Aspen Referring Party Privacy Notice

Aspen Healthcare is committed to protecting your privacy and meeting the requirements of data protection legislation. This privacy notice explains:

• what personal data we collect about you;
• why we collect that personal data;
• who we share your personal data with;
• why we might contact you and how you can change that;
• how long we retain your personal data;
• how we keep your personal data secure; and what rights you have in relation to your personal data.

When we talk about “personal data” in this notice, we mean any information which could be used to identify you, either directly or indirectly when combined with any other information we may hold about you.

In this privacy notice, when we refer to “we”, “us” or “our”, we mean Aspen Healthcare Limited, Centurion House, Third floor, 37 Jewry Street, London EC3N 2ER. We are the data controller under the Information Commissioner’s Office registration number ZA097224. If you need to contact us about this privacy notice or further details on how we use your personal information please contact the Group Data Protection Officer by post at our address above or by emailing DPO@aspen-healthcare.co.uk.

Personal data collected by Aspen Healthcare

Aspen Healthcare holds information about referring parties such as GPs, optometrists, physiotherapists and other healthcare professionals who may be interested in our services and events. These details may be written down in paper records or held on computer and include your name, job title, email address, telephone number, professional registration details (such as GMC or GOC number) and in some cases the practice that you work at. We also retain other personal information that you voluntarily provide to us. Some of the personal data which we process will be collected directly from you, but in other circumstances it may be provided by third parties, particularly the Binleys database which is provided by Wilmington Healthcare Ltd. When we obtain your personal data under licence from third parties we do so on the understanding that they have sought your consent to be included on their database or have advised you that your data is being shared with organisations such as Aspen Healthcare, and regularly check with you to see if you are still happy for your details to be included. It is essential that your details which we hold are accurate and up to date. Please inform us of any changes to your personal information as soon as possible.

Reasons for collecting that personal data

Your records are used to provide you with information about our facilities and services and invite you to events which we think will be of interest to you on the basis of our legitimate interests.

Who we share your personal data with

We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as if the law requires us to pass on information.

Receiving communications from Aspen Healthcare and updating your preferences

You can opt out or update your communications preferences at any time by contacting the Group Data Protection Officer via DPO@aspen-healthcare.co.uk.

Retention of personal data

We retain personal data for no longer than required and in line with Aspen’s retention schedule. This is based on statutory requirements and legal obligations, as well as our business requirements.

Security of personal data

We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper. Where we have a need to transfer data outside of the European Economic Area (EEA) we do so with appropriate safeguards in place.

Personal data and your rights

Data protection legislation gives you the right to:

• Correct any data we hold about you that is not correct (Rectification)
• Request that we delete your personal data (Erasure)
• Block or suppress the further processing of your personal data in certain circumstances (Restriction)
• Request access to personal data that we hold about you (Subject Access)
• In some circumstances, receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format and have this transmitted to another data controller (Data Portability)
• Withdraw consent where this is the legal basis for us processing your information
• Object to processing where Aspen is relying on its legitimate interests as the legal ground for processing

Not be subject to automatic decisions (i.e. decisions that are made about you by computer alone) that have a legal or other significant effect on you.

Please contact the Group Data Protection Officer using the details above if you wish to exercise your rights in relation to personal data. Our policy is to verify the authenticity of all requests made, and requests may be refused if we are unable to verify the identity of the requester.

If you have concerns about the way we have handled your personal data please contact the Group Data Protection Officer in the first instance: DPO@aspen-healthcare.co.uk. If you remain unsatisfied you can contact the Information Commissioner’s Office (ICO) on 0303 123 1113, by emailing casework@ico.org.uk or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.