Privacy Policy
This privacy policy sets out how we collect and use personal information about you
("personal data"), in accordance with:
(i) national implementing laws, regulations and
secondary legislation in the UK, including the Data Protection Act 2018 (which
implemented the UK version of the General Data Protection Regulation (GDPR)
2018); and
(ii) the EU version of the General Data Protection Regulation
(where applicable).
These are referred to, throughout this privacy policy, as the "Data Protection
Legislation".
We wish to be as open and transparent as
possible about how we collect, process and use personal data, so please read this
privacy policy carefully to understand our practices regarding your personal data
and how we will treat it.
By using our website, products and services
and/or otherwise providing us with personal data you agree that this privacy policy
will apply to you.
Please note that we may change this privacy policy by updating these pages so do
check back from time to time for the most current version. This privacy policy was
last updated on 02/02/2023.
Contents
- About us
- Our legal grounds for processing your Personal Data
- Your individual rights
- Information Collection, Use and Storage
- Sharing personal information
- Marketing
- Contacting you
- How to contact us
- How to contact the appropriate authority
- About us
- Blue Zinc IT Ltd (“we”, “us”, “our” and “ours”) is a provider of clinic, patient
and referral management systems and services in the healthcare sector. We are
registered in England and Wales under company number NI043881 and our registered
office is at Unit 4c Dill House, Castlereagh Business Park, 478 Castlereagh Road,
Belfast, BT5 6BQ. We are a member of the ClearCourse Partnership LLP group of
companies.
- For the purpose of the Data Protection Legislation and this privacy policy, when:
- we have a direct contract with you for our products and services or where
you provide your personal data directly to us (in circumstances where we are
not acting on behalf of someone else) for example, through use of our website,
we will normally be considered to be a “data controller”. This means that we
are responsible for deciding how we hold and use personal information about
you.
- where we have a contract with someone else instead of directly with you,
for example a contract under which we provide that business with our products
and services and, in connection with that contract, they provide us with your
personal data (typically this will be a contract with another business - perhaps
your employer, a membership organisation or another company which is providing
our products or services to you or using them to deliver their products and
services to you), we will normally be considered to be a “data processor”. In
these circumstances, the other business will be the “data controller” and it
will be responsible for deciding how we hold and use personal data about you.
Our use of your personal data is governed by the terms of that contract.
- Regardless of whether we are a data controller or a data processor, we take your
privacy very seriously. We have appointed a person who is specifically responsible
for assisting with any enquiries you may have in relation to this privacy policy or
our treatment of your personal data. Their contact details are set out in section 8
of this privacy policy.
- We have also, for the purposes of Article 27 of the EU GDPR, appointed an EU
Representative. Their contact details are set out in section 8 of this privacy policy.
- Our legal grounds for processing your Personal Data
- Where we are acting as a data controller:
- we may process your personal data to enable us to comply with any instructions
you give to us or any obligations we owe to you including enabling us to perform
a contract with you or to comply with our legal obligations.
- we may also process your personal data for the purposes of our own legitimate
interests (provided that those interests do not override any of your own
interests, rights and freedoms which require the protection of personal data).
This includes processing for statistical, management and business
development purposes, for example seeking your thoughts and opinions on the
services we provide to you and notifying you about any changes to our products
and services. It may also include processing for marketing purposes, such as
providing you with information related to any our products or services which we
think may interest you (subject to your rights set out in section 3).
- we may also process your personal data for other purposes but (unless this is
in circumstances where the reason for doing so is compatible with the original
purpose or we have other lawful grounds for doing so) this will usually only
happen where we have obtained your specific consent. If that is the case, then
you also have the right to withdraw your consent, which you can do by contacting
us in writing at the address set out in section 8.
- Please note that we may process your personal data for more than one lawful
ground depending on the specific purpose for which we are using your data.
- Where we are acting as a data processor:
- the business that has provided your personal information to us is itself
responsible for ensuring that it has lawful grounds to do so and for providing
us with instructions as to the specific types of personal data we are permitted
to process; and
- the ground(s) upon which that business is entitled to process your personal
data is determined by them not us (and may vary from organisation to
organisation); and
- unless Data Protection Legislation requires or permits otherwise, we will
process that personal data only in accordance with their instructions and
for the purposes of enabling us to perform our obligations under our contract
with them.
- Your individual rights
Access to information
- We want to make sure that you are fully aware of your data protection rights.
These are set out in summary form in sections 3.5 - 3.13 below and apply to us
in our role as a data controller. You can also obtain more detailed information
about your rights under the Data Protection Legislation from the Information
Commissioner’s office by clicking on this link - www.ico.org.uk.
Our contact details for the purposes of requesting access to your personal data
or exercising any of your other data protection rights are in section 8.
- Please note that, in order to comply with any request, we may first require
you to verify your identity and we will normally fulfil any request by sending
information electronically, unless the request expressly specifies a different
method. We will not charge a fee for responding to your request, other than
in circumstances where you make a request which is manifestly unfounded or
excessive or you request further copies of information which we have already
provided to you. In that case, we are entitled to charge a reasonable
administrative fee.
- Please also note that, where we are acting as a data processor, we will not
be responsible for answering your request ourselves but will pass it onto the
business organisation that provided us with your personal data (in their role
as data controller) so that they may then determine how best to respond to it.
Timescales for responding
- If you make a request of us (in our role as a data controller), we will
normally have one month to respond to you. If we need something from you to
be able to deal with your request (e.g. an ID document), the time limit will
begin once we have received this. This time limit may also be extended in
certain circumstances so, if there is any reason why our response to you might
take longer than a month, we will let you know.
Summary of your rights
- Withdrawal of consent - where our legal ground for processing your personal
data is based upon you having given us your consent to do so, you have the right,
at any time, to withdraw that consent (please see section 2.1.3 above). Please
note that this will not affect the lawfulness of any processing carried out
before you withdraw your consent.
- Right to be informed – you are entitled to be provided with information about
certain matters relating to the processing of your personal data and for that
information to be provided within certain timescales. This privacy policy already
provides you with much of that information.
- Right of access - you have the right to obtain:
- confirmation that your personal data is being processed;
- access to your personal data.
- Right to rectification - you are entitled to have your personal data rectified
if it is inaccurate or incomplete.
- Right to erasure – (sometimes referred to as ‘the right to be forgotten’). The
broad principle underpinning this right is to enable you to request the deletion
or removal of your personal data whether there is no compelling reason for its
continued processing.
- Right to restrict processing - you are entitled to restrict the processing of
your personal data if:
- you are contesting the accuracy of the personal data (until the accuracy
has been verified);
- you object to the processing, in circumstances where the processing was
necessary for the performance of a public interest task or on the grounds of
our or someone else’s legitimate interests (whilst we consider whether those
legitimate grounds override your interests).
- the processing is unlawful but you have decided not to have it erased but
requested restriction instead.
- if we no longer need the personal data but still have it and you require
it to establish, exercise or defend a legal claim.
- Right to data portability – in certain limited circumstances, you are able to
obtain and reuse your personal data for your own purposes across different
services by being allowed to move, copy or transfer personal data easily from
one IT environment to another.
- Right to object - you are entitled to object to:
- processing based on legitimate interests or the performance of a task in
the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics.
- Rights relating to automated decision-making and profiling - these rights
don’t apply to all circumstances but, where they do apply, they effectively
provide you with safeguards against the risk that a potentially damaging
decision is taken solely using or supported by automated means, without human
intervention.
- Information Collection, Use and Storage
Information collection
- If you contact us, we will keep a record of that correspondence.
- We may also collect and process personal data that you provide by filling in
forms or making requests for information on our website. This includes information
provided at the time of registering to use our website, requesting information
from us or subscribing to any of our services. It also includes material
contributed through any interactive service, including information that you (or
someone authorised by you on your behalf) input into our products and services.
Please also note that it is your responsibility (irrespective of whether
you are acting as an individual or a business user of our products and services)
to always ensure that (i) when you provide us with any personal data relating to
any third party, that third party has given their prior consent (or you have other
lawful grounds) to enable you to do so; [and (ii) you must not, when using the
products and services, provide or input any of the following kinds of information
– illegal in any way (including, but not limited to defamatory, racist or sectarian
information or data), personal data that would be considered to be a “special
category” of personal data under the Data Protection Legislation such as data
revealing racial or ethnic origin, political opinions; religious or philosophical
beliefs or trade union membership, or genetic data or biometric data, or data
concerning a person’s sex life or a person’s sexual orientation.
Any
personally identifiable information you elect to make publicly available on our
website (e.g. posting comments on a blog page, if that type of facility is
available for your use) will be visible to others.
- As mentioned previously, we may (in our role as a data processor) be provided
with information about you from another business or collect information about
you or from you on their behalf.
- It is important that the personal information we hold about you is as accurate
and up to date as possible so, should your personal information change, please
notify us of that change, in writing, as soon as possible.
- Please note that personal data which has been anonymised or changed in such
a way that it can no longer be associated with you will usually lose its status
as “personal data”. If that happens, the data will not be covered by this privacy
policy and we may use it for any purpose.
Use of Cookies, web/analytics tools and links to other Websites
- When you visit our website, we may collect information from you automatically
through cookies or other similar technology. Cookies are small text files that may
be placed on your computer when you visit a website or click on a URL. Cookies
(and other similar technologies) may collect your IP address, support security and
authentication services, gather information from visitors to websites such as pages
visited and how often they are visited and also enable certain features on the
website. Cookies may include “single-session cookies” which generally record
information during only a single visit to our website and then are erased, and
“persistent” cookies, which are generally stored on your computer or other device
unless or until they are deleted or are set to expire. We may use our own cookies
or third party cookies.
- We may also use various web/analytics tools to understand how our website is
being used in order to improve user experience (such as web beacons, which are a
technique delivered through a web browser or in an email, to unobtrusively – an
usually invisibly - check that a user has accessed some content and/or track the
journey of the user navigating through the website or a series of websites) as well
as tools to provide us with statistics relating to the use of our website and those
which show you advertisements for our products and services which we think may be
of interest to you as you browse other websites.
- Please see our cookie policy – here - for
further information about the types of cookies and other similar technology we use,
what your options are in respect of each type, and the impact of exercising those
options.
More information about what cookies are and how to delete or block
them can be found here:
https://ico.org.uk/your-data-matters/online/cookies
(please note that,
because the management of cookies differs as between different browsers, you should
consult the documentation of your own browser in order to manage your cookies).
Please also note that if you delete or block cookies which are necessary to
enable our website to carry out certain functions, this may cause you to be unable
to use all or part of our website and/or services.
- Our website may also contain links to other websites of interest. However, once
you have used these links to leave our site, you should note that we do not have
any control over that other website. Therefore, please note that we do not accept
any responsibility for the protection and privacy of any information which you
provide whilst visiting such sites and such sites are not governed by our privacy
policy. Always exercise caution and check the privacy statement applicable to the
website in question.
The types of information we hold about you The types of information we hold
about you
- When we are acting as a data controller, the information we hold about you may
include the following:
- your personal details (such as your name, address, email address, landline
and/or mobile phone number(s));
- details of any contact we have had with you (for example, when you make an
enquiry of us or we provide you with a quote for our products or services);
- details of any products or services provided to you, as well as any associated
payment-related information;
- IP addresses, tracking and/or other cookie data (please see our cookies policy);
- any information you input into our products and services;
- any communications (including, but not limited to, emails, phone calls and
‘live chats’) relating to support tickets or complaints;
- any third parties you work with, including referrers.
- When we are acting as a data processor, the information we hold may include
the following:
- your business contact details and/or the business contact details of your
customers or other end users (such as name, job title, address, email address,
landline and/or mobile phone number(s));
- details of any contact we have had with you (for example, when you make an
enquiry of us or we provide you with a quote for our products or services);
- details of any products or services provided to you, as well as any associated
payment-related information;
- all of the various types of personal data which (irrespective of whether you
are acting as a data controller or a data processor) you have expressly or
implicitly (taking into account the nature of the products and services we
are providing to you) authorised us to process under any contract between you
and us;
- IP addresses, tracking and/or other cookie data;
- any information you input into our products and services.
- Depending upon the product or service purchased, we may also hold the following
types of information – health data (for users of our products and services).
- We also collect, store and process data which may not be directly about you but
relates to your use of our products and services. We typically use this for
statistical, research, business and product development purposes.
How long do we hold personal data for?
- Where we are acting as a data controller, we will only retain your personal data
for as long as is necessary to fulfil the purposes for which it is collected.
Normally this will result in personal data being deleted from our systems no later
than 12 months from the date it was last processed (other than to the extent that
we need to retain it for the purposes of complying with our legal or contractual
obligations including those relating to our statutory and regulatory obligations
and our financial, business and tax affairs ).
- In assessing whether any longer retention period is appropriate for your personal
data, we take into consideration:
- the purposes for which we originally collected the personal data;
- the lawful grounds on which we based our processing;
- the type of personal data we have collected;
- the amount and categories of your personal data; and
- whether the purpose of the processing could reasonably be fulfilled by
other means.
- Where we are acting as a data processor, we will retain personal data for the
period agreed in our contract with the business that engaged us for that purpose
(unless otherwise required or permitted by the Data Protection Legislation).
- Please note that, if you or we terminate any service we provide to you, then
(irrespective of whether we are acting as a data controller or a data processor) we
do not accept any obligation to retain any or all of the personal data provided to
us in connection with or processed by that service and we may delete it from our
systems at any time.
Storage and Security
- Information (including personal data) collected through our website and services
may be stored and processed in the UK, Europe, the United States, or any other
country in which we or our subsidiaries, group companies, affiliates or service
providers maintain facilities.
- Regardless of where data is stored and processed, we are committed to taking all
reasonable steps to ensure that your personal data is secure. In order to prevent
unauthorised access or disclosure, we put in place suitable technological, physical,
electronic and managerial procedures to safeguard and secure all personal data stored
and processed by us. We also ensure that any subcontractor or other service provider
which we engage to support our business activities or help deliver our products and
services and which has access to your personal data, commits to us, in writing, to
do the same.
- If we transfer your personal data to any country outside of the UK for processing,
please be assured that we will only do so in compliance with the Data Protection
Legislation.
- Sharing personal information
- Where we are acting as a data processor, we will share your personal data with the
business that provided your personal data to us (or authorised us to collect that
data on their behalf) in the manner and to the extent set out in the contract between
them and us. That business may be the data controller of your personal data or it
may be another data processor interposed between the data controller and us.
- Regardless of whether we are acting as a data processor or a data controller, we
may need to share your personal data from time to time with other organisations,
typically those which provide services to us in support of our business activities
and/or delivery of the products and services which we provide to you. This may include
third parties such as technology service providers, third party subcontractors,
payment service providers and businesses that help us manage our customer relationships
and marketing activities. If this is the case, we will do in accordance with the
protections that are afforded to you under the Data Protection Legislation and we wil
always ensure that we have a written contract in place with them before we allow them
access to your personal data or provide your personal data to them.
- We may also share your personal data with other members of our group of companies
for financial, management or administrative purposes.
- We may share your personal data with third parties to whom we may choose to sell,
transfer or merge parts of our business or our assets. If this kind of change happens
then (unless they are legally entitled to do otherwise or you agree something different
with them) the new owners of that business or assets may use your personal data in the
same way as set out in this privacy policy. Alternatively, we may seek to acquire
other businesses or merge with them. If this kind of change happens then (unless we are
legally entitled to do otherwise or you agree something different with us) we may use
the personal data that you provided to them in the same way as set out in their privacy
policy.
- Other than as set out above, we do not rent, sell or distribute your personally
identifiable information to third parties unless we have your permission or are required
or permitted by law to do so.
- Marketing
- We would like to send you information about our products and services from time to
time as well as announcements, articles and press releases that we think you might like
(including those of our group companies).
- We may engage marketing companies to help us do this and we may use our (and their)
software tools to help us track your engagement with us and monitor our marketing
campaigns.
- In some circumstances we may have a legal right to send you marketing material, in
others you may have given us your consent to do so. Either way, you always have the
right, at any time, to stop us from contacting you for marketing purposes or to stop
us passing your personal data to third parties for marketing purposes (assuming you have
previously given your consent to us to that). You can do this by opting out from our
marketing emails at any time by clicking on ‘unsubscribe’ or by simply contacting us
(see section 8) in writing.
- Contacting you
- If we wish to contact you we may do so by phone, email, text, fax or post.
- If you have notified us of a preferred method of communication, we will always try to
comply with that. Please let us know if we don’t so that we can then check and, where
necessary, update our records.
- How to contact us
UK and non-EEA enquiries
- If you are based in the UK or outside of the EEA and have any questions about our
privacy policy, the data we hold about you, or you would like to exercise one of your
data protection rights (including opting out of marketing communications), please do
not hesitate to contact us.
Email us at: dpo@blue-zinc.com
Write to us at: Data Protection Officer, Blue Zinc IT Ltd, Unit 4c, Dill House,
Castlereagh Business Park, 478 Castlereagh Road, Belfast, BT5 6BQ
EEA enquiries
- As a result of the UK leaving the EU, there are circumstances where the EU GDPR
requires us to have an EU Representative to act as a point of contact to:
- facilitate the exercise of data subjects’ rights within the EEA; and
- co-operate with the competent supervisory authorities in respect of any action,
investigation or claim under the EU GDPR.
- To that end, we have appointed an EU Representative, which is Portrilio Solutions,
part of Trillium Limited, which is a member of the ClearCourse Partnership LLP group
of companies. If you wish to contact them (instead of us directly) they can be contacted
as follows:
Email us at: euprivacy@clearcoursellp.com
Call us: +351 21 122 6881
Write to us at: Portrilio
Solutions, Rua Julio Dinis, Centro Empresarial Sala 402, n561, 4 4050-460 Porto
- We always work hard to treat our customers fairly and hope that you will not experience
any reason to make a complaint about the way in which we have collected, stored or
processed any of your personal data. However, if you do wish to make a complaint please
always contact us, in the first instance, and we will endeavour to resolve the matter as
quickly as we can.
- How to contact the appropriate authority
UK and non-EEA enquiries:
- If you are based in the UK or outside of the EEA and wish to report a complaint or if
you feel that we have not addressed a concern that you may have about our data processing
activities in a satisfactory manner, you may contact the Information Commissioner’s
Office.
Email: https://ico.org.uk/global/contact-us
Phone number: 03031231113
EEA enquiries:
- If you are based within the EEA and wish to report a complaint or if you feel that we
have not addressed a concern that you may have about our data processing activities in a
satisfactory manner, you may contact your local Supervisory Authority (who may then
contact our EU Representative).