The Board of Totally plc recognises the significance of data protection. The purpose of this policy is to protect all personal information controlled or processed by the organisation, and ensure an adequate level of awareness to ensure data protection principles are applied across all areas of operation within Totally plc.
Personal data is identified and managed in accordance with the data protection risk assessment methodology that endorses the acceptable risk levels.
Our Data Protection Policy is achieved by a stringent set of controls, including policies, processes, procedures and software and hardware functions. These controls are monitored, reviewed and improved by the Board to ensure that specific data protection, security and business objectives are met. This is operated in conjunction with other business management processes, and incorporates the applicable statutory, regulatory and contractual requirements.
In particular, Totally plc is committed to compliance with data protection requirements and good practice to include:
Our Data Protection Policy Awareness Program is incorporated in our staff induction and training program. The Data Protection policy is readily accessible internally and presented to existing and prospective clients. In addition to employees; suppliers, contractors and sub-contractors of Totally plc are expected to adhere to our Data Protection Policy.
Totally plc is committed to continual improvement and all employees are empowered to take responsibility for data protection, with a robust process for identifying and reporting data breaches in place and subject to regular review.
Through compliance to applicable statutory, regulatory and contractual requirements, and the requirements of the General Data Protection Regulations (GDPR) for the Protection of Personal Information, Totally plc will demonstrate confidence, integrity and credibility both internally and externally.
Wendy Lawrence
Chief Executive Officer
14th May 2018
Maintaining Data Privacy and Data Protection is a priority for Totally plc (which incorporates About Health, Premier Physical Health Care, Optimum Healthcare Solutions, Totally Health and Vocare Ltd.). This Privacy Policy sets out the legal basis on which any personal data that we collect from you, or that you provide to us, will be processed by us.
Please read this Privacy Policy carefully to understand our views and practices regarding your Personal Data and how we will treat it.
Any questions relating to Data Privacy with Totally plc or this Policy should be sent by email to put dpo@totallyplc.com , or by writing to Totally Plc, Cardinal Square West, 10 Nottingham Road, Derby, DE1 3QT
Alternatively, you can call our Data Protection Officer on 020 3866 6486
What personal Information is held
We may collect and process the following data from you:
If you have provided us with the personal data of another person, there is a clear requirement imposed by Totally plc for you to confirm that he/she consents to the processing of his/her personal data and that you have informed him/her of our identity as a Data Controller and the nature of the processing taking place.
Records will be retained as evidence of this consent.
How will we use the information we hold about you?
We use information held about you in the following ways:
Performance of a contract – We use information held about you to carry out our obligations arising from any contracts entered into between you and us; and to notify you about changes to our services.
Legitimate Interests – We use information held about you to provide you with information, products and/or services that you request from us or which we feel may interest you if relevant to the products or services currently being supplied as part of a contract with Totally plc, or in relation to a previous contract with Totally plc whereby you are happy to continue to receive such information;
Consent (Direct Marketing) – We use information held about you to provide you with information on products and/or services that you request from us, or which we feel may interest you where you have consented to be contacted for such purposes. Where consent has been provided to Totally plc, it is a recognised right of the Data Subject that this consent can also be withdrawn.
Further Data Protection Guidance for our NHS 111, GP Out Of Hours and Urgent Care services can be found here.
Should you wish to withdraw consent, please email dpo@totallyplc.com, or by writing to Totally Plc, Cardinal Square West, 10 Nottingham Road, Derby, DE1 3QT
Alternatively you can call our Data Protection Officer on 020 3866 6486
Consent (Website) – to ensure that content from our Website is presented in the most effective manner for you and your device, please read our cookie policy;
We will not share your data with third parties for other marketing purposes unless we have your express consent to do so.
Changes to our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted to this page on our website
Your rights relating to Personal Data
You have the right to ask us to cease processing your personal data for marketing purposes. We will seek consent (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your data to any third party for such purposes. You can also exercise your right to prevent such processing by contacting us at dpo@totallyplc.com.
GDPR gives you the right to access information held about you. Your right of access can be exercised at any time. Totally plc operates both a Data Subjects Rights procedure and a Subject Access Rights Procedure to ensure that all rights exercised by data subjects relating to personal data are managed appropriately.
From time to time, our website may contain links to and from our strategic partner(s), partner network(s), strategic sponsor(s), advertiser(s) and affiliate(s). If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Retention of your information
We take appropriate measures to ensure that any information collected from you is kept secure. Totally plc holds UKAS accredited certification to ISO 27001:2013, and is subject to both internal and external audits to ensure that information security is upheld.
Totally plc operates a clear Retention policy and associated Retention Schedule to ensure personal data is kept only for so long as is necessary for the purpose for which such information is used.
We retain your records in accordance with UK legislation for the specific service provided
If any of your personal data changes, or if you have any questions about how we use data which relates to you, please contact us by email at dpo@totallyplc.com. We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, strategic partner(s) or strategic sponsor(s) our ultimate holding company and its subsidiaries as defined in section 1159 of the UK Companies Act 2006.
Further Data Protection Guidance for our NHS 111, GP Out Of Hours and Urgent Care services can be found here.
As part of our GDPR compliance obligations, we are duty bound to check when personal data may be shared with third parties to ensure that they apply the same or greater controls in terms of data protection. The use of non-disclosure agreements form part of our third-party data sharing controls.
We may disclose your personal information to third parties
Totally plc has risk assessed where personal information may be transferred outside the EEA. As part of our own due diligence we have identified that personal data held for and by Totally plc resides in the EU. Totally plc will continue to monitor this for Totally plc considering any 3rd party provider changes in the future. Should a requirement for data to be transferred outside of the EU in future, Totally plc will implement controls and safeguards to ensure that equal to or greater data protection measures are enforced and records retained to evidence this.
Privacy notice for COVID-19 response activity – supplementary note, September 2020
This is the internet privacy policy for www.totallyplc.com, www.premierphysicalhealthcare.co.uk, www.optimum-hcs.com, www.abouthealthgroup.com, www.vocare.org.uk and www.totallyhealth.com (the “Website”)
This website is the property of Totally plc. We take the privacy of all visitors to this Website very seriously and therefore set out in this privacy and cookies policy our position regarding certain privacy matters and the use of cookies on this Website.
This policy covers all data that is shared by a visitor with us whether directly via www.totallyplc.com, www.premierphysicalhealthcare.co.uk, www.optimum-hcs.com, www.abouthealthgroup.com, www.vocare.org.uk and www.totallyhealth.com or via email. This policy is occasionally updated by us so we suggest you re-review from time to time.
This policy provides an explanation as to what happens to any personal data that you share with us, or that we collect from you either directly via this Website or via email.
Certain businesses are required under the data protection act to have a Data Protection Officer. For the purpose of the Data Protection Act 1998 our Data Protection Officer can be contacted on 020 3866 6486 or emailed at dpo@totallyplc.com.
In operating our Website we may collect and process the following data about you:
1.1 Details of your visits to our Website and the resources that you access including, but not limited to, traffic data, location data, weblog statistics and other communication data.
1.2 Information that you provide by filling in forms on our Website, such as when you register to receive information such as a newsletter or contact us via the contact us page.
1.3 Information provided to us when you communicate with us for any reason.
Such information will not identify you personally, it is statistical data about our visitors and their use of our site. This statistical data does not identify any personal details whatsoever. It is used by us to analyse how visitors interact with the Website so that we can continue to develop and improve this Website.
We may gather information about your general Internet use by using a cookie file that is downloaded to your computer. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer’s hard drive. They help us to improve our Website and the service that we provide to you.
All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular areas of our Website.
Any advertising featured on this Website may also incorporate cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website.
For more information on cookies you can read the guidance at All About Cookies.
Please refer also to our Privacy Policy for further information on how we handle your data.
If you would prefer to write to us then our contact address is
Totally Plc
Cardinal Square West
10 Nottingham Road
Derby
DE1 3QT
Tel: 0203 866 3330