At Spinal Cord Injury Services Limited we take data protection very seriously and want you to know that we take every precaution to minimise the risks to your personal information. In order to remain transparent about what we do with your data, this notice is designed to tell you what type of data we hold, why we hold your data and who we share your data with, so that you can have confidence that your data is safe in our hands and your privacy is protected, to the best of our ability, at all times.
The Company keeps two types of data:
1. Health Records (our clients’ data)
If you have a health condition, usually a spinal cord injury, and receive assessment and/or treatment services from our Company, we will gather information about your health condition in order to assess and treat you appropriately. We will then continue to keep a record of our assessment of you, and the treatment we give you, in order to monitor your health condition and your response to our treatments.
We will gather this data from you, as well as from any relevant member of your multi-disciplinary team. Your multi-disciplinary team might include your solicitor, expert witnesses, private case manager or any other healthcare worker involved in the treatment of your condition.
We will keep your health records for the duration of your treatment AND for 8 years after your treatment has finished.
2. Other Data (the data of our employees, contractors, colleagues and enquirers)
• If you work for, or on behalf of, our Company we keep a record of your personal and professional details so that we can maintain our contractual agreement with you and offer protection to our clients. We will keep this data for the minimum amount of time necessary after your contract with us has started.
• If you are a member of one of our clients’ multi-disciplinary team, we will keep a record of your contact details so that we can liaise with you about our mutual client’s health condition and their treatment. We will retain this information for use in the day-to-day running of our services as well as to provide a swift referral process to you, for our other clients, as required.
• If you make an enquiry with our Company about our services, whoever you are, we will also keep a record of your personal details until we have finished answering your question(s).
We do not share your personal data unless you are our client and it is necessary to do so in order to obtain or exchange information relevant to your health condition and treatment. In this case we will ask for your consent to do this. We will never rent, or sell, anyone’s data to any third party for any purpose.
The General Data Protection Regulation (GDPR) requires us to explain to you why keeping your data, and what we do with it, is legal.
We process your data with your consent and because it is necessary to do so to fulfil our contract with you. In the case of your health records we also have a legal obligation to keep a record of your assessment and treatment.
You have the right to be informed about, and have access to, the data that we hold about you.
You have the right to tell us if you think the personal data we hold about you is incorrect and to ask for it to be changed.
You have the right to request that we delete your personal data.
You have the right to restrict how we process your data if you feel it isn’t legal, or your data isn’t accurate.
You can also ask for us NOT to delete your data, even if we don’t need it anymore, if it is required for a legal claim.
You have the right to transfer your data to another company or sole trader.
You also have the right to object to us using your data for the purposes of direct marketing and you can unsubscribe from this at any time,
with immediate effect.
If you would like to exercise any of your rights, please write to the Company’s Data Controller at the above address and we will respond within
We have specific processes in place to protect your information. Your data is stored and transferred on paper and/or electronically and the security measures we take are robust and appropriate for each method of storage and transfer.
We only keep your information for as long as we need to, to provide you with the services you need or for the other purposes outlined in this document, and for the length of time that we are legally obliged to keep it for. When we do dispose of your data, we have procedures in place to ensure that this is done safely and securely.
If you have any questions about our policies or procedures for handling your data, please contact the Company’s Data Controller at the above address and we will be happy to provide you with further information.