We take seriously our responsibilities to look after your data and we are committed to protecting your privacy. The Policy describes how we collect, use and securely store your personal data.
1. Who is responsible for your data
Visionable Ltd is responsible for your data. Our registered address is Little Tufton House, 3 Dean Trench St, Westminster, London SW1P 3HB.
We are registered as a company in England and Wales under company number 09787096 and are registered with the ICO for Data Processing under ref: ZA498156
We are the data controller of the data which we collect from you as a client or as an employee, investor or stakeholder and as such we control the ways your personal data are collected and the purposes for which your personal data are used.
We are a data processor for the provision of our collaborative services (i.e Visionable Connect, Virtual Clinics and Multi-disciplinary Teams) to our clients
2. Personal data we collect about you
Depending on how you use our services and our websites, we might collect the following kinds of information about you:
What we collect
When we collect it
Your name and contact details
(email address, telephone number) user details and password, and automatically collected data such as your IP address and network stats
When you create an account to use our services with us
When you fill in forms on our website
Communication we have with you
(emails, letters, telephone calls, messages to our online chat service, messages sent to us through our social media platforms, feedback, and other future protocols)
When you get in touch with us
Information about you, your location, IP address, network stats and how you use our website, mobile applications
When you use our collaborative services
When you accept our cookies placed on your device
When you update your account information
When you fill in forms on our website
When you get in touch with us
When you opt in to receiving messages from us
You complete a case study or video
Information about you as an employee – you name, address, email, telephone numbers, date of birth; qualifications, skills, experience and employment history, pensions or insurance cover; bank account and national insurance number; marital status, next of kin, dependents and emergency contacts; nationality and entitlement to work in the UK; attendance records, holiday, sickness absence, family leave and sabbaticals; details of any disciplinary or grievance; performance appraisals; medical or health conditions
When you apply for a role with us or have been appointed as an employee
For the provision of our collaborative services we may process sensitive or special category data using encrypted methods during the usage of the services only. We do not store nor use this information for our own purposes
3. Legal Basis for Processing
The bulk of all personal data processing is undertaken for the performance of contract terms agreed with clients or our employees and contractors.
Any data processed outside of the contracted agreements such as enquiries through our website or by email for the services we provide is completed as a legitimate interest.
Client Case Information and Patient Data
As a client or an approved user under a client agreement when you use the Visionable application you will have the ability to upload and share with your colleagues messages, information and images, audio and visual, including information and images regarding specific patient cases (Patient Data). For this patient data we are a data processor and not the controller. Should you have any queries regarding patient data these should be addressed to the GP, Hospital or Trust that invited you to use the Visionable Application.
Patient Data is considered to be a special category of data under the General Data Protection Regulation (EU) 2016/679 (GDPR) and is processed under section 6(1)(c) “necessary for compliance with a legal obligation to which the controller is subject” and 9(2)(h) “(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or member State law pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
4. Why do we collect this information?
We collect your personal information:
- to provide you with the collaborative services that you may request from us or as under contracted agreement
- to provide information about goods and services which we feel may be of interest to you
- for our legitimate interests in the relationship we have with you as a business contact or client
- to meet our legal and regulatory obligations as an employer
- for the safeguarding and care of our staff and guests
- for business reporting to our investors and shareholders
- for use in business promotions in the form of case studies or recorded video content but only with your consent
We are committed to keeping your information up to date as far as is reasonably possible However, if you believe that we have made an error, then please contact us as we have outlined below and we will use reasonable endeavours to correct.
5. Keeping your information safe and secure.
We are committed to ensuring that your personal information is secure and protecting it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.
In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online and in paper form. We only provide access to your data to staff who require access.
As a business we are certified to ISO 27001 and the Cyber Essentials scheme https://www.ncsc.gov.uk/cyberessentials/overview
6. Sharing your data with Third parties
Access to your personal information is only allowed when required by the law or is required as part our fulfilling our service obligations. We do not, and will never, sell your personal information with other third parties.
For our general day to day data processing activities, we use the following to help us administer and monitor the services we provide:
- for database management of our clients, staff and office admin
- to host the servers, we use for our collaborative services
- for payroll and financial accounting
- to share newsletters, promotional detail, industry news or other information that maybe of interest to you
- to help us improve our services and database
- for the administration of our website and customer interactions with Visionable
- for any legal guidance in the provision of our services
If you are a resident of the European Economic Area (EEA), all the data processing undertaken by Visionable in accordance with European laws and regulations such as the General Data Protection Regulation (GDPR).
You need to be aware that the personal data that we collect about you may be transferred to and processed by recipients that are located outside the European Economic Area. Where this may become necessary it will be undertaken in full compliance with the legal requirements.
For full details of the third-party suppliers or any questions regarding any cross-border data processing please contact our Data Compliance Manager at firstname.lastname@example.org
7. How long do we keep personal information?
We will only keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In general terms we will retain the data:
- Of our clients for the duration of the services provided under contract and up to 24 after the end of the contract
- For prospect clients or businesses that have not or have yet to subscribe to our services we will retain your data for up to a maximum of 36 months
- For anyone who applies or enquires about joining Visionable but does not work for us we will hold your details for a maximum of 6 months
- For our staff the records are held in line with HMRC requirements for up to 6 years after you leave us
- As agreed with you for business promotional materials
For full more details of our Retention policy please contact our Data Compliance Manager at email@example.com
8. Marketing & Market Research
Visionable undertake a limited range of marketing activity using the data held within our database. This includes:
- Maintaining contact with our clients, investors, shareholders and prospect clients to keep them advised of news
- To share our newsletter or other promotional information
- We make use of Social media channels such as Facebook, Linked In and Twitter for business promotion
- We may with your consent use case studies or videos to help promote the value of our collaborative services
We may also make unsolicited approaches to new potential contacts or business clients, using prospect information held within our records or using information drawn from publicly-available sources. These approaches are made in a fully complaint manner as governed by PECR (the Privacy of Electronic Communications Regulation), with the contacts being given the option to opt out from such contact
Visionable like most organisations has a website and like most websites we also use ‘Cookies’.
We may gather information about your general internet use by using a cookie file. Cookies are downloaded to your computer automatically and stored on the hard drive of your computer. They help us to improve our website and the service that we provide to you by collecting statistical data about your browsing actions and patterns; they do not identify you as an individual.
All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our website.
10. Controlling your personal information (Your Rights)
It is important that the personal information we hold about you is accurate and current. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.
Under certain circumstances, you have rights under UK Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation 2016/679 (GDPR) in relation to your personal information. You may have the right to:
- be informed of how we will use your data as provided by this Policy
- access the information held about you. Your right of access can be exercised in accordance with data protection law;
- object to us processing, or ask us to restrict our processing of your personal information for any of the purposes listed in this policy, at any time.
- ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge.
- ask us to erase or delete your personal information (in certain circumstances). We will do our best to respond to such requests, but these are subject to certain limitations such as legal requirements.
- Request a transfer of your personal information (again in certain circumstances).
If you wish to exercise any of the above rights or to review, verify, correct or question anything detailed in this policy or are unhappy with any aspect of how we use your data please contact us at:
Little Tufton House, 3 Dean Trench St, Westminster, London SW1P 3HB Or email us at firstname.lastname@example.org
We will respond to your request promptly and look to resolve any query within 30 days and free of charge. However, we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will also always notify you if such a charge is being applied.
11. Questions & Complaints
You also have the right to make a complaint at any time and we appreciate the chance to deal with your concerns in the first instance. To register a complaint please email us at email@example.com
If you are unsatisfied by our reply then you have the right to lodge a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk.
12. Changes to this privacy notice
We reserve the right to make changes to this Policy at any time without prior consultation. Any changes to this Policy will be posted on our site so that you are always aware of what personal data we collect, how we use it, and under what circumstances, if any, we disclose it. If at any time we decide to use personal data in a manner significantly different from that stated in this Policy, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail.