Data Protection & Privacy Policy

Tine to Change Logo

Data Protection (GDPR) and Privacy & Cookie Policy

UK General Data Protection Regulation and Management (2021)

UK GDPR came into force on 31st December 2020 with an Act of Parliament. This means that in the UK we now have UK GDPR. Therefore, Totally plc group as a healthcare provider organisation has considered making changes to reflect this in their policies.

Totally plc group does not trade outside of the UK.

The Board of Totally plc group recognises the significance of data protection.  The purpose of this policy is to protect all personal information controlled or processed by the organisation and ensure an adequate level of awareness to ensure data protection principles are applied across all areas of operation within Totally plc group.

Personal data is identified and managed in accordance with the data protection risk assessment methodology that endorses the acceptable risk levels.

Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions.  These controls are monitored, reviewed, and improved by the Board to ensure that specific data protection, security and business objectives are met.  This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory, and contractual requirements.

Totally plc is committed to comply with data protection and the general data protection regulation requirements and good practice.  These include:

  • Processing personal information only where this is strictly necessary for legal and regulatory purposes, or for legitimate organisational purposes.
  • Processing only the minimum personal information required for these purposes.
  • Providing clear information to natural persons (including children) about how their personal information can be used and by whom.
  • Only processing relevant and adequate personal information.
  • Processing personal information fairly and lawfully.
  • Maintaining a documented inventory of the categories of personal information processed by the organisation.
  • Keeping personal information accurate and, where necessary, up-to-date.
  • Retaining personal information only for as long as is necessary for legal or regulatory reasons or for legitimate organisational purposes and ensuring timely and appropriate disposal.
  • Respecting natural persons’ rights in relation to their personal information.
  • Keeping all personal information secure.
  • Only transferring personal information outside the UK in circumstances where it can be adequately protected.
  • Developing and implementing the ISO 27001 certificate to enable the data protection policy to be implemented.
  • Where appropriate, identifying internal and external interested parties and the degree to which they are involved in the governance of the organisation’s ISO.
  • Identify workers with specific responsibility and accountability for the ISO. 
  • Maintain records of processing of personal information.

 

Our Data Protection Policy and Data Awareness Program is incorporated in our staff induction and training program.  The Data Protection policy is readily accessible internally and presented to existing and prospective clients upon request.  In addition to employees, suppliers, contractors, and sub-contractors of Totally plc are expected to adhere to our Data Protection Policy.

Totally plc is committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.

Through compliance of applicable statutory, regulatory, and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Totally plc will demonstrate confidence, integrity, and credibility both internally and externally.

Wendy Lawrence
Chief Executive Officer
1 February 2021

Privacy Policy

Maintaining Data Privacy and Data Protection is a priority for Totally plc (which incorporates the following group subsidiaries; About Health Limited, Premier Physical Healthcare Limited, Optimum Sports Performance Centre Limited, Totally Health Limited, Vocare Limited, Greenbrook Healthcare Limited, and Totally Healthcare Limited).  This Privacy Policy sets out the legal basis on which any personal data that we collect from you, or that you provide to us, will be processed by us.

Please read this Privacy Policy carefully to understand our views and practices regarding your Personal Data and how we will treat it.

Any questions relating to Data Privacy with Totally plc or this Policy should be sent by email to dpo@totallyplc.com , or by writing to Totally plc, Cardinal Square West, 10 Nottingham Road, Derby, DE1 3QT.

Alternatively, you can call our Data Protection Officer on 020 3866 3330.

 

What personal Information is held?

We may collect and process the following data from you:

  • Information you consent to provide Totally plc that is required to carry out our obligations arising from any contracts entered between you and us, or potential contracts that may be in liaison between you and us.
  • Information that you consent to provide by filling in forms on our website, or as part of any direct marketing or sales activities. This includes and is not limited to personal information about you such as your name, telephone contact number, geographical address/location, email address and interests.

Note: Clear consent information is supplied at point of collection to provide information on the use of data; and a record of the consent is taken at point of collection.

  • If you contact us by telephone or in writing, we may keep a copy of your correspondence or communication for record purposes.
  • Details of your visits to our website and the resources that you access can be found via our cookie policy.

If you have provided us with the personal data of another person, there is a clear requirement imposed by Totally plc for you to confirm that he/she consents to the processing of his/her personal data and that you have informed him/her of our identity as a Data Controller and the nature of the processing taking place.

Records will be retained as evidence of this consent.

How will we use the information we hold about you?

We use information held about you in the following ways:

Performance of a contract – We use information held about you to carry out our obligations arising from any contracts entered between you and us; and to notify you about changes to our services.

Legitimate Interests – We use information held about you to provide you with information, products and/or services that you request from us or which we feel may interest you if relevant to the products or services currently being supplied as part of a contract with Totally plc, or in relation to a previous contract with Totally plc whereby you are happy to continue to receive such information.

Consent (Direct Marketing) – We use information held about you to provide you with information on products and/or services that you request from us, or which we feel may interest you where you have consented to be contacted for such purposes. Where consent has been provided to Totally plc, it is a recognised right of the Data Subject that this consent can also be withdrawn.

Further Data Protection Guidance for our NHS 111, GP Out Of Hours and Urgent Care services can be found here.

Should you wish to withdraw consent, please email dpo@totallyplc.com, or by writing to – Totally plc, Cardinal Square West, 10 Nottingham Road, Derby, DE1 3QT.

Alternatively, you can call our Data Protection Officer on 020 3866 3330.

 

 

Consent (Website) – to ensure that content from our Website is presented in the most effective manner for you and your device, please read our cookie policy;

We will not share your data with third parties for other marketing purposes unless we have your express consent to do so.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted to this page on our website.

Your rights relating to Personal Data and GDPR

You have the right to ask us to cease processing your personal data for marketing purposes.  We will seek consent (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your data to any third party for such purposes.  You can also exercise your right to prevent such processing by contacting us at dpo@totallyplc.com.

GDPR gives you the right to access information held about you.  Your right of access can be exercised at any time.  Totally plc operates both a Data Subjects Rights procedure and a Subject Access Rights Procedure to ensure that all rights exercised by data subjects relating to personal data are managed appropriately.

From time to time, our website may contain links to and from our strategic partner(s), partner network(s), strategic sponsor(s), advertiser(s), and affiliate(s). If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.

Retention of your information

We take appropriate measures to ensure that any information collected from you is kept secure.  Totally plc holds UKAS accredited certification to ISO 27001:2013 and is subject to both internal and external audits to ensure that information security is upheld.

Totally plc operates a clear Records Management and Retention policy and associated Retention Schedule to ensure personal data is kept only for so long as is necessary for the purpose for which such information is used.

We retain your records in accordance with UK legislation for the specific service provided.

If any of your personal data changes, or if you have any questions about how we use data which relates to you, please contact us by email at dpo@totallyplc.com.  We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.

Disclosure of your information

We may disclose your personal information to any member of our group, which means our subsidiaries, strategic partner(s), or strategic sponsor(s) our ultimate holding company and its subsidiaries as defined in section 1159 of the UK Companies Act 2006.

Further Data Protection Guidance for our NHS 111, GP Out Of Hours and Urgent Care services can be found here.

 

As part of our GDPR compliance obligations, we are duty bound to check when personal data may be shared with third parties to ensure that they apply the same or greater controls in terms of data protection.  The use of non-disclosure agreements form part of our third-party data sharing controls.

We may disclose your personal information to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
  • if we or substantially all of our assets are acquired by a third party, in which case personal data held by it about our customers will be one of the transferred assets; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply other agreements; or
  • to protect the rights, property, or safety of Totally plc, our customers, or others.

Totally plc has risk assessed where personal information may be transferred outside the EEA.  As part of our own due diligence, we have identified that personal data held for and by Totally plc group may reside in the EU.  Totally plc will continue to monitor this for Totally plc group considering any 3rd party provider changes in the future. Should a requirement for data to be transferred outside of the EU in future, Totally plc group will implement controls and safeguards to ensure that equal to or greater data protection measures are enforced, and records retained to evidence this, in line with current UK GDPR regulations.

National Data Opt-Out programme

The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning.

The national data opt-out was introduced to enable patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian.  By 2020 all health and care organisations are required to be compliant with the national data opt-out policy, where confidential patient information is used for research and planning purposes.

Totally plc is not currently engaged in routine activities that involve processing of patients’ data for purposes not involved in their direct care. This statement therefore acts as a backstop in the event that should such processing occur in the future, a mechanism exists to ensure that those patients who wish to opt out will have their wishes respected where this is not already anonymised.

Our ICO registration number is Z3148154.

 

 

 

Totally plc Cookie Policy

This is the internet privacy policy for www.totallyplc.com/www.premierphysicalhealthcare.co.uk/www.optimum-hcs.com/www.abouthealthgroup.com/www.vocare.org.uk/, www.greenbrook.nhs.uk/ and www.totallyhealth.com/ www.totallyhealthcarelimited.com (the “Website”).

This website is the property of Totally plc.  We take the privacy of all visitors to this Website very seriously and therefore set out in this privacy and cookies policy our position regarding certain privacy matters and the use of cookies on this Website.

This policy covers all data that is shared by a visitor with us whether directly via www.totallyplc.com/www.premierphysicalhealthcare.co.uk/www.optimum-hcs.com/,  www.abouthealthgroup.com/www.vocare.org.uk/, www.greenbrook.nhs.uk/ and www.totallyhealth.com/ www.totallyhealthlimited.com or via email.  This policy is occasionally updated by us, so we suggest you re-review from time to time.

This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this Website or via email.

Certain businesses are required under the data protection act to have a Data Protection Officer (DPO).  For the purpose of the Data Protection Act 1998 our Data Protection Officer can be contacted on 020 3866 3330 or emailed at dpo@totallyplc.com.

Information we collect.

In operating our Website, we may collect and process the following data about you:

  • Details of your visits to our Website and the resources that you access including, but not limited to, traffic data, location data, weblog statistics and other communication data.

1.2       Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter or contact us via the contact us page.

1.3       Information provided to us when you communicate with us for any reason.

Use of cookies

On occasion, we may gather information about your computer for our services, and to provide statistical information regarding the use of our Website to our advertisers.

Such information will not identify you personally, it is statistical data about our visitors and their use of our site.  This statistical data does not identify any personal details whatsoever.  It is used by us to analyse how visitors interact with the Website so that we can continue to develop and improve this Website.

We may gather information about your general Internet use by using a cookie file that is downloaded to your computer. Where used, these cookies are downloaded to your computer automatically.  This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the service that we provide to you.

 

 

All computers can decline cookies.  This can be done by activating the setting on your browser which enables you to decline the cookies.  Please note that should you choose to decline cookies; you may be unable to access areas of our Website.

Any advertising featured on this Website may also incorporate cookies, over which we have no control.  Such cookies (if used) would be downloaded once you click on advertisements on our Website.

For more information on cookies, you can read the guidance at All About Cookies.

Please refer also to our Privacy Policy for further information on how we handle your data.

Contacting us

We welcome any queries, comments, or requests you may have regarding this policy please do not hesitate to contact us at dpo@totallyplc.com.

If you would prefer to write to us, then our contact address is:

Data Protection Officer

Totally plc

Cardinal Square West

10 Nottingham Road

Derby

DE1 3QT

Tel: 0203 866 3330

 

This document has been updated: 1 February 2021 to reflect UK GDPR.