Who are we?
Amethyst Health Screening Ltd is a provider qualified to carry out health checks for other companies and their employers and employees in their workplace.
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data (“Amethyst Health Screening Ltd” or “us”, “we”, “our”) is based in the UK.
We can act as either a data controller and / or processor. This is because we hold data for a variety of reasons from necessary personnel employer and employee data within our own company as well as service users which will be companies and their individual employers and employees who agree to use our services. A data controller determines the purposes and means of processing personal data. A data processor is responsible for processing personal data on behalf of a controller
We have developed this policy because we want you to feel confident about the privacy and security of your personal information. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
What personal information do we collect about you, and when do we collect it?
We may ask you for information to enable us to provide a service to you and we collect this information by telephone, written/email correspondence or via a website form or a link on our website to a form which collects your personal data. We may ask you for information including your name, private / business address, contact telephone numbers and email address. We may also ask you for other information that relates to the service you are using or ordering, including medical information about you. We will also collect medical data from you during a health screening, such as your blood pressure results and your cholesterol results.
- collect information from visitors to our websites to help us to make improvements to the websites and to the services we make available. We know, for instance, how many visitors there are to our website, when they visited, for how long and to which areas of our website they went.
We do not use this information to:
- Analyse your visits to any other websites or
- Track any Internet searches which you may make while on our website.
The categories of personal data concerned
- Personal data
- Special Categories of Personal Data
What is our legal basis for processing your personal data?
Our lawful basis for processing your general personal data:
- Consent of the data subject
- Processing necessary for the performance of a contract with a client/company and it’s data subject or to take steps to enter into a contract
- Processing necessary for compliance with a legal obligation
- More information on lawful processing can be found on the ICO website.
Do we share your personal information with anyone else?
We sometimes use other companies to provide services to you or to provide services to us. To enable them to do this, we may need to share your personal information with them. When we do so, these companies are required to act in accordance with the instructions we give them and they must meet the requirements of the Data Protection Act and GDPR to keep the information secure.
In order to carry out our health screening process, we need to use the services of Health Diagnostics Ltd (Health Diagnostics, Suite C1, The Quadrant, Sealant Road, Chester, CH1 4QR).
Health Diagnostics Ltd provide the software we use before, during and after a health screening has taken place. There may be times Health Diagnostics Ltd need to access this software if there are any technical difficulties with the software or similar issues. At all times your personal data is protected and Health Diagnostics also meet the requirements of the Data Protection Act and GDPR to keep information secure.
We may provide information, in response to properly made requests, for the purposes of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for the purpose of safeguarding national security. In either case we do so in accordance with the Data Protection Act and GDPR. We also provide information when required to do so by law, for example under a court order, or in response to properly made demands, under powers contained in legislation.
After your health screening appointment with us, if necessary, we may share your personal Data with your GP or other such medical services, but only with your express consent.
For how long does Amethyst Health Screening Ltd keep personal information?
The time period for which we keep information varies according to what the information is used for. In some cases, there are legal requirements to keep data for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain it for no longer than is necessary for the purposes for which the data was collected or for which it is to be further processed.
Automated Decision Making and Profiling
GDPR states: “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly affects him or her. Solely means a decision-making process that is totally automated and excludes any human influence on the outcome. A process might still be considered solely automated if a human inputs the data to be processed, and then the decision-making is carried out by an automated system”.
- We do not use automated decision making.
Profiling is done when your personal aspects are being evaluated in order to make predictions about you, even if no decision is taken.
- We will use a profiling tool when your health screening results regarding cholesterol and blood pressure, for example, are inputted into our profiling software and that software predicts your chances in percentage of a heart attack or stroke in the next ten years. We will only use our profiling software with your consent. It also shows all the results from whatever health tests you may undertake with us. With your consent we will share these results with your GP if necessary.
- We NEVER share your personal individual results with your employees. We may choose to share collective results in terms of percentage to company employers and HR with absolutely no data that personally identifies you.
How can you access, amend or take back the personal data that you have given to us?
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
- Right to object:
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
- Right to withdraw consent:
Where we have obtained your consent to process your personal data for certain activities (for example, for medical profiling), or consent to market to you, you may withdraw your consent at any time.
- Data Subject Access Requests (DSAR):
Just so it’s clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
- we may ask you to verify your identity, or ask for more information about your request; and
- where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
- Right to erasure: In certain situations (for example, where we have processed your data unlawfully),
you have the right to request us to “erase” your personal data, you have the right to be “forgotten”. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
- Right of data portability:
If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
- Right to lodge a complaint with a supervisory authority:
You also have the right to lodge a complaint with your local supervisory authority, details of which can be found in ANNEX 1 at the bottom of this page.
If your interests or requirements change, such as in the case of receiving marketing material or newsletters (where applicable) you may have previously agreed to receive, but you then wish to remove your consent, you can unsubscribe from part or all of our marketing content (if marketing is applicable in our case), by clicking the unsubscribe link in the email.
How can I find out what personal information Amethyst Health Screening Ltd holds about me?
If you want specific information please tell us and give us any relevant information to enable us to locate the information about you because this will speed up our reply. We may be able to provide the specific information you want without you having to make a formal request. You can make a formal request if you want to know what personal information Amethyst Health Screening Ltd holds about you. In this case, please put your request in writing and send it to us. Our postal address can be found in the footer of each page.
How can I change the personal information Amethyst Health Screening Ltd holds about me?
If the information we hold about you is inaccurate, please contact us to let us know and we will make the necessary amendments and confirm that these have been made.
How do we protect your personal information?
We are serious about guarding the security of your personal information and the details of any transactions made. We take appropriate organisational and technical security measures to protect your data against unauthorised disclosure or processing. We use a secure encrypted server to store the information you give us.
- Where applicable, If you do register on our website, we may ask you to provide personal details such as name, address, e-mail address and telephone number. We may also ask you to choose a password, and to complete a password security question and answer, in case you forget your password for any reason.
- Once you have registered on our website, we may keep a record of your use of any of the services made available via that particular website.
- If you choose not to register with us and only browse our website, we may gather information to help make your visit to our website more satisfying. However, this information will not identify you personally.
- If you do not wish to register, you will still be able to use most of the services offered via our websites.
- We will only ask you to provide such information as necessary to enable us to carry out the transaction in question. We will not use that information for any other purpose. You should note that some services are only available if you register on the website first.
- If applicable and you have registered for any of the services available through our website you may choose to cancel that registration at any time. You can do this in one of two ways:
- Return to the original registration page and following the instructions for canceling the registration or
- Send an e-mail to us by completing the “contact us” form
Please ensure you inform us of the service which you wish to cancel. If you do either of these, your personal details will be deleted from our website database. If you have registered you have direct control over information in your personal profile on our website. You can access and change this information at any time by using the indicated link.
Over and above what Amethyst Health Screening Ltd does to safeguard your privacy and security on-line, there are a number of things you can do to protect yourself from Internet fraud:
- Choose a password (letters and digits) you can remember but others will not guess, change it regularly and, if you do write it down, keep it somewhere safe and secure.
- When you have finished your session on our website, make sure you prevent your details being seen by anyone that you do not wish to see them. So, if you have registered and logged in, remember to log off.
- Clear any cache so there is no record of any transactions left on screen – Firefox, Chrome and Internet Explorer let you do this.
- We also recommend you then close your browser so any history of the session is cleared.
- We collect information from visitors to our website to help us to make improvements to the website and to the services we make available. We know, for instance, how many visitors there are to our website, when they visited, for how long and to which areas of our website they went.
We do not use this information to:
- analyse your visits to any other websites or
- track any Internet searches which you may make while on our website.
Functional cookies are essential for a website to work. for example, a so called ‘session’ cookie which makes sure that you don’t have to keep logging in on every page you visit, or a cookie that keeps track of your shopping cart on the website.
We use Google analytical cookies. Analytical “cookies” help us analyse how visitors use our website, allowing us to continually improve to best meet our visitor’s needs. The information generated by the cookie about your use of the website (including your time and duration of visit, which pages you visited, browser used, IP address etc.) will be stored on a UK based server and won’t be shared with third parties, except, perhaps, as summary information such as the total number of hits.
Are third party sites and embeds covered by this policy?
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
ANNEX 1: HOW TO CONTACT YOUR LOCAL SUPERVISORY AUTHORITY
Country in which you use Amethyst Health Screening Ltds’ services or supply Amethyst Health Screening Ltd with services: UK
Details of your local supervisory authority: The Information Commissioner’s Office.
You can contact them in the following ways:
- Phone: 03031231113
- Email: firstname.lastname@example.org
Post: Information Commissioner’s Office
Clients: while it speaks for itself, this category covers our customers, clients, and others to whom Amethyst Health Screening Ltd provides services in the course of its business.
Delete: while we will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so, some of your data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists on an archive system, this cannot be readily accessed by any of our operational systems, processes or Staff.
General Data Protection Regulation (GDPR): a European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.
Staff: includes employees and interns engaged directly in the business of Amethyst Health Screening Ltd (or who have accepted an offer to be engaged) as well as certain other workers engaged in the business of providing services to Amethyst Health Screening Ltd (even though they are not classed as employees). For these purposes we also include employees of Amethyst Health Screening Ltd who are engaged to work on Clients’ premises under the terms of MSP (Managed Service Provider) agreements.
Suppliers: refers to partnerships and companies (including sole traders), and atypical workers such as
independent contractors and freelance workers, who provide services to Amethyst Health Screening Ltd.
Website Users: any individual who accesses the Amethyst Health Screening website.
Data controller: A controller determines the purposes and means of processing personal data.
Data processor: A processor is responsible for processing personal data on behalf of a controller.
Data subject: Natural person
Personal data: The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, NHS number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data: The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.