Our Privacy Policy​​

May 2018
This Privacy Policy sets out how Healthcare Improvement Experts Ltd (“HCIE”) uses and protects any Personal Information that Healthcare Improvement Experts Limited hold.

HCIE is committed to ensuring that your privacy is protected. You can be assured that Personal Information we hold about you will only be used in accordance with this Privacy Policy.

The kind of information we hold about you:
Personal Data, or Personal Information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.

What we hold:
We may hold the following information about you:
·       Name, address, email and phone number (via our Outlook Contact system and email circulation lists according to your job role/area of interest – often in Excel Format or via our CRM – operated by Zoho)
·       Other information relevant to perform the contractual obligations and payment mechanisms (i.e. job title, company, financial information including bank account and payment card numbers, information for tax purposes)
·       Information you provide about you or your business (including appointments made with us, staffing availability, etc. This is through our Outlook Calendar system)
·       Transaction Information. When you use our Services to make, accept, request or record payments, we collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment amounts, billing and shipping information and the devices and payment methods used to complete the transactions.  All Point of Sale transactions are made using the Square mobile device
·       Other information relevant to customer surveys and/or offers (i.e. how you’ve engaged with us previously)

How we will use information about you:
We will only use your Personal Information where the law allows us to. Most commonly, we will use your Personal Information in the following circumstances:
·       Where we need to perform the contract we have entered in to with you or your employer
·       Where we need to comply with a legal obligation
·       Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
·       Where we need to protect your interests (or someone else’s interests)
·       Where it is needed in the public interest (or for official purposes)

We may also use your Personal Information in the following situations:
·       Internal record keeping
·       To improve our products and services

Analytics information:
We may directly collect analytics data, or use third-party analytics tools and services, to help us measure traffic and usage trends. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our service.  Any data used for analytics purposes will be anonymised.

Data sharing:
We may have to share your data with third parties, including third-party service providers (e.g. our accounting system, Xero.com or CRM, Zoho). We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your Personal Data outside the EU. If we do, you can expect a similar degree of protection in respect of your Personal Information.

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.  Cloud based systems (One Drive) are used for backup of information. 

Data retention:
We will retain your Personal Information for 6 years or for as long as is necessary in order to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use of disclosure of your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.  In some circumstances we may  anonymise your Personal Information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Rights of access, correction, erasure and restriction:
You may request details of Personal Information which we hold about you commonly known as a “Data Subject Access Request.” If you would like a copy of the information held about you, please email [email protected]

If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

You may request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no good reason for us to continuing processing it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing.

You may object to processing of your Personal Information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Information for direct marketing purposes.

You may request the restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of Personal Information about you if you want us to establish its accuracy or the reason for processing it.

You may request the transfer of your Personal Information to another party. You will not have to pay a fee to access your Personal Information. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.  Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you:
We may need to request specific information from you to help us to confirm your identity and ensure your right to access the information. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.

Right to withdraw consent:
Where you may have provided your consent to the collection, processing and transfer of your Personal Information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time by emailing [email protected]

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.

Legally bound duties:
Where possible and appropriate, we will notify you of any request for disclosure of information by regulators, law enforcement bodies, government agencies, courts or other third parties or others where it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights.

We may periodically send promotional email about new products, special offers or other information which we think you may find interesting using the email address which you have provided.

From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, or mail.

You may choose to restrict the collection or use of your Personal Information if you have previously agreed to us doing so for direct marketing purposes and you may change your mind at any time by emailing us at [email protected]

We will not sell, distribute or lease your Personal Information to third parties unless we have your permission or are required by law. We may use your Personal Information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

HCIE may change this policy from time to time. This policy is effective from 14th May 2018.

Why might we share your personal information with third parties?
We will share your Personal Information with third parties where required by law, where it is necessary to administer the contractual relationship with you or where we have another legitimate interest in doing so.

Which third-party service providers process my personal information?
“Third parties” includes third party service providers including contractors and designated
agents and other entities with our company.

How secure is your information with third-party service providers and other entities in our company?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your Personal Information in line with our policies.
We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.