Data4NHS (“Data4NHS”, “we”, “our”, “us”) is the trading name of Data4Health Limited, offering a range of online services to those working within the NHS.
Data4Health is a company incorporated in England and Wales. Our company number is 10928443 and our registered office is at 101 Park Drive, Milton, Abingdon, England, OX14 4RY. Data4Health Limited is part of the M3 Group of companies.
The M3 Group, named to represent Medicine, Media, and Metamorphosis, was founded with the goal of changing the world of medicine through full use of the power of the Internet. The M3 Group operates in the US, Asia, and Europe with over 2 million physician members globally via its physician websites.
Data Protection compliance
We are committed to ensuring that your privacy and personal data is protected. We comply with the provisions of the General Data Protection Regulation (“GDPR”) and UK Data Protection Act 2018 (“UK DPA”), together with any national implementing laws, regulations and secondary legislation as amended or updated from time to time in the UK, and any successor legislation to the GDPR and the UK DPA (together “Data Protection Legislation”).
Data4NHS collects and hosts data relating to NHS personnel and their functions within the NHS. This data is uploaded to a database maintained by Data4NHS (the “Database”).
Data Protection Registration
For the purposes of data protection laws, we are the ‘controller’ of the personal data we collect about you through and in connection with our operation of Data4NHS. We are registered as a Data Controller through the Information Commissioner’s Office, registration number ZA280337.
Personal data we may collect and process
In running and maintaining our website and services we may collect and process personal data as described below.
Information we collect about you:
We may collect the following information about you when you visit our Website:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform; and
- information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from the Site (including date and time), products you viewed or searched for, page response times, Website errors, length of visits to certain pages, page interaction information, methods used to browse away from the page and any phone number used to call our customer services number.
Information you give us:
You may give us information about you by completing enquiry forms on the Website or by corresponding with us by phone, email or otherwise. The information you give us may include your name, email address, address / location and phone number and includes information you provide to be uploaded to the Database. When you speak with a Data4NHS operative, we may record the conversation to ensure the security of any transaction discussed, to help us to review our quality of service and to assist in the training and development of the employees who take such calls. We will retain this information while we are corresponding with you.
Data4NHS collects information in several ways, some information is gathered when you register on the Website or when contacted by an Data4NHS operative. We may ask for your email address, job title, place of work and professional interests. The more accurate this information is the better user experience you will have as it will allow us to customise your experience.
How we may use your information
We may use the information we receive and/or collect about you to:
- manage our existing and prospective relationships;
- fulfil our obligations under any contract we have entered into with you and to provide you with information, products and services you have requested;
- send you newsletters and marketing information if you have consented to us doing so and have opted in to the Data4NHS e-bulletin service;
- expand the information we hold on our Database, if you have agreed to register as a user of the Database and have opted in to the Data4NHS National Directory Service;
- notify you of other products and services we feel may interest you, or permit third parties to do so if you have consented to and have opted in to the Data4NHS e-bulletin service;
- monitor Website usage and provide statistics to third parties for the purposes of improving and developing the Website and the services we provide via the Website;
- safeguard and defend Data4NHS interests; and
- comply with applicable legal requirements, industry standards and our policies.
Purpose and Lawful basis for processing your personal data
When processing your personal data, the lawful basis we rely upon to offer services to you are:
- Where we have a legitimate interest (i.e., we have a valid business reason) and we have carefully balanced your individual rights against this need:
- To fulfil a contractual obligation that we have with you; and/or
- Your consent.
We will only process your personal data for the purpose it was first collected. If we process the personal data for a new purpose, we will ensure it is either compatible with your original purpose or gain your consent.
We process personal data for certain legitimate business purposes, which include some or all the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve the Website, our services and communications;
- to identify and prevent fraud;
- to enhance the security of our network and information systems;
- to better understand how people interact with our Website;
- administer the Website and carry out data analysis, troubleshooting and testing; and
- to determine the effectiveness of promotional campaigns and advertising.
If we obtain consent from you to do so, we may provide your personal details to third parties so that they can contact you directly in respect of services and/or products in which you may be interested. We never share your details to third parties to enable them to provide you with information regarding unrelated goods or services.
You have the right to withdraw your consent to the processing of your personal data at any time. If you would like to withdraw your consent or prefer not to receive any of the above-mentioned information (or if you only want to receive certain information) from us please let us know by contacting us by emailing us at firstname.lastname@example.org.
Sharing your personal data
Data4NHS does not sell, rent, or trade personal data. We may share your personal data only with:
- members of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006 and listed below to whom it is reasonably necessary or desirable for Data4NHS to disclose the personal data;
- selected third parties including third parties who may wish to contact you in respect of services and/or products they offer or sell which may be of interest to you, provided we receive your consent to such disclosure;
- service providers that Data4NHS has retained to perform services on its behalf, such as, but not limited to, IT service providers. Service providers are not permitted to use the personal data for their own purposes and are prohibited from onward transfer of the personal data without our written consent in each instance;
- prospective buyer or seller if we sell any or all of our business or assets or we buy another business or assets;
- law enforcement agencies where we are legally required by law to disclose your personal data; and/or
- other companies, organisations and/or governmental bodies for the purposes of fraud protection and credit risk reduction and/or to protect our rights, property or safety of our customers or others.
Members of our group include:
- M3 Inc. (Japan)
- M3 Medical Holdings Ltd (UK)
- QQFS (Sweden)
- Vidal Group Holdings Ltd including subsidiaries in France, Germany and Spain
- IQUS Ltd t/a Rotamaster (UK)
- Data4Health Limited t/a Data4NHS (UK)
- One Health Communications Ltd (UK)
- M360 Research (India)
- M3 USA
- M3 (EU) Ltd which includes trading styles:
- net.uk (UK)
- medeConnect (UK)
- M3 Global Research (UK, Sweden and USA)
How Long We Retain Personal Data:
We store personal data for as long as necessary to fulfil the purposes for which we collect the data, except if required otherwise by law.
Third Party Links
The Website may contain links to third party websites, including websites via which you are able to purchase products and services. They are provided for your convenience only and we do not check, endorse, approve or agree with such third party websites nor the products and/or services offered and sold on them. We have no responsibility for the content, products and/or services of the linked websites. You should exercise caution and look at the privacy statement and terms and conditions applicable to the website in question.
Security of Personal Data
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Protecting your security and privacy is important to us and we make every effort to secure your information and maintain your confidentiality in accordance with the terms of the Data Protection Legislation. The Website is protected by various levels of security technology, which are designed to protect your information from any unauthorised or unlawful access, processing, accidental loss, destruction and damage.
The sending of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically. While we aim to protect your personal data, Data4NHS can neither ensure nor warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk.
How We Protect Personal Data
We maintain appropriate technical and organisational security safeguards designed to protect personal data against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure, or use. We update and test our security technology on an ongoing basis. We limit access to your personal data to those employees who need access to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your personal data.
Your rights in respect of your personal data
Your principal rights under data protection law are:
- The right to be informed about the personal data we process on you;
- The right of access to your personal we process on you;
- The right to rectification of your personal data;
- The right to erasure of your personal data in certain circumstances;
- The right to restrict processing of your personal data;
- The right to data portability in respect of any data that has been provided to us directly by you;
- The right to object to the processing of your personal data that was based on legitimate interest; and
- The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have consented to Data4NHS processing your personal data, you have the right to withdraw that consent at any time.
There may be circumstances where Data4NHS will still need to process your data for legal or official reasons. We will inform you if this is the case and we will restrict the data to only what is necessary for meeting those specific reasons.
If any of the information you provide to us changes, please let us know as soon as possible so that we can make the necessary changes to the information we hold for you on our database.
If you do not want us to contact you for marketing purposes, please let us know by clicking the “Unsubscribe” option in any email we send to you and providing the details requested or by contacting us and we will take steps to ensure that this information is updated as soon as reasonably practicable. If you wish to withdraw your consent to your information being included on the Database, please contact us.
If you have any complaints about our use of your personal data, please contact us. You also have the right to raise concerns with the Information Commissioner’s Office if you believe that your data protection rights have not been adhered to on +44 (0)303 123 1113 or at https://ico.org.uk/concerns.