• 020 3869 8790

Privacy policy

At 18 Week Support, we take our responsibilities in relation to managing and protecting your data very seriously. This privacy notice sets out:

  • Who we are
  • The personal information we collect about you and how we use it, this applies to:
    • Visitors to our website, and where you contact us to make an enquiry or a complaint
    • Individual applicants as part of the recruitment process.
    • Employees and independent contractors.
    • Potential clients sourced through individual marketing campaigns.
    • Patients who have had treatment by one of our clinicians at a Trust that sub-contracts our services
  • Who your information might be shared with
  • How we keep it secure
  • Your rights
  • Contacting us

Who we are

When we refer to ‘we’, ‘us’ and ‘our’, we mean 18 Week Support as the “Data Controllers”.  Our contact details are:

6th Floor, We Work Monument
51 Eastcheap
London EC3M 1DT
Telephone: 020 3869 8790
Email  privacy@18weeksupport.com

Patients wishing to access information related to an episode of care under 18 Week Support should contact the NHS Trust responsible for their care as they would be the “Data Controllers”. This means that although we deliver care on behalf of each Trust that subcontracts our services, we are not responsible for the management of information contained within the medical records.

We otherwise use data provided to us by applicants as part of the recruitment process. In addition, to individual contact details resulting from our marketing campaigns and records of these are kept on our systems.

How we use your personal information.

Visitors to our website, and where you contact us to make an enquiry or a complaint.

When you visit our website, we use your information in line with our cookies policy which you can find here

If you contact us to make an enquiry or complaint, we will rely on consent under article 6(1)(a) of the GDPR to process your data.  If your complaint relates to any special categories, for example relating to treatment one of our clinicians has provided, we will rely on your explicit consent under Article 9(2)(a).

We need enough information from you to respond to your enquiry and to deal with your complaint.  We will record our calls in order to ensure we are providing you with a good service.

We hold your data in line with our retention schedules, which follow the NHS Information Governance Alliance Records Management Code of Practice which is available here.

Individual applicants as part of the recruitment process.

When you apply for a job with us, we will rely on your consent under article 6(1)(a) of the GDPR to process your data.  If your application includes any special categories of data, for example relating to a monitoring of our application relating to minorities, disability or any additional needs you may have, we will rely on your explicit consent under Article 9(2)(a).

We need this information to process your application, and to keep a record of the applications made.  We may keep your CV and personal contact details in order to offer you further opportunities in the future.

When you apply, you enter your details into our web-based provider.  We have a contract in place with them which authorised their holding your data on our behalf.  They hold and process data in the United States. We have agreed to the European Commission’s Standard Contractual Clauses that provides the same safeguards as previously outlined in the EU/US Privacy Shield, which means your data will be processed under the same rights and rules as in the EU. The United States has a different data protection regime to the regime in the UK and EU and is not deemed to provide an adequate level of protection for the purposes of UK or EU data protection legislation.  For example, you may have no rights of judicial redress against any public authorities in the United States who may access your personal data and we are not able to establish contractual or similar controls (e.g., the European Commission’s Standard Contractual Clauses) to seek to guarantee such protections despite the inadequate protections available under United States law.

We hold your data in line with our retention schedules, which follow the NHS Information Governance Alliance Records Management Code of Practice which is available here.

Employees and independent contractors.

If you are employed by us, we will rely on article 6(1)(b), the making or completion of a contract between us to process your personal data, and for any special category data we will rely on article 9(2)(b), employment and social security.

We need your personal data to pay you, to ensure we look after you as our member of staff and are able to offer you any support for additional needs you may require.  We also have to comply with the differing requirements of employment law and tax law relating to your employment.

We hold your data in line with our retention schedules, which follow the NHS Information Governance Alliance Records Management Code of Practice which is available here.

Potential clients sourced through individual marketing campaigns.

When you respond to our marketing campaigns, we will keep your personal contact details with your consent under article 6(1)(a) of GDPR.  We may also collect names and contact details through other suppliers who provide marketing databases.  In these cases we will always assure ourselves that we have your consent to contact you.  In compliance with the Privacy and Electronic Communication Regulations, we will always offer an ‘opt-out’ as part of these campaigns.

We need your personal data in order to offer our services to you, and we keep a database of contact details in our systems.

We hold your personal data in this respect for 3 years, or until you tell us you no longer wish to receive marketing contact from us, at which point we delete it.

Maintaining the Confidentiality of Your Information

We will take all necessary steps to protect your privacy and keep your data secure. We have a number of measures in place to prevent your information from being lost, stolen or used for unauthorised purposes.

Sharing your information

We will never sell your information and we will only ever disclose information in the following circumstances:

  • When you have given us permission to assign work
  • As part of an internal governance and/or recruitment processes
  • If we use a 3rd party who are expert in managing the data that we use

All personal information that we manage is stored appropriately in a secure environment within the EU. Any transfer of personal information is done through suitably protected methods and there are third party data processing agreements in place to ensure due diligence in relation to the privacy shield for third parties who store data outside the EU.

Access to Personal Information and Your Rights

Under the General Data Protection Regulation (GDPR), you have a number of rights to access the information we hold about you which should also be accurate.

In addition to the right of access, you now have the following rights:

  • Right to Erasure – also known as the right to be forgotten, you can ask us to delete or remove personal data if there is no justified reason for us to retain it.
  • Right to restriction of processing – you can request that we only process certain parts of your data, or only process data when we have corrected any mistakes.
  • Right to rectification – please let us know if any of your details are incorrect by contacting us using the details below.
  • Right to objection – you have the right to object to the way that we are processing your data.
  • Right to Request – a copy of the information we hold about you, data portability – this concerns the right to request that we provide a copy of your data in an easily transportable format.
  • Right to object to automated processing/profiling – you have the right to object to us using automated processing techniques, such as profiling, in order to provide services – we can confirm that we do not, at present, carry out any automated processing of your data.
  • Right to stop us – contacting you for marketing purposes or follow up on any recruitment process.

Contacting us

Should you wish to contact us about how we use your data, or have any concerns about how your information is managed by the organisation please contact us at: –

privacy@18weeksupport.com

You can also contact our Data Protection Officer at:

dpo.18weeksupport@kdpc.uk

If you are still unhappy following a review by the Organisation you can then complain to the Information Commissioners Office (ICO) via their website www.ico.org.uk
or in writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

If you are happy for your data to be extracted and used for the purposes described in this Privacy Notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact us.