Read this Privacy Notice to find out more about how we keep your information safe and private.
This Privacy Notice is intended for anyone using the mariestopes.org.uk website and anyone who chooses to donate to us or contact us through this website, including clients
This notice tells you about the information we, Marie Stopes UK, collect and hold about you. It explains what we do with the information, how we will look after it and who we might share it with.
This notice complies with the EU General Data Protection Regulation (GDPR) and Data Protection Act 2018.
Marie Stopes UK is the data controller. It means that if this notice applies to your information, it is our responsibility to protect it.
Notice from Department of Health and Social Care
The department of Health and Social Care have issued a notice to all healthcare providers under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002. Informing us of required action to be taken to the processing and sharing of confidential patient information amongst health organisations and other bodies engaged in disease surveillance for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure. This notice will remain in place until 30th September 2020. You can read more about this in the Notice section 3.1.
Launch of new telemedicine service during Covid-19
Due to Covid-19 we have launched a new telemedicine service to help reduce the risk for all, though this service will not be available to everyone and will depend on your circumstances. Your data will be collected and managed in the same way as outlined below with the exception of your face to face consultation replaced by a call, you will be required to pass security before the nurse can discuss your record with you, be sure to have your security information stored safely and ready.
Depending on what information you choose to share or what information we are legally required or authorised to collect, we may collect the following:
We collect information about you in the following ways:
You may give us your information when you visit our website, book an appointment with us or submit a contact us form.
We do not buy information about individuals from companies that sell such details.
Each time we use any information about you we need to have a lawful basis to do so.
The reasons why we would use information about you are:
For Marie Stopes Event Attendees (online): If an attendee has signed up for one of our events they will have to consent to the use of their email address for receiving invitations. The lawful basis is consent and it can be withdrawn at any time.
When the information you give to us is classed as sensitive, it needs more protection than usual. Sensitive information, such as information about your health, is called “special category data’’. We can only use sensitive information if we have two reasons to use it.
The first reason comes from the list above. The second reason to use sensitive information is:
Any information we hold about you is kept secure through appropriate technical controls and systems. Our website is hosted by secure servers located within the European Economic Area. The information you choose to share with us through our website is also encrypted.
We ensure your information is only accessible to trained team members and contractors responsible for looking after it. Your information will only ever be read or used on encrypted hardware and reliable software.
We will not disclose information to your GP or contact them without your permission, other than when needed for emergency medical care or safeguarding concerns. All clinical professionals are bound by the code of confidentiality and data protection laws.
Select Marie Stopes team members will have access to your information to carry out their job, to assist in the delivery of healthcare treatment, and we may need to share some of your information with other healthcare providers for your care. Also to gain NHS funding or to understand your medical history.
We may also engage with external organisations to process information on our behalf such as our professional file archiving and laboratory partners. We will always ensure that our contract with them sets out our expectations and requirements as to how they should handle your information. Where possible we will keep the sharing of your information to a minimum.
We may have to disclose your details, where required by the law, to the police, regulatory bodies or legal advisors or to the emergency services where it concerns your vital interests.
We will never sell your information to third parties.
The NHS national data opt-out applies to the processing of your health information for research and planning purposes and not for individual care (for example use of a Marie Stopes UK service). Opt-outs do not apply where our clients receiving treatment via NHS funding consent to the use of their data for payment and invoice validation. For further information on NHS opt out and the use of your data please visit "Your NHS data matter".
We only keep information about you for as long as we need to. We are required to retain all of our health care records for a minimum period of time for legal and safety reasons. The length of time depends on the type of record. We keep all abortion records for 13 years and all vasectomy records for 10 years, exceptions can apply to certain records’ retention periods where it may be required by the law. For more information about our records management and retention, please see the Records Management Code of Practice for Health and Social Care 2016.
Your rights and control over your information
Information we collect and use about you is always within your control. This means that you have rights over this information and you may be able to request the following:
In some cases your information can be deleted or deactivated, however, the right to erasure does not apply if processing is necessary for the purposes and for the provision of health or social care; or for the management of health or social care systems or services.
As a client you can request access to, or copies of your health record(s), this includes scans or personal data we hold as part of your records. The right of access, commonly referred to as 'Subject Access', gives individuals the right to obtain a copy of their personal data as well as other supplementary information.
You can make a 'Subject Access' Request (SAR) by downloading our 'Subject Access' Request form here, and emailing it to firstname.lastname@example.org
If you would like to find out more information about your rights, please email email@example.com
Please note if you email the Information Governance address you will receive an automatic reply.
If you would like to make a complaint, please email firstname.lastname@example.org
You also have a right to submit a complaint to the Information Commissioner’s Office in the UK. Our ICO number is Z5517462.
Marie Stopes UK is accredited with the Cyber Essentials Certificate and recently achieved the Cyber Essentials Plus accreditation. Cyber Essentials is a Government-backed scheme which protects organisations against cyber threats. This accreditation recognises our ability to resist and react to cyber-crime attempts, and acknowledges our commitment to protecting your personal information.
If you have any questions about our Privacy Notice, you can contact us by email: email@example.com, telephone: 0345 300 8090, or by post:
Marie Stopes UK
1 Conway Street
We will keep this notice under regular review and will publish any updates on this page. This Privacy Notice was last updated on 3 July 2020.