Space 2B You CIC
Privacy Policy – Healthcare Services
Introduction and summary of our privacy policy
Space 2B You CIC welcomes you to our privacy policy relating to our healthcare services.
The goals of Space 2B You CIC are to:
Provide our users (we also refer to users as ‘clients’) with a range of high standard psychological services covering assessment and psychological therapy to promote, support and monitor mental health and emotional wellbeing in a manner which is person-centred, flexible and user friendly
Improve and develop the services we provide so we continue to deliver high standard services. This includes monitoring clinical outcomes.
Support our clinical team to deliver high quality services, meet their professional standards and continue their professional training and development
Support others involved in our clients’ care including their referrers and other healthcare professionals
Share our learning with the wider professional community and contribute to developments in the field of mental health
Comply with legal and regulatory requirements
We process your personal data in support of those aims. We are transparent about our processing. We respect the confidentiality of your personal data. We share your personal data for the purpose of our clients’ direct care and in a limited number of other ways permitted or required by law.
When you use Space 2B You CIC services, you trust us with your information. You can use Space 2B You CIC services knowing that we do not gather your personal information to sell to other organisations. Space 2B You CIC collects and processes personal data in accordance with this policy and to deliver high quality care to our clients.
Space 2B You CIC does combine your data with data of others to create reports on the relative effectiveness of our services and how we can improve on these, so we may publish in a manner which does not identify individual clients.
If you are under 16 years of age, we will require consent from an adult for you to receive care from Space 2B You CIC for our services.
This privacy policy will tell you about:
how we look after and use your personal data provided to us in connection with healthcare services we provide to you or others; and
your privacy rights under the data protection law including the General Data Protection Regulation (GDPR) (and data protection law made under that regulation) and how that law protects you.
How we look after and use your personal data provided to us as a potential new user/client in connection with general enquiries about our healthcare services.
As we are collecting personal data about you, relevant laws protect your personal data and give you rights in relation to your data. Your ‘legal rights’ mean you can:
Request access to your personal data
Ask us to correct your personal data
Ask us to delete your personal data
Object to the processing of your personal data
Request restriction of processing of your personal data
Request the transfer of your personal data
Withdraw consent at any time
Each of these ‘legal rights’ and how Space 2B You CIC is collecting and protecting your data is explained in more detail in the next sections.
Details of our privacy policy
This privacy policy is provided in accordance with the requirements of the GDPR. It is divided into sections outlined below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy.
1. Important information and who we are
2. The data we collect about you
3. How is your personal data processed
4. Disclosures of your personal data
5. International transfers
6. How the NHS and care services use your information
7. Your legal rights
8. Glossary
1) Important information and who we are
Purpose of this privacy policy
This privacy policy aims to give you information on how Space 2B You CIC collects and processes personal data in connection with healthcare services and any other services that you request from us or we provide to you or others, or from enquiries as a potential new client.
It is important that you read this privacy policy together with any other privacy policy or fair processing notice, and other communications we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.
Controller
Space 2B You CIC (referred to as Space 2B You, "we", "us" or "our" in this privacy policy) is a Community Interest Company with registration number 13042143. Space 2B You CIC is data controller of the personal data to which this privacy policy relates.
We have appointed a data protection lead (“DPL”) whose role includes overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise [your legal rights], please contact our DPO using the details set out below.
Contact details
Our contact details are:
Our full name: Space 2B You CIC
Email and postal address for contacting us:
Email address: admin@space2byou.co.uk
Postal address: PO Box 425, Southampton, Hampshire. SO40 0HN
You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Changes to this privacy policy
This version was last updated on 12th January 2021 and historic versions can be obtained by contacting us.
The need for you to inform us of changes to personal data about you or others
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us. Please use the contact details in the previous section.
Similarly, it is important that the personal data we hold about others is accurate and current. Please keep us informed if others’ personal data that you have given us changes during your relationship with us.
2) The data we collect about you
Personal data means any information about a living person from which that person can be identified, for example their name, date of birth, address.
It does not include data where the identity of that person has been removed. This means there is no data to identify the person. Data where you can’t identify a person is called “anonymous” data.
We may collect, use, store and transfer different kinds of personal data about you and in any given case the kind of personal data we collect, use, store and transfer will be influenced by the nature of the services that you request from us or we provide to you or others, or what you provide to us as part of an enquiry as a new customer. Whilst the personal data which we collect, and process relates principally to our clients it will include personal data which relates to others including family members, carers and other healthcare professionals. We have grouped together kinds of personal data as follows:
Personal Identifiers including name, date of birth, address, email address, telephone numbers, NHS number
Biographical Information including information about significant life events and relationships and interactions with others, financial circumstances and interactions with public authorities including the criminal justice system.
Health Information including details of your medical history, past assessments, diagnoses and treatments, the opinions of others about your health and well-being, including opinions expressed by family, carers and health and social care professionals.
Financial Information including information necessary for invoicing, payment and accounting purposes.
Technical Data including log-in details, IP addresses [etc.] details of the use of our IT services such as usage of the client portal.
Special Categories of Personal Data which may include information about your health (as noted above) and information revealing your race and/or ethnicity, your religious or philosophical beliefs or political opinions and information concerning your sexual life or sexual orientation.
Sources of Personal Data
We may collect personal data from a number of different sources including, but not limited to:
Organisations or professionals involved in clients’ care, including:
Their GPs
Other hospitals, both NHS and private
Mental health providers
Commissioners of healthcare services
Clinicians contracted by us to deliver our services
The information which we collect in relation to our clients may include information about a variety of third parties including the client’s relatives, friends or carers.
Directly from our client
Data may be collected directly from you when:
You enter into a contract with us for the provision of healthcare services
You use those services, including during clinical sessions
You submit information via our client portal
You complete enquiry forms on our website
You submit a query to us
You correspond with us by letter, email, telephone or social media
You take part in our marketing activities
Directly from our client’s relatives, friends or carers
Data may be collected directly from client’s relatives, friends or carers when they:
enter into a contract with us for the provision of healthcare services to a client
participate in the healthcare services which we provide, including during clinical sessions
submit information via our portal
complete enquiry forms on our website
submit a query to us
correspond with us by letter, email, telephone or social media
take part in our marketing activities
From other third parties
We may also collect data about clients from third parties when:
We liaise with client’s insurance policy provider in relation to our private services
We deal with NHS health service bodies about services you have received or are receiving from us which they have commissioned
We liaise with Government agencies or public bodies, including HMRC, and social services
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, or for your benefit, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into (for example, to provide you with healthcare services). In this case, we may have to cancel or not provide a service you have requested from us or we are providing under a contract with you (or for your benefit), but we will notify you if this is the case at the time.
3) How is your personal data processed?
We may 'process' your personal data for a number of different purposes. Each time we use your data we must have a legal basis to do so. The particular justification will depend on the purpose for which the data is processed and the nature of our relationship with you, e.g., whether you are receiving care as an NHS patient or under a contract which you have with us. When the data we process is classed as “special category of personal data”, we must have a specific additional legal justification in order to use it as proposed.
In most instances, we will rely on the following legal justifications, or 'grounds':
Taking steps at your request so that you can enter into a contract with us to receive healthcare services from us and the clinicians we engage to deliver our services.
For the purposes of providing clients with healthcare, whether pursuant to a contract between the client and us, or under arrangements between us and the NHS in the performance of their public task. We will rely on this for activities such as supporting the delivery of your healthcare, supporting your Space 2B You CIC clinician or other healthcare professional in their professional obligations.
We have, or a third party has, a legitimate Interest in processing the personal data and those interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Note that where the client is not the data subject, we may rely on the client’s legitimate interest in receiving healthcare. For example, we may process some information about a client’s next of kin as the client has a legitimate interest in the next of kin being contactable and the processing will not adversely affect the next of kin.
We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and monitoring outcomes.
It is necessary to comply with a legal or regulatory obligation.
We, or clinicians who have provided our services, need to use such personal data to establish, exercise or defend legal rights.
You have provided your consent to our use of your personal data.
Generally, we do not rely on consent as a legal basis for processing your personal data in connection with the healthcare services we provide to you or others. This does not affect the role which informed consent plays in the context of our clients’ decisions about their care and treatment.
Note that we may process your personal data on more than one lawful ground depending on the specific purpose, or purposes, for which we are using your data. Please contact us if you need details about the specific legal grounds we are relying on to process your personal data where more than one ground has been set out below.
Purpose 1: Where we are providing services to you under a contract with you, to set you up as a client on our IT systems
As is common with most business, we may have to carry out necessary checks in order for you to become a client. These include suitability checks for our services, which we cannot perform without using your personal data.
Legal ground:
Taking the necessary steps so that you can enter into a contract with us for the delivery of healthcare.
Additional legal ground for special categories of personal data:
The use is necessary for reasons of substantial public interest under UK law.
Purpose 2: To provide you with healthcare and related services
Legal grounds:
Providing you with healthcare and related services whether on the basis of a contract with you.
Providing you with healthcare and related services under arrangements with the NHS as part of its public task.
Our client’s legitimate interests in obtaining our services.
Additional legal grounds for special categories of personal data:
We need to use the data in order to provide healthcare services to you
The use is necessary to protect your vital interests where you are physically or legally incapable of giving consent
Purpose 3: For account settlement purposes
In respect of private clients, we will use your personal data in order to maintain account and billing information which is accurate and up-to-date.
Legal grounds:
Providing you with healthcare and related services under arrangements with the NHS as part of its public task.
Fulfilling our contract with you for the delivery of healthcare.
Our having a legitimate interest in using your personal data.
Additional legal grounds for special categories of personal data:
We need to use the data in order to provide healthcare services to you.
The use is necessary in order for us to establish, exercise or defend our legal rights.
We need to use the personal data for reasons of substantial public interest such as fraud prevention.
Purpose 4: For research purposes
We undertake our own research to develop our knowledge of the conditions which affect our services users in the hope of developing improved tools for assessment and care. We may undertake research with carefully selected third parties such as academic researchers. Any such research partnerships would be subject to information sharing agreements which respect the confidentiality of patient data and implement appropriate safeguards. External research partners would be required to demonstrate to Space 2B You CIC that they have complied with any applicable research ethics approval process prior to the sharing of any personal data.
Where research outcomes are shared publicly that will done in a manner which does not identify any current or former clients.
We will share your personal data only to the extent that it is necessary to do so in assisting research and as permitted by law. Some research projects and/or registries have received statutory approval such that consent may not be required in order to use your personal data. In those circumstances, your personal data will be shared on the basis that:
Legal grounds:
We have a legitimate interest in conducting and contributing to medical research in the public interest subject to appropriate safeguards to protect your privacy.
Additional legal grounds for special categories of personal data:
The processing is necessary in the public interest for statistical and scientific research purposes
In the event that consent is required then either the research organisations will obtain this from you themselves or we will take consent from you.
Purpose 5: Communicating with you and resolving any queries or complaints that you might have.
From time to time, patients may raise queries, or even complaints, with us. It is important that we resolve such matters fully and properly, and so we will need to use your personal data in order to do so.
Legal grounds:
Fulfilling our contract with you for the delivery of healthcare.
Fulfilling our obligations in delivering services to you under arrangements commissioned by the NHS.
Our having a legitimate interest in addressing your queries or complaints for the purpose of maintaining the standard of service which we provide.
Additional legal grounds for special categories of personal data:
The use is necessary for the provision of healthcare or treatment pursuant to a contract with a health professional
The use is necessary in order for us to establish, exercise or defend our legal rights
The use is necessary for reasons of substantial public interest under UK law.
Purpose 6: Communicating with any other individual that our client asks us to update about their care and updating other healthcare professionals about our client’s care.
Other healthcare professionals or organisations involved in caring for you may need to know about the services which we provide to you, including assessments, diagnosis or treatment, in order for them to provide you with safe and effective care, and so we may need to share your personal information with them. Further details on the third parties who may need access to your data is set outlined in the Third Parties section below.
Legal grounds:
Our providing you with healthcare and other related services either under a contract with you or in the performance of a task in the public interest under arrangements with the NHS or third parties.
We, and the clinicians providing our services and your clients have a legitimate interest in ensuring that other healthcare professionals who are routinely involved in our client’s care have a full picture of their treatment.
Additional legal ground for special categories of personal data:
We, and the clinicians providing our services, need to use the data in order to provide those healthcare services.
The use is necessary for reasons of substantial public interest under UK law.
The use is necessary in order for us to establish, exercise or defend our legal rights.
Purpose 7: Complying with our legal or regulatory obligations, and defending or exercising our legal rights
As a provider of healthcare, we and the clinicians delivering services on our behalf are subject to a wide range of legal and regulatory responsibilities which are not listed in full here. We make and retain detailed records of the assessments which we undertake and the care which we provide, including the information on which assessment and treatment decisions were based. We may be required by law or by regulators to provide personal data. In addition, the clinicians providing our services may have to exercise their judgment in determining whether the disclosure of confidential information should be made in accordance with their professional codes of conduct. From time to time, we or our clinicians may be the subject of legal actions, regulatory proceedings or complaints. In order to fully investigate and respond to those actions, it may be necessary to access your personal data (although only to the extent that it is necessary and relevant to the subject-matter). We may be required to disclose your personal data in response to a court order.
Legal grounds:
The use is necessary in order for us to comply with our legal obligations
The use is necessary for the Legitimate Interest of clinicians in responding to their regulator or in dealing with legal proceedings or otherwise complying with their professional obligations.
Additional legal ground for special categories of personal data:
We need to use the data in order for others to provide informed healthcare services to you
The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems
The use is necessary for establishing, exercising or defending legal claims
The use is necessary for reasons of substantial public interest under UK law
Purpose 8: Quality assurance, quality improvement, training and security including conducting peer reviews of consultations conducted by clinicians delivering Space 2B You CIC services
We may use your personal data, including information about your health, to identify where improvements can be made to the services which we provide and to support the professional development of the healthcare professionals we engage to deliver our services. We may also use your personal data in the context of developing, implementing and testing our IT security and in investigating any suspected security incidents.
Legal grounds:
Our legitimate interest in maintaining and improving the quality of our services and the legitimate interest of the public in accessing high quality healthcare.
Additional legal ground for special categories of personal data:
We need to use the data in order to manage the healthcare services we deliver, including carrying out surveys in order to identify and carry out any necessary improvements
Purpose 9: Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g., tax or legal advice)
Legal grounds:
Our legitimate interest in running our business
Additional legal ground for special categories of personal data:
The use is necessary for establishing, exercising or defending legal claims.
Purpose 10: Provide information in relation to new services offered by Space 2B You CIC as an existing client or potential new client, or to invite clients to participate in service development activities
We may use your personal data to send marketing updates to you about new services, company news and announcements, or service development activities such as clinical studies.
Legal grounds:
Our legitimate interest in running our business
Additional legal ground for special category of personal data:
Processing is necessary for research in the public interest.
Change of purpose
Except as noted below, we will only use your personal data for the purposes for which we collected it, or have previously notified to you, except where further processing is compatible with those purposes. If you wish to get an explanation as to how the processing for the new purpose is compatible with the previous purpose(s), please contact us.
Except as noted below, if we propose to use your personal data for a purpose which is not compatible with those previously notified, we will notify you and we will explain the legal basis which allows us to do so.
Please note that, as exceptions to the two previous paragraphs, we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4) Disclosures of your personal data
We may share your personal data with the parties set out below for the purposes set out above.
From time to time, we may share your personal data with third parties.
Disclosures to third parties:
We may disclose personal data to the third parties listed below for the purposes described in this Privacy Notice where that disclosure is required or permitted by law. This might include:
Professionals involved in caring for our clients including your Space 2B You clinicians, GPs, NHS and private sector providers.
Other members of our support staff involved in the delivery of care, like our administration staff.
Anyone that you ask us to communicate with or provide as an emergency contact, for example a client’s next of kin or carer
NHS organisations, including NHS Resolution, NHS England, Department of Health
Third parties who assist in the administration of healthcare to our clients, such as insurance companies
National and other professional research/audit programmes and registries as part of requirements for delivering services on behalf of the NHS
Government bodies and public authorities
Our insurers
Our third-party advisers including actuaries, lawyers
We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax and telephone.
5) International transfers
In most cases we do not transfer personal data outside of the EEA. On occasion personal data may be transferred outside of the EEA for example at the request of the data subject. On such occasions we will consider the necessity of any transfer and the adequacy or protections for the personal data in the country to which the data is transferred.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it and/or processed it for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements, including requirements on clinicians who deliver Space 2B You CIC services.
A service user’s care record will be retained in accordance with the guidance on retention periods issued by the Information Governance Alliance, as amended from time to time as reflected in Space 2B You CIC’s Retention Policy which will be updated from time to time and which you can request from us by contacting us.
In some circumstances you can ask us to delete your data: see [Request erasure] below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
6) How the NHS and care services use your information
Space 2B You CIC is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Mental Health Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
improving the quality and standards of care provided
research into the development of new treatments
preventing illness and diseases
monitoring safety
planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
See what is meant by confidential patient information
Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
Find out more about the benefits of sharing data
Understand more about who uses the data
Find out how your data is protected
Be able to access the system to view, set or change your opt-out setting
Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
See the situations where the opt-out will not apply
You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research)
https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations had until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is compliant with the national data opt-out policy.
7) Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
[Request access to your personal data].
[Request correction of your personal data].
[Request erasure of your personal data].
[Object to processing of your personal data].
[Request restriction of processing your personal data].
[Request transfer of your personal data].
[Right to withdraw consent].
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
Except as described below, you will not have to pay a fee to access your personal data (or to exercise any of the other rights).
As exceptions to the previous sentence, if your request is clearly unfounded, repetitive or excessive:
we may charge a reasonable fee; or
alternatively, we may refuse to comply with your request in those circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and verify your right to access the requested personal data (or to exercise any of your other rights). This is a security measure to reduce the risk of disclosure of personal data to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within 28 days. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
8) Glossary
LAWFUL BASIS
Legitimate Interest means the interest in conducting and managing our business or a third party’s interest. For example, a client’s interest in receiving our services. We make sure we consider and balance any potential impact on you (both positive and negative) and the data subject’s rights before we process personal data for Legitimate Interests. We will not rely on the “Legitimate Interests” ground for processing personal data where our, or the third party’s, interests are overridden by the impact on the data subject, but we may still process it if we have your consent or are otherwise required or permitted to by law. You can obtain further information about how we assess the relevant Legitimate Interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to (which, amongst other legal obligations, includes any regulatory obligation where there is a statutory basis underpinning the regulatory regime and which requires regulated controllers to comply).
THIRD PARTIES
External Third Parties
Service providers acting as controllers, joint controllers or processors based in the UK, other European Economic Area (“EEA”) countries who provide IT (including, but not only, website) and system administration services and services in relation to emails, including the following:
Squarespace Domains LLC and Tucows: host our servers
Microsoft: host our file storage system
RingCentral: who provide our VoIP telephone service and record calls on our behalf
Microsoft: host our email system
Power Diary: provide our practice management software and video conferencing
Those organisations publish their own privacy policies which are available on-line. The processing which they undertake on our behalf is subject to the requirements for compliance with the General Data Protection Regulation.
The following, who may be based inside or outside the European Economic Area (“EEA”), acting as controllers, joint controllers or processors: clinicians contracted by Space 2B You CIC to deliver healthcare services to you, other professionals and service suppliers we use or who are involved in matters we are working on, banks and other financial or investment providers or advisers, and public authorities in the UK and elsewhere;
HM Revenue & Customs, regulators and other authorities acting as controllers, joint controllers or processors, based inside or outside the European Economic Area (“EEA”) who require reporting of processing activities in certain circumstances or otherwise for the purposes of, or in connection with the healthcare services and other services we provide.
YOUR LEGAL RIGHTS
In certain circumstances you have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully. This is not an absolute right and is subject to specific limitations in the GDPR.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you, or your agent or someone else acting on your behalf, provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we have processed your data unlawfully or where we are required to erase your personal data to comply with law. Note, however, that the right to erasure is not an absolute right and that we will not always be required to comply with your request for erasure because of specific legal reasons which will be notified to you, if applicable, at the time of your request.
If you are participating in a clinical study with Space 2B You CIC, your rights to access, change or move your information are limited, as we need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from the study, we will keep the information about you that we have already obtained.
Object to processing:
The right to object to other uses of your personal data
You have a range of rights in respect of your personal data, as set out in detail in the section entitled "Your rights". This includes the right to object to us using your personal data in a particular way (such as sharing that data with third parties), and we must stop using it in that way unless specific exceptions apply. This includes, for example, if it is necessary to defend a legal claim brought against us, or it is otherwise necessary for the purposes of your ongoing treatment.
(a) you have the right to object to processing of your personal data where we are relying on
our Legitimate Interests (or those of a third party); or
the ground that the processing is necessary for the performance of a task carried out in the public interest
and there is something about your particular situation which makes you want to object to processing on this ground because you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that there are compelling legitimate grounds to process your personal data which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
where you contest the accuracy of your personal data, such suspension to be for a period enabling us to verify the accuracy of the personal data;
where our processing of your personal data is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
where we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
you have objected to processing pursuant to the right described in the paragraph (a) of the description of your right to “Object to Processing” described above, pending the verification whether there are compelling legitimate grounds to process your personal data which override your rights and freedoms.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data which you provided to us and that is processed by automated means which you, or your agent or someone else acting on your behalf, initially provided consent for us to use or that we used to perform a contract with you.
Withdraw consent at any time where we are relying on consent as the lawful ground to process your personal data under the GDPR. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you.