Privacy Notice
This Privacy Notice provides details of the personal data we collect from you, what we do with it, how you might access it and who it might be shared with.
Note:
For Patients – please see our patient privacy notice
For Employees and Contractors – working directly with us, please refer to our employee and contractor privacy notices published internally.
Our Contact Information (as the Data Controller)
Data Protection Officer,
Medica Group,
6th Floor, One Priory Square,
HASTINGS,
TN34 1EA,
United Kingdom
Email: dpo@medica.co.uk
What we do with your personal data
We process personal data only for the purpose for which they are collected. The purpose is dependent on whether you use only our website, or additionally, our services. If you use our services, you are required to register, and we collect your personal data. We use this personal data for the provision of the service or the performance of the contract. We may use your personal data for other similar purposes, including marketing and communications, but that will only occur in the case we have your consent or another legal justification for doing so.
From our Website Visitors we may process and retain personal data for the following:
| Processing purpose | Legal basis |
| Reporter and staff recruitment enquiries | It’s in our legitimate interests to enable prospective reporters and staff members to enquire about working with us. |
| General enquiries | It’s in our legitimate interests for individuals to enquire about our services. |
| Site management, monitoring IP traffic security | It’s in our legitimate interests to provide & protect our website for visitors. |
| Feedback and complaints | The performance of a contract with one of our clients, staff member or reporters |
Overseas processors
Our website is hosted in the United Kingdom. To improve your website experience, some data is processed outside of the EU.
| Organisation | Function | Type | Country or Continent |
| Google Analytics | Logs IP addresses from Medica.co.uk website | Processor | UK & US |
| CookieBot | Management of Cookies and Cookie notices | Processor | EU |
Where there are suppliers who process your data outside of the EU, Medica will carry out further assurance on the supplier to ensure they conduct their processing activity in line with data protection laws. Processors in the EU are bound by GDPR which, due to this, transfers to the EU are not restricted. The EU Commission has announced that adequacy decisions for the UK have been approved. This means the EU has determined the UK’s data protection laws to be robust enough to ensure data can safely flow to the UK from the EU (and EEA).
What personal data do we collect?
The personal data we collect depends on whether you just visit our website or have submitted personal information as part of an enquiry. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser type and settings, your operating system, the last web page you visited, the data transmitted and the access status, and your IP address.
If you use our services, personal data is required to fulfil the requirements of a contractual or service relationship, which may exist between you and our organisation.
If you make an enquiry via the website, we may ask you to provide personal data which we collect in order to process your enquiry. We may collect some or all of the following:
- Name
- Online identifiers
- Contact details i.e.: e-mail address
We may collect sensitive personal data and do so under the following legal basis:
- Healthcare Data
- In support of our contracted activity on behalf of our clients (the Data Controllers)
- Disability Information
- 9(2)(b) – For employment, social security, or social protection law
What personal data do we collect?
We do not share or disclose your personal information with any 3rd parties (with the exception of Google Analytics and CookieBot) unless mandated to disclose your personal data in response to requests from a court, police services or other regulatory bodies. Where feasible, we will consult with you prior to making such disclosure and, in order to protect your privacy, we will ensure that we will disclose only the minimum amount of your information necessary for the required purpose.
How do we look after personal data
- We limit the amount of personal data collected only to what is fit for the purpose, as described above.
- We restrict, secure and control all our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic.
- We retain personal data only for as long as is necessary, to respond to your requests, or longer if required by law.
- While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
What are your data protection rights?
The right to access (also known as a ‘Subject Access Request’)
You have the right to request our Company for copies of your personal data.
The right to rectification
You have the right to request our Company correct any information about you that you believe is inaccurate. You also have the right to request our Company to complete information you believe is incomplete.
The right to erasure
You have the right to request that our Company erase your personal data, under certain conditions.
The right to restrict processing
You have the right to request that our Company restrict the processing of your personal data, under certain circumstances.
The right to object to processing
You have the right to object to our Company from processing your personal data, under certain circumstances.
The right to data portability
You have the right to request that our Company transfer your personal data that we have collected to another organisation, or directly to you, under certain circumstances.
If you would like to exercise any of these rights, you may make a request via email to dpo@medica.co.uk, by telephone or in writing to our office as detailed at the bottom of this page.
Where it may have been necessary to get your consent to use your personal data, at any moment, you have the right to withdraw that consent. If you withdraw your consent, we will cease using your personal data without affecting the lawfulness of processing based on consent before your withdrawal.
Our Data Protection Officer can be contacted via:
Email: dpo@medica.co.uk
Telephone: +44 3333 111 000
Data Protection Commission
Postal Address
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland
Telephone
076 110 4800 – 10:00 – 12:00hrs (Monday – Friday)
057 868 4800 – 14:00 – 16:00hrs (Monday – Friday)
Or for more information regarding your data rights please visit:
Your Data | Data Protection Commissioner
Links to other websites and services
Our website may contain links to other external websites and services. This privacy notice only applies to this website, so if you visit another website, please ensure that you read their privacy notice.
Changes to our privacy notice
We keep this privacy notice under regular review and any updates are published to this page. This notice was last updated on 02/07/2021.