Under certain circumstances, you have rights under data protection laws in relation to any personal information that we hold about you.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you wish to exercise any of the rights set out below, please contact the DPO using the contact details set out below.
Details of your rights are set out below.
The right to access your personal information
You are usually entitled to a copy of the personal information we hold about you and details about how we use it.
Your information will usually be provided to you in writing, unless otherwise requested. If you have made the request electronically (e.g. by email) the information will be provided to you by electronic means where possible.
You are entitled to the following under data protection law.
Under data protection law we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you:
- The purposes for which we use your personal information.
- The types of personal information we hold about you.
- Who your personal information has been or will be shared with, including in particular organisations based outside the EEA.
- If your personal information leaves the EU, how we make sure that it is protected.
- Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for.
- If the personal data we hold about you was not provided by you, details of the source of the information.
- Whether we make any decisions about you solely by computer and if so details of how those decision are made and the impact they may have on you.
- Your right to ask us to amend or delete your personal information.
- Your right to ask us to restrict how your personal information is used or to object to our use of your personal information.
- Your right to complain to the Information Commissioner's Office.
We also need to provide you with a copy of your personal information.
If you are a patient of BMI Healthcare and you wish to request details of or a copy of your medical records, please contact the hospital at which you have received the care and treatment. For all other requests for any personal information we may hold (such as employment records, if you are an ex-employee) please direct your request to the Data Protection Officer, using the contact details below.
The right to request correction of your personal information
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
The right to request erasure of your personal information
In some circumstances, you have the right to request the erasure of the personal information that we hold about you. This is also known as the 'right to be forgotten'. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to object to the processing of your personal information
In some circumstances, you have the right to object to the processing of your personal information. However, there are exceptions to this right and we do not have to "pause" the processing of your information where, in particular, if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to request a transfer of your personal information
In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.
The right to object to marketing
As detailed in the 'marketing' section above, you can ask us to stop sending you marketing messages at any time and we must comply with your request. You can do this by contacting the DPO.
The right not to be subject to automatic decisions (i.e. decisions that are made about you by computer alone)
You have a right to not be subject to automatic decisions (i.e. decisions that are made about you by computer alone) that have a legal or other significant effect on you.
The right to withdraw your consent
You have the right to withdraw your consent where we rely upon this as a legal ground for processing your information. You can do this by contacting our DPO.
The right to complain to the Information Commissioner's Office
You have the right to complain to the Information Commissioner's Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations under data protection law.
More information can be found on the Information Commissioner's Office website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.