Last Updated: 18 December 2019
Our clients’ privacy is important to us. This privacy notice has been created to explain to you the types of personal data Passport Health holds about you and how we may use this information for the benefit of your health and wellbeing. The document advises you on circumstances that we may allow your information to be made available to other organisations, across a variety of healthcare and other settings.
This document applies only to personal information processed by or on behalf of Passport Health. Where our website contains links to other sites, we have no influence on whether they comply with the data protection regulations. You should check their own privacy policies before providing them with personal information.
About us and how to contact our Data Protection Officer
We are Passport Health Ltd, part of Passport Health International group. You can contact our Data Protection Officer at GDPR@passporthealthglobal.com
Our address is : 172 N Gower St, NW1 2ND, London
What personal information do we collect?
We only collect personal information that is necessary for us to be able to provide safe and quality services to you. We collect personal and medical history information about you either during the appointment booking process (through our website or phone call), or during the appointment. This personal information normally include:
- Your personal information including name, date of birth, address, and contact details
- Information about your health and medical history
- Details of your travel plans including, dates, destinations, planned activities, etc
- Contact details of your emergency contact
- Information about your previous appointments in any of our clinics, if this is not your first time at Passport Health clinics
- Details of your appointment and service usage with us, including type of vaccine/medication you’ve been recommended, type of vaccine/medications administered, unique number associated with vaccines/medications administered to you, details of any follow up appointments recommended, vaccines/medications that were declined by you. We collect this information to be able to provide necessary data to our regulators such as Care Quality Commissioner, to manage our product batches and recalls, and to …
- Contact details of your GP or other healthcare practitioner if it’s necessary for safe provision of our services
- Payment details, to hold your appointment and to process your payment. This information will be asked when booking and appointment and at the time of appointment. Your credit card information will not be kept after the payment is processed.
Every member of staff who works for Passport Health organisation has a legal obligation to keep information about you confidential.
How do we collect personal information?
We collect necessary personal information about our clients in the following ways:
- Appointment booking on our website or through our phone lines
- Making inquiries on our website, via phone, or via email
- During your appointment at the clinic
In some cases, we may, with your consent, receive and then record personal data about you from third parties, such as your GP who may have referred you to us, or your employer should you be referred to us for a business-related trip of vaccination requirement arranged and paid for directly by your employer for you.
We will only request necessary information about you that allows us to effectively deliver the care and services that you wish us to provide. We will advise you if providing some personal data is optional.
Monitoring of the information
We may monitor and record telephone and written correspondence with you to train our staff and to monitor our services.
How and why we process your personal information?
All your data collected by us will be processed in compliance with the General Data Protection Regulations. The processing of this information is for the following reasons:
- To enable us to provide you with your travel health consultation and care.
- To help us provide you with the safest and most effective treatment for you.
- To make decisions at your request during your treatment.
- To keep your records up to date.
We may also process your personal data in accordance with The General Data Protection Regulations:
- As necessary for our own legitimate commercial and compliance interests
- For compliance, accounting, managing and auditing our clinical and business operations.
- To monitor emails, calls, other communications, and activities on our networks and systems.
- For market research, analysis and developing statistics for improving our business and clinical performance.
- To comply with our legal and regulatory obligations.
- To allow us to investigate and respond to any complaints, legal claims and data protection breaches or clinical incidents
Who do we share your personal information with?
Within the applicable laws, we may share your information with:
- Nurses and other Passport Health employees who provide treatment to you on at our clinics.
- All Passport Health Ltd clinics within the UK
- Your GP or other healthcare providers where we feel this will enhance the quality of your care, you will be informed if this applies to you and your consent will be asked if applicable
- Support and administration staff within Passport Health may have partial and limited access to relevant data that enables them to support services provided to you in our clinics, for example, appointment booking, follow ups, and invoicing
- Your employer if you have received vaccinations or other occupational health services as part of our occupational health offering, with your consent
- Our legal and other professional advisors appointed by us, for example our auditors.
- Fraud prevention agencies, credit reference agencies, and debt collection agencies.
- Government bodies and agencies in the UK where appropriate.
- The Court Service, to comply with legal requirements, and for the administration of justice.
- In an emergency or to otherwise protect your vital interests.
- To protect the security or integrity of our business operations, you or other patients.
- Payment systems and providers.
- Any other party where we have your consent or as required to disclose such information by law.
Whenever we transfer your personal data out of the EEA or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may also transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Passport Health will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to:
(b) protect and defend the rights or property of Passport Health; and,
(c) act under exigent circumstances to protect the personal safety of users of Passport Health, or the public.
We may remove your name and other details that could identify you so that we can use the information in your record anonymously to:
- Monitor and improve the quality of care received by clients/service users
- Train and educate staff.
Wherever possible, we anonymise your data or use a quasi-identifier such as a patient number.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we keep your data for?
Passport Health will only retain your personal data for as long as necessary to fulfil the purposes we collected collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Data reviewed regularly for relevance. Any data deemed no-longer relevant is deleted.
If you are a client and have had an appointment in any of our clinics, we will keep your records for as long as recommended by NHS and Care Quality Commissioner guidelines.
If you are not a client, we will keep your records for 8 years.
Your rights under data protection law
Your rights are as follows:
- The right to be informed about processing of your personal data.
- The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed.
- The right to object to processing of your personal data.
- The right to restrict the processing of your personal data.
- The right to have personal data erased.
- The right to request access to your personal data and information about how we process it
- The right to file a complaint with the Information Commissioner’s Office if you consider that we are in breach of our obligations under data protection laws.
Please note that some or all of these rights may be restricted by specific legal requirements that requires us to retain or process your data.
We respect your privacy and give you an opportunity to opt-out of receiving announcements of certain information. You may opt-out of receiving any or all communications from Passport Health by contacting us or selecting the “Unsubscribe” option on your email.
You may exercise the above rights by contacting us at GDPR@passporthealthglobal.com.
Obtaining a copy of your record
If you wish to apply for access to the information we hold about you:
- You should send your request in writing to us to GDPR@passporthealthglobal.com and write “Record Request” in the subject line
- You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
- You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth, any unique identifier number (if known)
- We will take every reasonable step respond to you within 30 days of receiving your request. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- You may be required to provide a form of ID before any information is released to you. Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.
For further information or questions, please contact our Data Protection Officer at:
Address: 172 N Gower St, NW1 2ND, London