Marie Stopes UK values and respects the trust you put in us when you choose to share your private information. Read this Privacy Notice to find out more about how we keep your information safe and private.
About the Privacy Notice
This Privacy Notice is intended for anyone using the mariestopes.org.uk website and anyone who chooses to donate to us or contact us through this website, including clients
This notice tells you about the information we, Marie Stopes UK, collect and hold about you. It explains what we do with the information, how we will look after it and who we might share it with.
This notice complies with the EU General Data Protection Regulation (GDPR) and Data Protection Act 2018.
Marie Stopes UK is the data controller. It means that if this notice applies to your information, it is our responsibility to protect it.
Notice from Department of Health and Social Care
The department of Health and Social Care have issued a notice to all healthcare providers under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002. Informing us of required action to be taken to the processing and sharing of confidential patient information amongst health organisations and other bodies engaged in disease surveillance for the purposes of research, protecting public health, providing healthcare services to the public and monitoring and managing the Covid-19 outbreak and incidents of exposure. This notice will remain in place until 30th September 2020. You can read more about this in the Notice section 3.1.
Launch of new telemedicine service during Covid-19
Due to Covid-19 we have launched a new telemedicine service to help reduce the risk for all, though this service will not be available to everyone and will depend on your circumstances. Your data will be collected and managed in the same way as outlined below with the exception of your face to face consultation replaced by a call, you will be required to pass security before the nurse can discuss your record with you, be sure to have your security information stored safely and ready.
What information do we collect?
Depending on what information you choose to share or what information we are legally required or authorised to collect, we may collect the following:
- Name, address, telephone number, email
- Contact preferences and methods for the safest and most preferred way to reach you during your treatment
- Your next of kin details
- Date of birth, ethnicity, marital status, the language that you speak
- Your sexual and reproductive health records, including laboratory test results and scans.
- Details about health conditions that may affect treatment
- Details about physical or mental health. This is so we can make sure our services are accessible to you.
- Your GP details and NHS Number
- Your lifestyle and circumstances
- Visual images that show personal appearance and behaviour. For example CCTV images that are used as part of our building security and for the prevention of crime.
- IP address, browser type and information about the page you last visited
Where do we collect your information from?
We collect information about you in the following ways:
- When you give it to us directly
- When you call us, telephone calls are recorded for training and monitoring purposes
- Sometimes when our staff call you back the calls may be recorded
- Onsite CCTV captures images for the purpose of security
You may give us your information when you visit our website, book an appointment with us or submit a contact us form.
We do not buy information about individuals from companies that sell such details.
Why do we collect your information?
- If you have submitted a contact us form, we need your information to contact you
- You have called us to discuss and/or book treatment.
Why do we use your information?
Each time we use any information about you we need to have a lawful basis to do so.
The reasons why we would use information about you are:
- For NHS clients’ medical care: We need to use the information to be able to provide our official and legal services. This lawful basis is known as a “public task”, since the service is NHS funded.
- For Private clients’ medical care: We need to use the information to be able to provide our official and legal services that the client has asked to pay for. This lawful basis is known as a “contract”.
- For clients needing an emergency transfer to a hospital: We need to use the information to protect the life of the client. This lawful basis is known as “vital interest”.
- For all clients who are part of anonymised research: We need to keep information that is in the public interest. It can be used for scientific or historical research. This lawful basis is known as “public task”.
- For all clients that consent to being sent a link to a feedback service: this service is anonymous but we seek your agreement to send you the link, Your consent or decision to opt in is entirely voluntary. Should you decide not to consent or should you change your mind at any time, you do not need to give a reason and your medical care and legal rights will not be affected.
- For team members: We need to use the information as part of our team members’ employment contracts.
- We also may need to include team member names in organisational documents. We need to use this information to meet our legal duties as a health care provider. This lawful basis is known as “legal obligation”.
- For internal communication: We need to share information with our teams to be able to provide our services. Sharing information with our teams also helps us to work with other organisations. This lawful basis is known as “legitimate interest”.
- For website visitors: If a person sends personal information on our website, we can use the information if the person gives permission. This lawful basis is known as “consent”.
When the information you give to us is classed as sensitive, it needs more protection than usual. Sensitive information, such as information about your health, is called “special category data’’. We can only use sensitive information if we have two reasons to use it.
The first reason comes from the list above. The second reason to use sensitive information is:
- For medical reasons and to provide health care.
- For public health reasons, for example to stop the spread of disease or infection.
- To keep information for statistics, for scientific or historical research, or for public interest. This is always balanced with your right to data protection.
How do we keep your information safe?
Any information we hold about you is kept secure through appropriate technical controls and systems. Our website is hosted by secure servers located within the European Economic Area. The information you choose to share with us through our website is also encrypted.
We ensure your information is only accessible to trained team members and contractors responsible for looking after it. Your information will only ever be read or used on encrypted hardware and reliable software.
Who sees your information?
We will not disclose information to your GP or contact them without your permission, other than when needed for emergency medical care or safeguarding concerns. All clinical professionals are bound by the code of confidentiality and data protection laws.
Select Marie Stopes team members will have access to your information to carry out their job, to assist in the delivery of healthcare treatment, and we may need to share some of your information with other healthcare providers for your care. Also to gain NHS funding or to understand your medical history.
We may also engage with external organisations to process information on our behalf such as our professional file archiving and laboratory partners. We will always ensure that our contract with them sets out our expectations and requirements as to how they should handle your information. Where possible we will keep the sharing of your information to a minimum.
We may have to disclose your details, where required by the law, to the police, regulatory bodies or legal advisors.
We will never sell your information to third parties.
The NHS national data opt-out applies to the processing of your health information for research and planning purposes and not for individual care (for example use of a Marie Stopes UK service). Opt-outs do not apply where our clients receiving treatment via NHS funding consent to the use of their data for payment and invoice validation. For further information on NHS opt out and the use of your data please visit "Your NHS data matter".
How long will we keep your information for?
We only keep information about you for as long as we need to. We are required to retain all of our health care records for a minimum period of time for legal and safety reasons. The length of time depends on the type of record. We keep all abortion records for 13 years and all vasectomy records for 10 years, exceptions can apply to certain records’ retention periods where it may be required by the law. For more information about our records management and retention, please see the Records Management Code of Practice for Health and Social Care 2016.
Your rights and control over your information
Information we collect and use about you is always within your control. This means that you have rights over this information and you may be able to request the following:
- Information about how we handle your information
- Access to the information we hold about you
- Your information to be amended or updated
- To object to the use of your information
- To restrict the ways in which we use your information
In some cases your information can be deleted or deactivated, however, the right to erasure does not apply if processing is necessary for the purposes and for the provision of health or social care; or for the management of health or social care systems or services.
Can I request my information?
As a client you can request access to, or copies of your health record(s), this includes scans or personal data we hold as part of your records. The right of access, commonly referred to as 'Subject Access', gives individuals the right to obtain a copy of their personal data as well as other supplementary information.
You can make a 'Subject Access' Request (SAR) by downloading our 'Subject Access' Request form here, and emailing it to firstname.lastname@example.org
If you would like to find out more information about your rights, please email email@example.com
If you would like to make a complaint, please email firstname.lastname@example.org
You also have a right to submit a complaint to the Information Commissioner’s Office in the UK. Our ICO number is Z5517462.
We do all that we can to protect your information
Marie Stopes UK is accredited with the Cyber Essentials Certificate and recently achieved the Cyber Essentials Plus accreditation. Cyber Essentials is a Government-backed scheme which protects organisations against cyber threats. This accreditation recognises our ability to resist and react to cyber-crime attempts, and acknowledges our commitment to protecting your personal information.
How to contact us
If you have any questions about our Privacy Notice, you can contact us by email: email@example.com, telephone: 0345 300 8090, or by post:
Marie Stopes UK
1 Conway Street
Changes to this notice
We will keep this notice under regular review and will publish any updates on this page. This Privacy Notice was last updated on 6 April 2020.