Website Privacy Notice
The Heath Business and Technical Park
Runcorn
Cheshire
WA7 4QX
Scope of this notice
We take the privacy of our website users seriously. Our privacy notice tells you what to expect when HCRG Care Group collects personal information through its website in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Please click here for our Patient Privacy Notice which provides details of how we collect, use and protect your personal information within our publicly funded health and care service. This provides a list of your rights with regards to your personal information and how you can exercise those rights.
Information leaflets about health and care records are also provided at local service level in addition to this website.
Privacy notices for candidates and employees can be found here.
Definitions
- Personal data: Any information relating to an identifiable individual such as your name, NHS number, contact details. It can also be location data or online identifier.
- Special categories of personal data are defined as: Racial or ethnic origin, politics, religious or philosophical beliefs, trade union membership, genetics, biometrics (where used for identification) information concerning your health, sex life or sexual orientation.
Contacting us through our website, social media or email
When you provide information to us through this website we will store this data and hold it on a computer and/or in hard copy form. We will use this data to provide you with the services for which you have registered with us e.g. to process job applications, to make contact with us and for the purposes described in this statement including, where relevant, marketing, administration, development and improvement of this website.
Where applicable, when you interact with our Facebook and Twitter accounts, any information that you post is generally in the public domain.
Please note that we cannot guarantee the security of your information when you email correspondence with us. We can encrypt messages if you prefer. We operate an email monitoring system to safeguard the security of personal information being transmitted. If your email is “quarantined” it may be reviewed by a member of our privacy team before being released or blocked.
Information we may collect from you and other sources:
Visitors to our website
When you visit our website http://meridianpractice.nhs.uk/ we collect standard internet log information and details of visitor behaviours. This is statistical data only which we collect in order to find out the numbers of visitors to the site and the pages visited. The information is collected in such a way that does not identify individuals and we do not make any attempts to identify visitors this way.
Where we do collect personal information on the site, this will be made obvious to you through the relevant pages.
Web server log files
IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number used by computers on the network to identify your computer. IP addresses are automatically collected by our web servers so that data (such as the web pages you request) can be sent to you.
Web server log files are used to record information about our site, such as system errors. Log files do not contain any personal information or information about other sites which you have visited.
Cookies
Please see our cookie section below.
Social media
Where applicable, when you contact us through social media such as Facebook and Twitter, we hold your information and reason for contact in our social media management portal to enable us to easily access and manage our engagement with you. This may result in us sharing your information with other parties within the HCRG Care Group e.g. individuals involved in your care, managing your complaint etc.
Other contact
In order to provide you with a range of services, we may collect personal information from this website, from telephone responses, from written information sent to us and from other communications. We may for example, keep a record of your name, social media account name, mailing address, email address, telephone number, preferences and any other information you provide to us or is collected by us. We may supplement the information that you provide to us with information that we receive or obtain from other sources.
If you don’t provide this information, we will be unable to interact with you.
Information we may share about you
We may provide information about you (on the understanding that such information will be kept confidential) to employees and agents of HCRG Care Group to administer any accounts, products and services provided to you by HCRG Care Group now or in the future.
As previously noted, we may also share the information you’ve provided to help with the resolution of a compliant or concern.
Otherwise we may disclose information about you to third parties:
- Where we have a duty to do so or if the law permits or requires us to do so; and
- To anyone to whom we transfer or may transfer our rights and duties under our agreement with you.
Legal basis for processing your personal information
We process your information for our legitimate interests of being able to:
- Respond to your enquiries, concerns or compliments,
- Maintain the functionality and usability of our website and other social media outlets.
- Make improvements to our website and the service that we are providing.
Use of Cookies
What is a cookie? A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. This helps us to distinguish you from other visitors to our web site.
The following lists the cookies used on this web site.
Google Analytics
ga this is used to identify unique users to our website and expires after 2 years
_gat this is used by Google to throttle the request rate to the google servers, and expires after 1 minute
_gid this is used to track user behaviour and it expires after 24 hours of inactivity
Cb-enabled this is used to track those who have accepted the cookie banner
Google Maps
google.com PREF, google.com NID
These are used by Google to track how many people use their maps. For more information, please refer to Google’s Privacy notice for more information:
http://www.google.co.uk/intl/en/policies/privacy/faq/#toc-terms-cookie
Authentication
On login, wordpress uses the wordpress_[hash] cookie to store your authentication details wp_set_auth_cookie( $user_id, $remember, $secure )
Use is limited to the admin console area. After login wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you are logged in and who you are, for most interface use, WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual User ID (or UID) from the user database table.
Using the login pages
wp_setcookie($username, $password, $already_md5 = false, $home = ”, $siteurl = ”)
When you log into WordPress from http://example.com/wp-login.php, WordPress stores the following two cookies:
- Your user name
- A double-hashed copy of your password
The cookies are set to expire two weeks from the time they are set.
For more information about WordPress’s cookies, please refer to their Privacy notice which can be found at: https://wordpress.org/about/privacy/cookies
Find out more about cookies: For more information about cookies, including how to view the cookies that have been set and how to manage or delete them, please visit www.allaboutcookies.org
Use of your information outside the European Economic Area
We may need to transfer your personal information to, and store it in, countries outside the European Economic Area which may not protect your personal information as extensively as the United Kingdom. If we do so we will ensure that an agreement is in place with anyone to whom we pass your information to ensure that your data is treated securely and in accordance with this Privacy Notice. By submitting your personal information, you agree to this transfer, storage and processing.
Security
We take the security of your personal data very seriously. Technical and organisational controls have been designed and implemented to protect the personal information that we hold about you. These controls may be:
- Technical measures to secure the information on our websites and other areas where information is hosted to prevent unauthorised access to your personal data.
- Organisational controls such as regular confidentiality and security training, vetting, due diligence and contractual obligations imposed on our trusted providers and persons working under our instruction
However, due to the inherent security risk of providing information and dealing online, we cannot guarantee the security of any data you disclose online. Therefore, you recognise that your use of our website and social media contacts is entirely at your own risk.
Links to other websites
Please be aware that our site may link to other websites which may be accessed through our site. If you follow a link to any of these websites, please note that they will have their own cookies and privacy policies. We do not accept any responsibility or liability for the privacy and security practices of such third party websites and your use of such websites is entirely at your own risk.
Your health and social care information
We will not collect information about your health and care through this website. Each of our health and social services maintains its own Patient Privacy Notice in relation to your health record.
As with all health and social care providers, we are subject to the statutory duty under the Health and Social Care Act 2012 to share information for your direct care.
Contact us / Data Protection Officer
If you have any questions or concerns about the information we hold about you, please do not hesitate to ask at the surgery reception or contact:
Practice Information Governance Lead
Najeeb Waiz
Meridian Practice
City of Coventry Health Centre
Stoney Station Road
Coventry
CV1 4FS
T: 024 7696 1594
Data Protection Officer
Sarah Murray
Head of Information Governance
The Heath Business and Technical Park
Runcorn
Cheshire
WA7 4QX
Email: information.governance@hcrgcaregroup.com
If you are not happy about the way your information is handled, or you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioners Office (ICO).
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
T: 0303 123 1113
Email: casework@ico.org.uk
https://ico.org.uk/global/contact-us/
Changes to our Website Privacy Notice
We will update this privacy notice from time to time to reflect any changes to our ways of working. Please contact our data protection officer if you would like more information.
Last update: March 2019