Sensu (“we”, “us” or “our”) are committed to protecting and respecting your privacy.
The data controller is Sensu; the Information Governance Lead is Tiran Lewis.
This policy (together with our Cookies Policy) sets out the basis on which any personal data we collect, or that you provide to us, will be processed by us. It does not include data where the identity has been removed (i.e. anonymous data).
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
You will be asked to provide personal information when joining the practice. The purpose of us processing this data is to provide optimum health care to you by, for example, recommending the most relevant treatment and ensuring your safety by taking your medical history.
We may collect and process the following data about you in operating the website and performing any of our services and treatment(s):
We may share your Contact data, special category of data relating to health, Financial data, Treatment data and/or Usage data with selected third parties including:
This is a list of the main third parties with whom we share your personal data. If you would like a full list of third parties who process your data, and their contact details, please contact us using the details set out above.
We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential.
If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain your consent before the referral is made and the personal data is shared.
The website may include links to third party websites, plugins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The lawful bases for processing personal data (including providing your personal data to third parties) are:
For consent relating to children and people who may not have mental capacity to give consent, please contact us using the details above for a copy of our Safeguarding and Mental Capacity policies.
The reason for processing special category data such as patients’ health data is:
We (and the third parties listed above) process your personal data for the following purposes:
If you would like more information about how your data is processed please contact us by using the details set out above.
The retention period for special category data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention periods for other personal data is two years after it was last processed.
You will receive marketing emails until you unsubscribe, either by contacting us or by clicking on the unsubscribe link at the bottom of the email. For details of other retention periods please contact us using the details set out above.
You have the following personal data rights:
You have the right to withdraw consent at any time. If you request us to do so, we will no longer process your data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we will not be able to provide you with the services. You have the right to obtain a free copy of your patient records within one month of submitting a request.
If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month of submitting a request, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.
We have carried out a Privacy Impact Assessment and if you would like a copy please contact us using the details set out above.
If you wish to exercise any of the rights set out above, in the first instance, please contact us using the details set out above.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Further details of these rights can be obtained on the Information Commissioner’s website.
We have put in place appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Please contact the practice for a comment, suggestion or a complaint about your data processing at firstname.lastname@example.org, or 020 7486 4433 or by writing to or visiting the practice. We take complaints very seriously.
If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.
We offer individuals real choice and control. Our consent procedures put individuals in charge to build customer trust and engagement.
Our consent for marketing requires a positive opt-in, we don’t use pre-ticked boxes or any other method of default consent. We make it easy for people to withdraw consent, tell you how to and keep contemporaneous evidence of consent. Consent to marketing is never a precondition of a service.
You will receive marketing communications from us if you have requested information from us or if you have signed up via our contact form on the website and, in each case, you have not opted out of receiving that marketing.
We do not share your data with third parties for marketing purposes.
Where you opt out of receiving these marketing messages, this means that you may not receive messages relating to your appointments or treatment so please let us know by using the details set out above if you would like to continue to receive messages about your appointments and treatment.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the details set out above.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by using the details set out above.