 11 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
5. What Data Do We Collect?
5.1 The data we collect and process
- Client data
- Personal and Sensitive Data
5.2 We do not collect any personal data from you through our web site. We do not place cookies on your computer or device, nor do We use any other means of data collection other than to collect standard internet log information, which may be analysed should our web site experience a cyber attack.
5.3 If you send Us an email, or contact us about our services, or publish an invitation to tender We will collect your name, your email address, and any other information which you choose to give Us. We collect personal information about our clients and customers to provide them with Data Services as well as related consultancy services in the areas of Health and Social Care.
5.4 We will hold the following information about clients:
- Name and contact information
- Personal information contained in business communications
- Transaction data including details about services you have purchased from us
5.5 How is your personal data collected?
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- engage us to provide services;
- subscribe to our publications;
- request marketing material to be sent to you;
- enter a competition, promotion or survey;
- complete one of our enquiry forms; or
- provide us with feedback
6. When and how we share information with others
Your information may be shared with:
- IT service providers who provide data storage, processing, back-up and retrieval services
- Sub-contractors or associates who are asked by Us to deliver all or some of our services.
We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services and communications.
- To reply to your email;
- Any ongoing correspondence in relation to the original email enquiry.
Any and all emails containing your personal data will be deleted no later than 6 months after the matter you contacted Us about has been resolved. You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.
- If your contact details are associated with a commercial or employment contract your contact details will be retained for 6 financial years after the end of the contract.
7. How Do We Use Your Data?
If We do collect any personal data, it will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under GDPR at all times. For more details on security see section 8, below.
As noted above, We do not collect any personal data from you through our web site. When you visit our website, we use third-party services to collect standard internet log information. We do this to monitor for unexpected connections to the web site such as cyber attacks. The information is only processed in a way which does not identify anyone.
8. How and Where Do We Store Your Data?
We only keep your personal data for as long as We need to in order to use it as described above in sections 6 & 7, and/or for as long as We have your permission to keep it.
Your data will only be stored in the UK.
Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure any data We hold about you (even if it is only your email address).
To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and administrative safeguards. We update and test our security technology and controls on an ongoing basis.
We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
9. Patient and Healthcare data
We process patient and healthcare data provided to us by other Data Controllers like NHS Trusts, private hospitals and healthcare organisations. We process this data strictly on instructions of the Data Controllers who provide us with access to such data and abide by the privacy and security requirements as per the contractual arrangements with the Data Controllers. We do not store or keep a record of any patient data processed by Us outside of the Data Controller’s secure network in the course of providing our services. We follow, and are fully committed to fulfil, our obligations as a Data Processor for data privacy, data security, and breach notifications. In compliance with the NHS National Data Opt-Out requirements (where patients can specify that they do not wish their data to be shared for purposes not connected with their treatment) We have processes in place to store and migrate Patient Opt-Out data as directed by our client Data Controllers.
10. How Can You Access Your Data
You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable and We will provide any and all information in response to your request free of charge. Please contact Us for more details at info@integrisltd.com or using the contact details below in section 11.
11. Contacting Us
If you have any questions about Our Site or this Privacy Policy, please contact Us by email at info@integrisltd.com , by telephone on 01424 753 416, or by post at 20 – 22 Wenlock Road, London, N1 7GU. Please ensure that your query is clear, particularly if it is a request for information about the data We hold about you (as under section 10, above).
12. Changes to Our Privacy Policy
We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.
Collection and Management of Personal and Sensitive Information. Transparency Statement.
Integris works closely with healthcare providers in the delivery of informatics services. In the course of this work Integris may be required to process sensitive patient information on behalf of the healthcare provider. In most instances this is to support:
- Translation, recoding and reformatting of existing patient information to present the same data in a format required to import into a replacement patient information system.
- Translation, recoding and reformatting of existing patient information to present the same data in a format that is more easily used for analysis by the healthcare provider.
In both scenarios the processing takes place under the control and direction of the healthcare provider, and takes place on servers located within the healthcare provider’s secure network. The responsibility for Data Protection Impact Assessments for such work remains with the data controller, the healthcare provider, who will be supported by Integris as required.
Integris holds other personal data in accordance with its business needs – principally in order to carry out employee administration and contract management tasks in association with its business.
Integris, as a data controller, holds a low volume of personal information and does not carry out any high risk or high volume processing activities on the data it holds.
Procedures are in place to protect the personal information held by Integris and are reviewed at least annually. The processing carried out by information held and controlled by Integris has not been identified as sufficiently high risk to require a full Data Protection Impact Assessments.
Our Data Security and Information Governance Policies
Integris Secure Transfer of Confidential Information Policy – v2.2
Integris Laptop and Mobile Devices Policy v2.3
Integris IT Systems and Access Security Policy- v2.2
Integris Information Governance Policy 1.3
Integris Data Protection and Confidentiality Policy 1.4
Information Security Management Policy – v2.2
Information Governance – Training Policy v 1.0