Privacy and cookies policy
1.1 We are committed to safeguarding the privacy of our website visitors, service users, employees/contractorsand customer personnel.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal data.
1.3 Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the collection, sharing and publication of your personal data.
1.5 In this policy, “we”, “us” and “our” refer to Core Prescribing Solutions Limited, company number 12331551, registered in the United Kingdom. For more information about us, see Section 18.
1.6 This notice outlines how we process information that we collect from you or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. It tells you about your privacy rights and how the law protects you.
1.7 “Personal data” is defined in Article 4(1) of the GDPR: “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
2. The personal data that we collect
2.1 In this Section 2 we have set out the general categories of personal data that we process. The most common source of personal information is the person to whom it refers (for example, you). We may also find information that is publicly available. In addition, we may collect information from suppliers and stakeholders, information you have made available on the public domain (for example, from your website) and information purchased from third party marketing data suppliers.
2.2 We may process data enabling us to get in touch with you (“contact data“). The contact data may include your name, email address, telephone number, postal address and/or social media account identifiers.
2.3 We may process information relating to our customers, suppliers and stakeholders relationships(“customer relationship data“). The customer relationship data may include your name, the name of your business or employer, your job title or role, your contact details, your classification / categorization within our customer relationship management system and information contained in or relating to communications between us and you, or between us and your employer. The data may also include contact history including whether contact was made by post, email or telephone and the purpose of contact and the outcome.
2.4 We may process information relating to transactions with our customers, and suppliers services, that you enter into with us (“transaction data“). The transaction data may include your name, your contact details, your payment card details, banking details and the transaction details.
2.5 We may process information relating to our employees and contractors working for us (“employee/contractor data”). This data may include but not limited to personal details such as name, gender, date of birth, postal address, telephone numbers, email address, emergency contact details, proof of identity, national insurance number, professional registration number, banking details, mandatory training logs and performance records.
2.6 We may process information contained in or relating to any communication that you send to us or that we send to you (“communication data“). The communication data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.
2.7 We may process data about your use of our website and services(“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is google analytics tracking system.
2.8 Please do not supply any other person’s personal data to us, unless we prompt you to do so for the nature of business-related activities
2.9 If there is no contractual relationship between us, we may explicitly request your consent to process personal information, or we may presume that implicit consent exists given your actions. Wherever possible we ask you for your explicit consent. For example, we explicitly obtain for your consent to be sent marketing materials. We continue to process information on this basis until either you withdraw your consent by notifying us, or it can be reasonably assumed that your consent no longer exists.
3. Purposes of processing and legal bases
3.1 In this Section 3, we have set out the purposes for which we may process personal data and the legal bases of the processing. If a basis on which we process your personal information is no longer relevant, then we will immediately stop processing your data. If the basis changes then if required by law we will notify you of the change and of any new basis under which we have determined that we can continue to process your information.We rely on the following legal basis to use your personal data:GDPR Article 6 (e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
3.2 Operations – We may process your personal data for the purposes of operating our website, providing our services, generating invoices, bills and other payment-related documentation, and credit control. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business. We may contact our employees and contractors regarding specific tasks or jobs, training opportunities andalso to record that you have the right to work for us. We may contact customers, suppliers and stakeholders to inform you about our business requirements and employment opportunities.
3.3 Publications – We may process service dataforthe purposes of publishing such data on our website and elsewhere through our services in accordance with your express instructions. The legal basis for this processing is consent.
3.4 Relationships and communications – We may process contact data, account data, customer relationship data, transaction data and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing not restricted via social media or email) by email, SMS, post, fax and/or telephone, providing support services complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, service users, individual customers and customer personnel, the maintenance of our relationships, enabling the use of our services, and the proper administration of our website, services and business.
3.5 Direct marketing – We may process contact data and customer relationship data for the purposes of creating, targeting and sending direct marketing communications through social media or by email, SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is our legitimate interests, namely promoting our business and communicating marketing messages and offers to our website visitors and service users.
3.6 Research and analysis – We may process usage data, service data and/or transaction data for[the purposes of researching and analyzing the use of our website and services, as well as researching and analyzing other interactions with our business. The legal basis for this processing isour legitimate interests, namely monitoring, supporting, improving and securing our website, services and business generally.
3.7 Record keeping – We may process your personal data for the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy.
3.8 Anonymisation of data – We may aggregate anonymous data such as statistical or demographic data for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal information but is not considered as such in law because it does not reveal your identity.
5. Providing your personal data to others
5.1 We may disclose employees/contractors and service userspersonal data to our insurers, professional advisers insofar as reasonably necessary for the purposes ofobtaining or maintaining insurance coverage, managing risks and obtaining professional advice.
5.2 We may disclose personal data of our employees and/or contractors working for us to service users, our accountants and other professional service suppliers.
5.3 We may disclose personal details of our service users to our accountants and in some cases to other third-party companies for potential business opportunities after obtaining consent.
5.4 In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. For example, we may be required to give information to legal authorities if they request or if they have the proper authorisation such as a search warrant or court order. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
6. International transfers of your personal data
6.1 In this Section 6, we provide information about the circumstances in which your personal data may be transferred to countries outside the United Kingdom and EU.
6.2 You acknowledge that we may use outsourced services outside the EU and information obtained within the UK could be processed outside the EU however we will ensure the service provider protects information to the same standards required under GDPR. Any personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
7. Retaining and deleting personal data
7.1 Section 7 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
7.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. This includes contact data, customer relationship data, transaction data, employee/contractor data, communication data and usage data.
7.3 Notwithstanding the other provisions of this Section 7, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person and to support a claim or defence in court.
7.4 We may retain your personal data where such retention is necessary for compliance with current NHS code of practice, to meet any contractual obligations and to comply with other laws including tax authorities.
8. Security of personal data
8.1 We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
8.2 We will store your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.
9. Your rights
9.1 In this Section 9, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not allof the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. You can do this by reading this website www.knowyourprivacyrights.org.
9.2 Your principal rights under data protection law are:
- (a) the right to access – you can ask for copies of your personal data;
- (b) the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
- (c) the right to erasure – you can ask us to erase your personal data;
- (d) the right to restrict processing – you can ask us to restrict the processing of your personal data;
- (e) the right to object to processing – you can object to the processing of your personal data;
- (f) the right to data portability – you can ask that we transfer your personal data to another organisation or to you;
- (g) the right to complain to a supervisory authority – you can complain about our processing of your personal data; and
- (h) the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
9.3 These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
9.4 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
9.5 You may contact us to request any personal information we hold about you. After receiving your request, we will tell you when we expect to provide you with the information, and whether we require any fee for doing so.
9.6 You may exercise any of your rights in relation to your personal data by written notice to us. Please contact our Data Protection Officer, either by writing to our registered office at 46 Houghton Place, Bradford, BD1 3RG or by using the Contact page on this website to send us a message for the attention of the Data Protection Officer
9.7 If you have any concerns about the organisation’s information rights practices you have the right to complain to the Information Commissioner’s Office (ICO) or if you are not satisfied with the handling of a complaint by us in relation to your personal data then you can refer the complaint to the ICO. The ICO’s contact details can be found on their website at https://ico.org.uk/.
10. Third party websites
10.1 Our website may include hyperlinks to, and details of, third party websites.
10.2 In general we have no control over, and are not responsible for, the privacy policies and practices of third parties.
11. Updating information
11.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.
12. Acting as a data processor
12.1 In respect of patient data, we do not act as a data controller; instead, we act as a data processor.
12.2 Insofar as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller.
13. About cookies
13.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
13.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
13.3 Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
13.4 Your web browser should allow you to delete any cookie you choose. It also should allow you to prevent or limit their use. Your web browser may support a plug-in or add-on that helps you manage which cookies you wish to allow to operate.
13.5 The law requires you to give explicit consent for use of any cookies that are not strictly necessary for the operation of a website.
14. Cookies that we use
15. Cookies used by our service providers
16. Managing cookies
16.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
- (a) https://support.google.com/chrome/answer/95647 (Chrome);
- (b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
- (c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);
- (d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
- (e) https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and
- (f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
16.2 Blocking all cookies will have a negative impact upon the usability of many websites.
16.3 If you block cookies, you will not be able to use all the features on our website.
17.1 We may update this policy from time to time by publishing a new version on our website.You should check this page occasionally to ensure you are happy with any changes to this policy.
18. Our details
18.1 This website is owned and operated by Core Prescribing Solutions Ltd.
18.2 We are registered in the UK under registration number12331551and our registered office is at 46 Houghton Place, Bradford, BD1 3RG
18.3 You can contact us:
- (a) by post, to the postal address given above;
- (b) using our website contact form
- (c) by telephone, onthe contact number published on our website; or
- (d) by email, using the email address published on our website
19. Data protection registration
19.1 We are registered as a data controller with the UK Information Commissioner’s Office.
19.2 Our data protection registration number is ZA567329.
20. Data protection officer
20.1 We have a dedicated data protection officer. If you wish to contact them you may do so by:
- (a) by post, to the postal address published on our website;
- (b) using our website contact form
- (c) by telephone, on the contact number published on our website; or
- (d) by email, using the email address published on our website and marking with for the attention of the data protection officer
21. Changes of business ownership and control
21.1 Core Prescribing Solutions Ltd may expand or reduce the business and this may involve the sale and/or the transfer of control of all or part of Core Prescribing Solutions Ltd.
21.3 We may also disclose data to a prospective purchaser of our business or any part of it and we will take steps with the aim of ensuring your privacy is protected.