UK GDPR came into force on 31st December 2020 with an Act of Parliament. This means that in the UK we now have UK GDPR. Therefore, Totally plc group as a healthcare provider organisation has considered making changes to reflect this in their policies.
Totally plc group does not trade outside of the UK.
The Board of Totally plc group recognises the significance of data protection. The purpose of this policy is to protect all personal information controlled or processed by the organisation and ensure an adequate level of awareness to ensure data protection principles are applied across all areas of operation within Totally plc group.
Personal data is identified and managed in accordance with the data protection risk assessment methodology that endorses the acceptable risk levels.
Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions. These controls are monitored, reviewed, and improved by the Board to ensure that specific data protection, security and business objectives are met. This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory, and contractual requirements.
Totally plc is committed to comply with data protection and the general data protection regulation requirements and good practice. These include:
Our Data Protection Policy and Data Awareness Program is incorporated in our staff induction and training program. The Data Protection policy is readily accessible internally and presented to existing and prospective clients upon request. In addition to employees, suppliers, contractors, and sub-contractors of Totally plc are expected to adhere to our Data Protection Policy.
Totally plc is committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.
Through compliance of applicable statutory, regulatory, and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Totally plc will demonstrate confidence, integrity, and credibility both internally and externally.
Wendy Lawrence
Chief Executive Officer
1 February 2021
Maintaining Data Privacy and Data Protection is a priority for Totally plc (which incorporates the following group subsidiaries; About Health Limited, Premier Physical Healthcare Limited, Optimum Sports Performance Centre Limited, Totally Health Limited, Vocare Limited, Greenbrook Healthcare Limited, and Totally Healthcare Limited). This Privacy Policy sets out the legal basis on which any personal data that we collect from you, or that you provide to us, will be processed by us.
Please read this Privacy Policy carefully to understand our views and practices regarding your Personal Data and how we will treat it.
Any questions relating to Data Privacy with Totally plc or this Policy should be sent by email to dpo@totallyplc.com , or by writing to Totally plc, Cardinal Square West, 10 Nottingham Road, Derby, DE1 3QT.
Alternatively, you can call our Data Protection Officer on 020 3866 3330.
What personal Information is held?
We may collect and process the following data from you:
Note: Clear consent information is supplied at point of collection to provide information on the use of data; and a record of the consent is taken at point of collection.
If you have provided us with the personal data of another person, there is a clear requirement imposed by Totally plc for you to confirm that he/she consents to the processing of his/her personal data and that you have informed him/her of our identity as a Data Controller and the nature of the processing taking place.
Records will be retained as evidence of this consent.
How will we use the information we hold about you?
We use information held about you in the following ways:
Performance of a contract – We use information held about you to carry out our obligations arising from any contracts entered between you and us; and to notify you about changes to our services.
Legitimate Interests – We use information held about you to provide you with information, products and/or services that you request from us or which we feel may interest you if relevant to the products or services currently being supplied as part of a contract with Totally plc, or in relation to a previous contract with Totally plc whereby you are happy to continue to receive such information.
Consent (Direct Marketing) – We use information held about you to provide you with information on products and/or services that you request from us, or which we feel may interest you where you have consented to be contacted for such purposes. Where consent has been provided to Totally plc, it is a recognised right of the Data Subject that this consent can also be withdrawn.
Further Data Protection Guidance for our NHS 111, GP Out Of Hours and Urgent Care services can be found here.
Should you wish to withdraw consent, please email dpo@totallyplc.com, or by writing to – Totally plc, Cardinal Square West, 10 Nottingham Road, Derby, DE1 3QT.
Alternatively, you can call our Data Protection Officer on 020 3866 3330.
Consent (Website) – to ensure that content from our Website is presented in the most effective manner for you and your device, please read our cookie policy;
We will not share your data with third parties for other marketing purposes unless we have your express consent to do so.
Changes to our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted to this page on our website.
Your rights relating to Personal Data and GDPR
You have the right to ask us to cease processing your personal data for marketing purposes. We will seek consent (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your data to any third party for such purposes. You can also exercise your right to prevent such processing by contacting us at dpo@totallyplc.com.
GDPR gives you the right to access information held about you. Your right of access can be exercised at any time. Totally plc operates both a Data Subjects Rights procedure and a Subject Access Rights Procedure to ensure that all rights exercised by data subjects relating to personal data are managed appropriately.
From time to time, our website may contain links to and from our strategic partner(s), partner network(s), strategic sponsor(s), advertiser(s), and affiliate(s). If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Retention of your information
We take appropriate measures to ensure that any information collected from you is kept secure. Totally plc holds UKAS accredited certification to ISO 27001:2013 and is subject to both internal and external audits to ensure that information security is upheld.
Totally plc operates a clear Records Management and Retention policy and associated Retention Schedule to ensure personal data is kept only for so long as is necessary for the purpose for which such information is used.
We retain your records in accordance with UK legislation for the specific service provided.
If any of your personal data changes, or if you have any questions about how we use data which relates to you, please contact us by email at dpo@totallyplc.com. We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, strategic partner(s), or strategic sponsor(s) our ultimate holding company and its subsidiaries as defined in section 1159 of the UK Companies Act 2006.
Further Data Protection Guidance for our NHS 111, GP Out Of Hours and Urgent Care services can be found here.
As part of our GDPR compliance obligations, we are duty bound to check when personal data may be shared with third parties to ensure that they apply the same or greater controls in terms of data protection. The use of non-disclosure agreements form part of our third-party data sharing controls.
We may disclose your personal information to third parties:
Totally plc has risk assessed where personal information may be transferred outside the EEA. As part of our own due diligence, we have identified that personal data held for and by Totally plc group may reside in the EU. Totally plc will continue to monitor this for Totally plc group considering any 3rd party provider changes in the future. Should a requirement for data to be transferred outside of the EU in future, Totally plc group will implement controls and safeguards to ensure that equal to or greater data protection measures are enforced, and records retained to evidence this, in line with current UK GDPR regulations.
National Data Opt-Out programme
The national data opt-out is a service that allows patients to opt out of their confidential patient information being used for research and planning.
The national data opt-out was introduced to enable patients to opt out from the use of their data for research or planning purposes, in line with the recommendations of the National Data Guardian. By 2020 all health and care organisations are required to be compliant with the national data opt-out policy, where confidential patient information is used for research and planning purposes.
Totally plc is not currently engaged in routine activities that involve processing of patients’ data for purposes not involved in their direct care. This statement therefore acts as a backstop in the event that should such processing occur in the future, a mechanism exists to ensure that those patients who wish to opt out will have their wishes respected where this is not already anonymised.
Our ICO registration number is Z3148154.
Department of Health and Social Care – August 2021
Notice under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002
This is the internet privacy policy for www.totallyplc.com/, www.premierphysicalhealthcare.co.uk/, www.optimum-hcs.com/, www.abouthealthgroup.com/, www.vocare.org.uk/, www.greenbrook.nhs.uk/ and www.totallyhealth.com/ www.totallyhealthcarelimited.com (the “Website”).
This website is the property of Totally plc. We take the privacy of all visitors to this Website very seriously and therefore set out in this privacy and cookies policy our position regarding certain privacy matters and the use of cookies on this Website.
This policy covers all data that is shared by a visitor with us whether directly via www.totallyplc.com/, www.premierphysicalhealthcare.co.uk/, www.optimum-hcs.com/, www.abouthealthgroup.com/, www.vocare.org.uk/, www.greenbrook.nhs.uk/ and www.totallyhealth.com/ www.totallyhealthlimited.com or via email. This policy is occasionally updated by us, so we suggest you re-review from time to time.
This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this Website or via email.
Certain businesses are required under the data protection act to have a Data Protection Officer (DPO). For the purpose of the Data Protection Act 1998 our Data Protection Officer can be contacted on 020 3866 3330 or emailed at dpo@totallyplc.com.
Information we collect.
In operating our Website, we may collect and process the following data about you:
1.2 Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter or contact us via the contact us page.
1.3 Information provided to us when you communicate with us for any reason.
Use of cookies
On occasion, we may gather information about your computer for our services, and to provide statistical information regarding the use of our Website to our advertisers.
Such information will not identify you personally, it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. It is used by us to analyse how visitors interact with the Website so that we can continue to develop and improve this Website.
We may gather information about your general Internet use by using a cookie file that is downloaded to your computer. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the service that we provide to you.
All computers can decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies; you may be unable to access areas of our Website.
Any advertising featured on this Website may also incorporate cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website.
For more information on cookies, you can read the guidance at All About Cookies.
Please refer also to our Privacy Policy for further information on how we handle your data.
Contacting us
We welcome any queries, comments, or requests you may have regarding this policy please do not hesitate to contact us at dpo@totallyplc.com.
If you would prefer to write to us, then our contact address is:
Data Protection Officer
Totally plc
Cardinal Square West
10 Nottingham Road
Derby
DE1 3QT
This document has been updated: 1 February 2021 to reflect UK GDPR.
