PRIVACY POLICY

This privacy policy governs your use of the Visionable Solutions (i.e Visionable Connect, Clinic, Collaborator, Connected Emergency Services, VisionableOne and Visionable UCS Platform) that were created and brought to you by Visionable Group

We take seriously our responsibilities to look after your data and we are committed to protecting your privacy. The Policy describes how we collect, use and securely store your personal data.

When we talk about data and personal data in this Privacy Policy, we mean personal data which may identify you such as your name and contact details. It may also include information about how you use our websites and mobile applications.

1. Who is responsible for your data

Visionable Group is responsible for your data. Our registered address is Little Tufton House, 3 Dean Trench St, Westminster, London SW1P 3HB. The Group comprises Visionable UK Ltd as the main data controller and processing entity, responsible for data protection compliance, Visionable Ltd is the Group Parent Company and Visionable Inc is our US trading entity

We are registered as a company in England and Wales under company number 13898469 and are registered with the ICO for Data Processing under ref: ZB336440.

We are the data controller of the data which we collect from you as a client or as an employee, investor or stakeholder and as such we control the ways your personal data are collected and the purposes for which your personal data are used.

We are a data processor for the provision of   Visionable Solutions (i.e Visionable Connect, Clinic, Collaborator, Connected Emergency Services, VisionableOne and Visionable UCS Platform)) to our clients.

2. Personal data we collect about you

Depending on how you use our services and our websites, we might collect the following kinds of information about you:

What we collect

When we collect it

Your name and contact details (email address, telephone number) user details and password, and automatically collected data such as your IP address and network stats

When you create an account to use our services with us

When you fill in forms on our website

Communication we have with you (emails, letters, web form submission, telephone calls, messages to our online chat service, messages sent to us through our social media platforms, support desk, feedback, and other future protocols)

When you get in touch with us

Information about you, your location, IP address, network stats and how you use our website, mobile applications

When you use our collaborative services

When you accept our cookies placed on your device

When you update your account information

When you fill in forms on our website

When you get in touch with us

When you opt in to receiving messages from us

You complete a case study or video

Information about you as an employee – your name, address, email, telephone numbers, date of birth; qualifications, skills, experience and employment history, pensions or insurance cover; bank account and national insurance number; marital status, next of kin, dependents and emergency contacts; nationality and entitlement to work in the UK; attendance records, holiday, sickness absence, family leave and sabbaticals; details of any disciplinary or grievance; performance appraisals; medical or health conditions

When you apply for a role with us or have been appointed as an employee

For the provision of our Visionable services, we may process sensitive or special category data, as a data processor to our clients, using encrypted methods during the usage of the services only. We do not store nor use this information for our own purposes.

3. Legal Basis for Processing

The bulk of all personal data processing is undertaken for the performance of contract terms agreed with clients or our employees and contractors and to meet our legal requirements.

Additionally, there will be instances where we will process information using our legitimate interests for example, in promoting what we do, or if you make an enquiry, and including the use of data in the relationship or support between us. This information is only used where this is if interest to you.

We also collect personal contacts from our business and corporate stakeholders and collaborative partners for our legitimate interests.  Almost entirely, these contacts are corporate or business individuals and while this is still categorised under UK and EU legislation as personal data, we are aware that it can be used for business-to-business purposes, as stipulated by UK and European data protection regulations and the Privacy of Electronic Communications Regulation (PECR) with which we also comply.

For any sensitive or special category data that we process as a data controller we will do this with your consent or as legally permitted.

 

Client Case Information and Patient Data

As a client or an approved user under a client agreement when you use the Visionable application you will have the ability to upload and share with your colleagues’ messages, information and images, audio and visual, including information and images regarding specific patient cases (Patient Data). For this patient data we are a data processor and not the controller. Should you have any queries regarding patient data these should be addressed to the GP, Hospital or Trust that invited you to use the Visionable Application.

Patient Data is considered to be a special category of data under the General Data Protection Regulation (EU) 2016/679 (GDPR) and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject” and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”

4. Why do we collect this information?

We collect your personal information:

  • to provide you with the collaborative services that you may request from us or as under contracted agreement
  • to provide information about goods and services which we feel may be of interest to you
  • for our legitimate interests in the relationship we have with you as a business contact or client
  • to meet our legal and regulatory obligations as an employer
  • for the safeguarding and care of our staff and guests
  • for business reporting to our investors and shareholders
  • for use in business promotions in the form of case studies or recorded video content but only with your consent

We are committed to keeping your information up to date as far as is reasonably possible However, if you believe that we have made an error, then please contact us as we have outlined below and we will use reasonable endeavours to correct.

5. Keeping your information safe and secure.

We are committed to ensuring that your personal information is secure and protecting it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.

In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and in paper form. We only provide access to your data to staff who require access.

As a business we are certified to ISO 9001, 27001 and 27701 and the Cyber Essentials scheme. https://www.ncsc.gov.uk/cyberessentials/overview.

6. Sharing your data with Third parties

Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations.  We do not, and will never, sell your personal information with other third parties.

In any circumstances where we receive a legally binding request to disclose your personal data, we will notify you unless we are prohibited by law.

For our general day to day data processing activities the personal data of our clients is stored within the EU, unless you are a non-EU client, and you request otherwise. We use the following to help us administer and monitor the services we provide:

  • for database management of our clients, staff and office admin
  • to host the servers, we use for our Visionable services
  • for payroll and financial accounting
  • to share newsletters, promotional detail, industry news or other information that maybe of interest to you
  • to help us improve our services and database
  • for the administration of our website and customer interactions with Visionable
  • for any legal guidance in the provision of our services

If you are a resident of the European Economic Area (EEA), all the data processing undertaken by Visionable in accordance with European laws and regulations such as the General Data Protection Regulation (GDPR).

7. International Data Transfers

We are a UK based company and following Brexit we are outside, the EU but we will continue to store and process personal information mainly in the EEA, as above.

Please note though that your data may be exported to as well as stored and processed in countries outside of the country in which you reside, including, without limitation the United States. 

For data subjects residing in the EEA, this means that your personal information may be exported, stored, and processed outside of the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of data privacy and protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK and European Commission
  • Where we use service providers who are not in territories approved by the UK or EU commission, we will look to implement additional safeguards such as a detailed review of security measures and the use Standard Contractual Clauses (SCCs) approved by the UK & European Commission which give personal data the same protection it has in Europe
  • Where we use providers based in the US, we formerly would have relied upon the assurances of the US Privacy Shield. However, from July 2020 we will now apply additional safeguard as outlined above.

To receive information on the recipients of your data or if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA, please contact us at datacompliance@visionable.com.

8. How long do we keep personal information?

We will only keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In general terms we will retain the data:

  • Of our clients for the duration of the services provided under contract and up to 24 after the end of the contract
  • For prospect clients or businesses that have not or have yet to subscribe to our services we will retain your data for up to a maximum of 36 months
  • For anyone who applies or enquires about joining Visionable but does not work for us we will hold your details for a maximum of 6 months
  • For our staff the records are held in line with HMRC requirements for up to 6 years after you leave us
  • As agreed with you for business promotional materials

For full more details of our Retention policy please contact our Data Compliance Manager at datacompliance@visionable.com

9. Marketing & Market Research

Visionable undertake a limited range of marketing activity using the data held within our database. This includes:

  • Maintaining contact with our clients, investors, shareholders and prospect clients to keep them advised of news
  • To share our newsletter or other promotional information
  • We make use of social media channels such as Instagram, LinkedIn and Twitter for business promotion
  • we use cookies to gather statistics around email opening and clicks using industry standard technology to help us monitor and improve the information we send out.
  • We may with your consent use case studies or videos to help promote the value of our collaborative services

We may also make unsolicited approaches to new potential contacts or business clients, using prospect information held within our records or using information drawn from publicly-available sources. These approaches are made in a fully complaint manner as governed by PECR (the Privacy of Electronic Communications Regulation), with the contacts being given the option to opt out from such contact.

10. How We use Cookies

Visionable like most organisations has a website and like most websites we also use ‘Cookies’.

We may gather information about your general internet use by using a cookie file. Cookies are downloaded to your computer automatically and stored on the hard drive of your computer. They help us to improve our website and the service that we provide to you by collecting statistical data about your browsing actions and patterns; they do not identify you as an individual.

All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our website.

For more details on our use of cookies please refer to our Cookie Policy.

11. Controlling your personal information (Your Rights)

It is important that the personal information we hold about you is accurate and current. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.

Under certain circumstances, you have rights under UK Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation 2016/679 (GDPR) in relation to your personal information. You may have the right to:

  • be informed of how we will use your data as provided by this Policy.
  • access the information held about you. Your right of access can be exercised in accordance with data protection law.
  • object to us processing, or ask us to restrict our processing of your personal information for any of the purposes listed in this policy, at any time.
  • ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge.
  • ask us to erase or delete your personal information (in certain circumstances). We will do our best to respond to such requests, but these are subject to certain limitations such as legal requirements.
  • Request a transfer of your personal information (again in certain circumstances).

If you wish to exercise any of the above rights or to review, verify, correct or question anything detailed in this policy or are unhappy with any aspect of how we use your data please contact us at:

Little Tufton House, 3 Dean Trench St, Westminster, London SW1P 3HB

Or email us at datacompliance@visionable.com

We will respond to your request promptly and look to resolve any query within 30 days and free of charge. However, we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will always notify you if such a charge is being applied

12. Questions & Complaints

You also have the right to make a complaint at any time and we appreciate the chance to deal with your concerns in the first instance. To register a complaint please email us at datacompliance@visionable.com

If you are unsatisfied by our reply then you have the right to lodge a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk.

13. Changes to this privacy notice 

This Policy was last updated in July 2023

We reserve the right to make changes to this Policy at any time without prior consultation. Any changes to this Policy will be posted on our site so that you are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Policy, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail.

END

________________________________________________________________________________

Version Control

 

Date

Notes

Version 01

May 2018

Intro version

Version 2

May 2020

Updated to reflect all processing activities

Version 3

Sept 2020

Updated to satisfy NHS DSPT

Version 3.1

Jan 2021

Updated post Brexit

Version 3.3

Dec 2021

Updated to include legally binding notifications (see NC22)

Version 4.0

July 2023

Amended to reflect revised group structure and Services offering