Thank you for visiting our website. This privacy policy tells you how we use personal information collected on https://castlehealtheu.wpengine.com. Please read this privacy policy before using the site or submitting any personal information.
For our website Terms of Service statement please click here.
By using the site, you are accepting the practices described in this privacy policy. These practices may be changed, but any changes will be posted and changes will only apply to activities and information on a going forward, not retroactive basis. You are encouraged to review the privacy policy whenever you visit the site to make sure that you understand how any personal information you provide will be used.
This privacy statement covers:
- Privacy contact information
- Website and communication privacy policy
- Who we are
- Collection of personal data
- Technical information
- How information is kept safe
- Who the data is shared with
- How long information is kept for
- Your rights
- How to request a copy of your data
- Complaints
- Cookie Policy
- Staff consent form
- Websites we own
Privacy Contact Information
If you have any questions, concerns or comments about our privacy policy, or would like to report a possible data breach, please contact Lucy Haden, Senior Governance Administrator for Castle Craig at l.haden@castlecraig.co.uk or in writing at:
Castle Craig Hospital
West Linton
Peeblesshire
Scotland
EH46 7DH
We reserve the right to update this policy from time to time so it is in keeping with the latest guidelines and relevant to our website users. Any significant changes to this policy will be posted in our blog.
We take data security and confidentiality extremely seriously and all communications and replies are issued as soon as possible.
Website and Communication Privacy Policy
The security of your data is important to us. This privacy policy explains how we collect your data, what we do with it, and your rights regarding the data.
We may update this notice from time to time.
Collection of Personal Data
Castle Craig Hospital Ltd is the data controller for the information collected on this and other websites. This means that Castle Craig determines what information is collected, how this data will be used and how it is protected. We are fully committed to fulfilling our obligations to website users about their privacy and their rights.
Our registered address is:
Castle Craig Hospital
Blyth Bridge
West Linton
EH46 7DH
If you have any concerns about your data protection rights please contact l.haden@castlecraig.co.uk
We will collect data about you for the purposes of making your browsing a better experience, provide you with information you have requested, in your communication with us either on the phone or by email.
This includes information that was obtained directly from you, either via our website or in communications, but may also include from time to time information that was collected about you- for example, from your family or friends who contact us.
We collect this information on the basis of either legitimate interest, where castlehealtheu.wpengine.com requires the information to provide its service and which isn’t outweighed by your right to privacy; for a lawful basis where castlehealtheu.wpengine.com is required to collect your data; where consent is required to process the information; or where it is necessary for the public good.
Special Category Data may also be collected, which also includes any feedback given. Such Data may be information about your health which you expressly agree to our collection for the purpose of providing our services.
When you get in contact with us, the information that is collected about you may include:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- Date of birth
- Gender
- Marital status and dependants
- Next of kin and emergency contact information
- Communication between Castle Health and you
- Financial information for payment purposes
Technical information
In addition, and in order to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:
- Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
- Your login information, browser type and version, time zone setting, browser plug-in types and versions;
- Operating system and platform;
Information about your visit, including the Uniform Resource Locators (URL) clickstream to, through, and from our site.
How Information is Kept Safe
Information is retained in secure electronic and paper records and access is restricted to only those who need to know.
We also anonymise or pseudonymise your information where appropriate to protect your identity.
All of our staff are subject to strict confidentiality policies.
Who the Data is Shared with
Your data is kept within Castle Craig Hospital Ltd unless it is necessary to share with third parties.
We transfer your data to other companies for the purpose of the normal management of the business, to cloud-based hosting providers. Where this is the case, safeguards are put in place to secure your data- including ensuring that the host provider’s security is acceptable and contractual obligations for providers to comply with the GDPR.
We may share data with third parties where Castle Health has a legal obligation to do so.
We may share your data with other people that you request we share it with, for example, family or friends. We may share your data with other bodies, for example, social care or educational services- where we do, will gain your consent unless we are legally required to share the information.
You have a right to revoke your consent to sharing data where your consent is necessary, and we will explain the consequences of this when you do.
Under certain circumstances, your data may be transferred outside of the UK to other EEA countries, or to countries outside of the EEA. Where this is the case, Castle Health ensures the security of your data with strict safeguards including contractual obligations for third parties outside of the EEA to comply with GDPR requirements and encryption of data.
How Long is Information Kept
Your information will be kept for different lengths of time, but in all cases, for no longer than is necessary.
Where you give us information but do not enter treatment, this information will be deleted after being held for six months. Where you, or the person on whose behalf you were ringing, does come into treatment, your communications with us will be held for six years following discharge to comply with the statute of limitations. Where you give us financial information for the payment of treatment, this will be kept for the legal requirement of 7 years.
Where you, or the person on whose behalf you were ringing, does come into treatment an updated privacy policy will be sent to the patient at that time.
Your Rights
Under the GDPR, you have a number of rights regarding your personal data. These are:
- The right to be informed of data that is processed about you;
- The right to request access to your data, to be provided within 30 days of the request or 2 months for complex cases at no cost except under certain circumstances;
- The right to rectify information held, to be corrected within 30 days of the request or 2 months for complex cases;
- The right to erasure- where appropriate, your data can be deleted at your request. This will apply only where the Company recording the information is no longer necessary or they do not have an overriding legitimate interest to do so;
- The right to restrict processing- under certain narrow circumstances, you will have the right to restrict the Company from processing the data
- The right to data portability- under certain circumstances you can request to copy or transfer your information from one IT environment to another
- The right to object to processing- under certain circumstances you can object to the processing of the data and the Company must halt processing unless it can demonstrate an overriding legitimate interest.
Request a copy of your data
You should complete this Subject Access Request form if you want us to supply you with a copy of any personal data we hold about you.
Complaints
You have the right to lodge a complaint to Castle Health via Castle Craig Hospital regarding any rights you have under the GDPR. Please contact Senior Governance Administrator Lucy Haden at l.haden@castlecraig.co.uk.
You have the right to lodge a complaint to the Information Commissioner’s Officer if you believe the Company has not complied with the GDPR. Contact at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Via email here: https://ico.org.uk/global/contact-us/email/
Or the Scottish office here:
The Information Commissioner’s Office – Scotland
45 Melville Street
Edinburgh
EH3 7HL
Telephone: 0303 123 1115
Via email here: Scotland@ico.org.uk
Cookie Policy
For Castle Craig’s separate Cookie Policy please follow this link.
Staff Consent Form
Staff Consent Form in Accordance with the GDPR 2018
Subject Access Request Form
To download the subject access request form, please click or tap on the thumbnail below.