IAS Medical Limited are committed to protecting and respecting your privacy and the purpose of this notice is to provide you with information on who we are, how and why we collect, and process your personal data as a patient, a family member, carer or someone who may be accompanying or supporting a patient.
- Who we are;
- Contact details;
- What personal data we collect about you;
- How we collect personal data;
- How and why we use your personal data;
- Data security;
- Your rights;
- How to make a complaint;
- How and why we share your personal data;
- Transferring your personal data overseas;
- How long we hold personal data;
- Links to other websites; and
- Changes to privacy notice.
It is important that you read this privacy notice carefully together with any other privacy notice we may provide to you on specific occasions when we are collecting or processing personal data about you to ensure you are fully aware of how and why we are using your data. This privacy notice supplements other notices and privacy policies and is not intended to override them.
1. Who we are
IAS Medical Limited (“we, us or our”) is a long-established air ambulance company registered in England and Wales with company number 05914453.
We are the data controller and responsible for your personal data that we process in connection with the services we provide.
2. Contact Details
Our head office is located at 20-22 Wenlock Road, London, N1 7GU.
If you have any questions about this privacy notice, data processing practices, data protection matters generally, or you wish to exercise your legal rights please contact our data protection officer (DPO) using the details set out below.
Data Protection Officer
Unit 3 Clive Court
Cambridgeshire Business Park
Ely CB7 4EA
Telephone: 0333 800 7000
3. What personal data we collect about you
We may collect, use, store and/or transfer different kinds of personal data and special category data about you, your family members, carer or someone who may be accompanying or supporting you.
What we mean by personal data is any information about an individual from which that person can be identified (either by itself or when combined with other information).
As for special category personal data – this is the type of data relevant to you which reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership as well as genetic data, biometric data used to identify an individual, data concerning health or data concerning an individual’s sex life or sexual orientation.
We collect both kinds of personal data as described above. However, we will limit the collection and processing of personal data to what is necessary to achieve one or more purpose(s) as identified in this notice. The personal data we collect about you and those accompanying or supporting you will include the following:
- Basic personal data to identify you such as your first name, maiden name, last name, username or similar identifier, marital status, title, occupation, date of birth;
- Your contact information including your email address, address and telephone numbers;
- Passport number and expiry date;
- Immigration information;
- Health data including medical notes, records of treatment and medication and allergies and any mobility issues;
- Details of parental responsibility;
- Religious information;
- Details of the hospital to which an individual may transfer;
- Details of the hospital from which an individual may transfer;
- Name and contact details of the treating doctor at the transferring hospital;
- Name and contact details of the treating doctor at the receiving hospital;
- Financial information – including bank account details, card payment details and billing address;
- Details of payments to and from you and other details of services purchased and provided to you;
- Online information and online activity based on your interaction with us, our websites and applications for example your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, searches, site visits and versions, operating system and platform, and other technology on the devices you use to access this website;
- Images and personal appearance such as copies of your passport or drivers licence;
- Usage Data including statistical data including information about how you use our website and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We may also process:
- Other information relevant to client feedback regarding our service.
Additionally, if you use your credit or debit card in payment for our service/s we will pass your card details securely to our payment-processing partner as part of the payment process. This is done in accordance with the Payment Card Industry Data Security Standard. Neither they nor we will store these details.
It is important that the personal data we hold about you is accurate and current.
Please keep us informed if your personal data changes during your relationship with us.
We are committed to protecting the privacy of the young people whose personal data we collect or are provided by a third party.
Where appropriate, we will always ask for consent from a parent or guardian to process personal data relating to a child.
5. How we collect personal data
Your personal data comprises personal, special category and financial data and provided to us including;
1. You give to us directly where you:
A) Contact us directly via telephone, letters or email;
B) Use our online contact forms, applications, emails;
C) Search for our services;
D) Apply for our services electronically or otherwise;
E) Request marketing material to be sent to you; and/or
F) Give us feedback or contact us.
2. Information we learn about you through our relationship and the way you interact with us;
3. Information we may receive from third parties which may include your GP, other healthcare providers, medical professionals, law enforcement agencies, social services and/or other governmental bodies or agencies and other relevant services or bodies (where permitted);
4. Information we gather using technology, which you may use to access our services (an IP address for example or telephone number), and how you use technology (for example recognising behavioural patterns).
6. How and why we use your personal data
We will only use your personal data where it is necessary to carry out our business activities and we are required to have one or more of the following reasons for using your personal data:
- Performance of a contract – the personal data we may need to deliver our services to you;
- Legal obligation – where we are required by law to process your personal data;
- Legitimate interest – where we are permitted to use your personal data where on balance the benefits of us doing so is not outweighed by your legal rights;
- Vital interests – where we need to process your data to provide and administer emergency medical care
- Preventative or occupational medicine – through the provision of health care or treatment;
- Consent – where your agreement is sought prior to utilising your personal data. Wherever consent is the only reason for using your personal data you have the right to change your mind and/or withdraw your consent.
We will mainly use your personal data in the following ways:
1. When you apply for our service (and throughout your relationship with us), we are required to collect and process certain personal data about you. Please note that if you do not agree to provide information requested, it may affect service provision as we may be unable to continue to deliver our services to you.
2. To register you as a new client;
3. To provide the service you require including but not limited
A) To the provision of appropriate medical support relevant to your needs and/or to determine what additional support medical or otherwise you might require;
B) To charter flights and arrange ambulance transportation appropriate to your needs; and
C) To provide any other ancillary service(s) as may be required to meet your specific needs that we might fulfil our contract with you;
4. To undertake administration activities necessary for the delivery our services to you including:
A) Managing payments, fees and charges;
B) Keeping an accurate history of transactions and sending you relevant statements;
C) Helping to resolve any problems or complaints you may have;
D) Collect and recover monies where appropriate;
5. To manage our relationship with you including:
A) Notifying you of changes to our terms and conditions;
B) Notifying you of changes to this privacy notice;
C) Asking you to leave a review.
6. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we provide to you.
7. To use data analytics to improve our website, services,marketing, client relationships and experiences.
You may choose to restrict the collection or use of your personal information for direct marketing purposes.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us or emailing using our contact details outlined above.
If you are an existing contact or patient/client, we will only contact you by electronic means with information about services which you have previously purchased from us or enquired about. If you are a new client, and where we permit selected third parties to use your data, we (or they) will contact you by post or electronic means only if you have consented to this. As above, you can choose not to receive these types of communications by contacting us.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Your rights
You have several rights under data protection laws which are set out below. You can access any of these rights at any time and if you wish to do so or require further information about your rights please contact us using the details above.
- Access – the right to request a copy of the personal data we hold on you. When you request this data, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee;
- Rectification of personal data – is the right to have any inaccurate personal data corrected;
- Erasure of personal data – the right to have any out of date personal data deleted once there’s no business need or legal requirement for us to hold it;
- Restriction of processing personal data – the right to object or restrict some processing, in limited circumstances and only when we don’t have legitimate grounds for processing your personal data;
- Objection to processing of personal data – the right to object to your personal data being used for example to send you marketing material. As mentioned above, we’ll only send you marketing material where you’ve given us your consent to do so. You can remove your consent at any time;
- Automated decision making – the right to ask for a decision to be made manually, where a decision is made using automated means and this adversely impacts you; and
- Portability – the right to have personal data we hold about you transferred securely to another service provider in electronic form.
9. How to make a complaint
If you are unhappy with the way we have handled your personal data and/or wish to complain about how your personal data is being processed, you can do so at any point in time.
Please contact our Data Protection Officer using the details provided above.
If you’re not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office (ICO) at any time. The ICO is the UK’s supervisory authority whose role is to enforce data protection laws.
We would appreciate the chance to address any concern you may have before you approach the ICO and ask that you contact us in the first instance.
10. How and why we share your personal data
We may from time to time share your personal data with the following organisations who are also required to keep your information confidential, safe and secure:
- Third parties including but not limited to insurers, insurance brokers and/or companies providing translation services, commercial partners, agents, professionals including medical professionals and subcontractors who provide, services and administrative support necessary to complete your booking;
- Third parties including but not limited to insurers, insurance brokers and/or companies providing translation services or professionals including medical professionals who may be engaged on your behalf;
- Where we are required to do so we will share your information with law enforcement agencies, judicial bodies, credit reference agencies, fraud prevention agencies, governmental entities, tax authorities or regulatory bodies around the world;
- Where required as part of any proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or business assets;
- Anyone else with your permission.
11. Transferring personal data overseas
From time to time we may share your personal data with organisations in other countries outside of the EEA to fulfil your contract with us.
12. How long do we hold personal data?
We retain your personal data for no longer than is necessary. The time periods for retaining data are determined by several factors including but not limited to the nature and type of record, the nature of the activity, the product or service and any applicable legal or regulatory requirements.
It is usual for us to retain personal and special category data for up to seven years after your relationship with us ends however some exceptions may apply. Our retention periods may be subject to change from time to time based on commercial, legal or regulatory requirements.
13. Links to other websites
Within our website we may have links to third party websites, plug-ins and applications. Clicking those links may enable third parties to share or collect your personal data. Please be aware that we do not control such third-party websites and are not responsible for their privacy statements or the contents of those websites. We would encourage you to read the privacy notice of every website you visit.
14. Changes to the privacy notice
We keep our privacy notice under regular review. Any changes to our privacy notice in the future will be posted on this page. We encourage you to review this page regularly to identify any updates or changes to our privacy notice.
Version 1.0 effective 25 May 2018