Greater Lancashire Hospital is committed to ensuring the privacy and confidentiality of your personal information.
It applies to information we collect about:
- visitors to our websites
- visitors who submit a general enquiry via our contact page or who correspond with us phone, email or otherwise
- those who use our services, e.g. who subscribe to our newsletter or request a publication from us
job applicants and our current and former employees
- those who send a written complaint or enquiry to our Information Governance Manager
- those who participate in a survey posted on a Bespoke website
- those who participate in a competition posted on a Bespoke website
We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
Bespoke is registered with the Information Commissioner’s Office as a Data Controller and our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
Visitors to our website
Bespoke collects data on visitors to its websites including usage and behaviour patterns. This is purely to review the number of visits to each part of the website and how the user accessed the website. Information collected includes:
- date and time of visit
- pages accessed
- browser or mobile platform used to access the website
- source used to find and access the website (i.e. Google Search Engine)
- location of the visitor (town level only)
- search queries from external and internal search engines
- page interaction information
- technical information, including the Internet protocol (IP) address used to connect your computer to the internet, browser type and version, operating system and platform
When you use our website (or any other owned and operated by Greater Lancashire Hospital) we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
We may collect your personal information if you choose to provide this to us via an online form or by email. Examples are where you:
- submit a general enquiry via our contacts page;
- register to receive email Newsletters; or
- make a general enquiry via the telephone displayed on the website
- send a written complaint or enquiry to our Information Governance Manager.
When we receive a complaint, we record all the information you have given to us.
We use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
Use and disclosure
When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to meet the purpose for which it was given. This includes; responding to your enquiries, delivering electronic Newsletters or improving the website.
We record your request and our reply in order to increase the efficiency of our business.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.
Bespoke may share your personal information with any member of our group, including any of its subsidiaries, Bespoke’s holding company and its subsidiaries. Bespoke may also share your information with analytics and search engine providers in order to assist us in improving and optimising our site.
We will not use or disclose personal information to other organisations or anyone else unless:
- consent has been given for us to do so;
- you would reasonably expect, or we have told you that your information is usually used or disclosed to other organisations or persons in this way;
- the use or disclosure is required or authorised by law; or
- the disclosure is reasonably necessary for law enforcement functions or for the protection of public revenue.
If we receive your email address because you sent us an email message, the email will only be used or disclosed for the purpose for which you have provided it and we will not add your email address to an emailing list or disclose this to anyone else without your consent.
If we collect your personal information from our website, we will maintain and update your information as necessary or when you advise us that your personal information has changed.
Bespoke is committed to protecting the security of your personal information. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information. Although the transmission of information via the internet is not completely secure and we cannot guarantee the security of your personal information, we will take all reasonable steps to protect your information from loss, misuse or alteration.
If you choose to complete our online forms or make enquiries via our website, we will ensure that your contact details are stored on password protected databases.
Staff members associated with website maintenance have access to our website’s administration system. This is password protected. Our website service is also password protected.
Access, correction and deletion of personal information
At any time, you may review or update personally identifiable information that we hold about you. To find out if we hold any of your personal information send a request to;
Information Governance Manager
Bespoke Healthcare Holdings
5A Millennium City Office Park
If any information is held about you, we will:
- give you a description of the personal data for which you are the data subject;
- the purposes for which they are being held;
- the recipients or classes of recipients to whom they are or may be disclosed;
- let you have a copy of your data in an intelligible form; and
- tell you whether we require a fee for providing it to you.
If we do hold your data and they are wrong, or if you wish us to delete personally identifiable information held about you, please request this through the contact details above.
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
Links to other websites
We may create links to third party websites. We are not responsible for the content or privacy practices employed by those responsible for any third party websites we are linked to.
Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either Bespoke or any third party.
In the interests of training and continually improving our services calls to Bespoke Hospitals may be monitored or recorded. Private calls to and from patients in our hospitals are not recorded.
Any email sent to us, including any attachments, may be monitored and blocked if the email you send to us is potentially a threat to our information systems or illegal.
We will only send you marketing information where you have agreed to receive it. You can stop us from contacting you for marketing purposes by clicking on the ‘unsubscribe’ link embedded within the email that has been sent to you. Doing so will remove your data from our contacts list automatically.
When individuals apply to work at Bespoke, we will only use the information they supply to us to process their applications and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure Barring Service (DBS) previously known as the Criminal Records Bureau (CRB) we will not do so without informing applicants beforehand unless the disclosure is required by law.
If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for a maximum of 6 years before destroying or deleting it.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
How you can complain
If a dispute is not settled, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns/
Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
- to provide you with the services you have requested;
- to comply with other law, including for the period demanded by our tax authorities;
- to support a claim or defence in court.
Compliance with the law
However, ultimately it is your choice as to whether you wish to use our website.
We may update this privacy notice from time to time as necessary. The terms that apply to you are those posted here on our website on the day you use our website. We advise you to print a copy for your records.
If you have any concerns, please contact firstname.lastname@example.org
We have CCTV installed across our GLH premises for the purposes of public and staff safety and crime prevention and detection. The recordings are classed as personal data but do not form part of any health or staff record.
Images are held for a period of 31 days, or longer if required for any investigation