Website Privacy Policy.
Purpose
1.1 To provide a template Website Privacy Policy that HG HEALTH LIMITED can adapt to use on their website.
1.2 By using the template Website Privacy Policy provided, HG HEALTH LIMITED will ensure that the policy
on their website is UK GDPR compliant.
1.3 To support HG HEALTH LIMITED in meeting the following Key Lines of Enquiry/Quality Statements
1.4 To meet the legal requirements of the regulated activities that {HG HEALTH LIMITED} is registered to provide:
The Privacy and Electronic Communications (EC Directive) Regulations 2003
Data Protection Act 2018
UK GDPR
Scope
2.1 The following roles may be affected by this policy:
All staff
2.2 The following Service Users may be affected by this policy:
Service Users
Website Users
2.3 The following stakeholders may be affected by this policy:
Family
Advocates
Representatives
Commissioners
External health professionals
Local Authority
NHS
Objectives
3.1 To provide assurance that HG HEALTH LIMITED has a Website Privacy Policy in place for users of
its website that is UK GDPR compliant.
3.2 To establish ways of working in terms of the use, storage, retention and security of personal data.
3.3 To ensure that all data subjects, including Service Users, understand the ways in which their personal
data is collected and processed by HG HEALTH LIMITED via their website.
Policy
4.1 HG HEALTH LIMITED understands that if they operate a website, they need to ensure their Website
Privacy Policy complies with UK GDPR. HG HEALTH LIMITED will use the Website Privacy Policy template
as a template for its updated version.
HG HEALTH LIMITED understands that the Website Privacy Policy only needs to be uploaded to their
website if personal data is collected via the website.
HG HEALTH LIMITED will use the Website Privacy Policy template to inform all data subjects,
including Service Users, how their personal data is processed.
4.2 HG HEALTH LIMITED understands that the Website Privacy Policy template can be found in the UK
GDPR suite within the QCS management system.
HG HEALTH LIMITED understands that terms in square brackets are optional (depending on whether or
not they apply to HG HEALTH LIMITED).
HG HEALTH LIMITED must review the Website Privacy Policy in its entirety to determine which elements are
applicable to its website, and which are not relevant.
For example:
If the template Website Privacy Policy refers to personal data that is not collected by HG HEALTH
LIMITED via its website, HG HEALTH LIMITED can remove this
If the website of HG HEALTH LIMITED does not use cookies, they will delete references to cookies and
the Cookie Policy
If HG HEALTH LIMITED does not transfer personal data outside of the UK and EEA, they will delete the
section entitled "Where we store your personal data"
If HG HEALTH LIMITED is not required to appoint a Data Protection Officer, they will delete references
to the Data Protection Officer
HG HEALTH LIMITED may consider replacing Data Protection Officer references with 'Privacy
Officer' instead, referencing the person nominated to have day-to-day responsibility for data protection
and UK GDPR; or
If HG HEALTH LIMITED uses personal data collected via its website in a way that is not described in the
Privacy Policy, it must consider incorporating additional sections
This Website Privacy Policy directs users to a webpage with a contact form or contact details if they wish to
contact HG HEALTH LIMITED. HG HEALTH LIMITED will consider whether to provide an alternative contact
method instead, such as an email address and/or phone number.
If HG HEALTH LIMITED has any concerns or queries in respect of the template Website Privacy Policy, they
must seek legal advice.
4.3 UK GDPR has changed the way cookies should be incorporated into websites and what information
about the cookies should be provided. This means that HG HEALTH LIMITED must explain what cookies will
be set and what the cookies will do to the users of its website.
HG HEALTH LIMITED must obtain consent from individuals to store or use certain cookies on devices and
consent must be to the UK GDPR standard. Cookies that are not strictly necessary, or are used for a
secondary purpose, need consent which is UK GDPR compliant, this means that HG HEALTH LIMITED
cannot rely on implied consent.
HG HEALTH LIMITED will ensure that it uses a cookie banner or other appropriate consent process on its
website to obtain consent to the use of cookies in line with this policy and that if no consent is obtained, no
cookies will be set.
4.4 HG HEALTH LIMITED must, therefore, update its processes for collecting consent for cookies. In
practice, this means:
Users must take a clear and positive action to consent to non-essential cookies
The websites and apps of HG HEALTH LIMITED must tell users clearly what cookies will be set and
what they do, including any third-party cookies
Pre-ticked boxes or any equivalents, such as sliders defaulted to “on”
, cannot be used for non-
essential cookies
The users at HG HEALTH LIMITED must have control over any non-essential cookies
Non-essential cookies must not be set on landing pages before you gain the user’s consent
Consent is not required for cookies that are defined as “strictly necessary” or that fall within the
communication exemption. “Strictly necessary” cookies are those that are essential to providing the service
requested by the user. Such cookies must be essential to fulfil their request. Those that are simply helpful
or convenient, but not essential, or that are essential for the purposes of HG HEALTH LIMITED, will still
require consent. The communication exemption is about the transmission of a communication over an
electronic communications network. For the exemption to apply, the transmission of the communication
must be impossible without the use of the cookie. Simply using a cookie to assist the communication is
insufficient for the exemption to apply.
HG HEALTH LIMITED must note, in particular, that cookies used for analytical purposes or those used for
marketing and advertising will always need consent as they are considered to be non-essential.
HG HEALTH LIMITED must read the ICO’s cookie guidance available at: https://ico.org.uk/for-
organisations/guide-to-pecr/cookies-and-similar-technologies/ for further information on the types of cookie
that require consent.
Procedure
5.1 HG HEALTH LIMITED will consider whether or not it collects personal data via its website (for example,
via enquiry forms, requests to be sent newsletters, requests for provision of services) and whether it needs
a Website Privacy Policy. HG HEALTH LIMITED acknowledges that the use of cookies constitutes
processing of personal data via the website.
5.2 HG HEALTH LIMITED will adapt the Website Privacy Policy before uploading it to its website to ensure
that all aspects of the Website Privacy Policy are relevant and reflect the ways in which HG HEALTH
LIMITED processes personal data collected via its website.
Where HG HEALTH LIMITED has any concerns or queries in relation to its own Privacy Statement, HG
HEALTH LIMITED will seek legal advice.
5.3 HG HEALTH LIMITED will use the Privacy Policy template to inform all other data subjects, including
Service Users, about how HG HEALTH LIMITED processes personal data other than personal data
collected via the website.
Definitions
6.1 Special Categories of Data
A term for personal data that is sensitive and personal in nature. Special categories of data include but
are not limited to medical and health records (including information collected as a result of providing
health care services), Care Plans, generic and biometric data and information about a person's
religious beliefs, ethnic origin and race, sexual orientation, trade union membership and political views
6.2 Cookies
Cookies are small text files sent from a website and stored on a user's computer, either temporarily or
permanently. They are designed to hold a modest amount of data specific to a particular client so that
a website can identify the user and can be used in a number of ways such as to analyse traffic to a
website, support users logging in or track users’ browser activity
6.3 Process or Processing
Doing anything with personal data, including but not limited to collecting, storing, holding, using,
amending or transferring it. HG HEALTH LIMITED does not need to be doing anything actively with
personal data - at the point HG HEALTH LIMITED collects it, it is processing it
6.4 ICO
The Information Commissioner's Office
6.5 UK GDPR
General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data
protection and privacy for all individuals within the European Union
The UK GDPR is the retained EU law version of GDPR that forms part of English law
6.6 Data Protection Act 2018
The Data Protection Act 2018 is a United Kingdom Act of Parliament that updates data protection laws
in the UK. It sits alongside the UK General Data Protection Regulation and implements the EU's Law
Enforcement Directive
6.7 Data Subject
The identified or identifiable individual about whom HG HEALTH LIMITED has collected personal data
6.8 Personal Data
Any information about a living person from which that person can be identified directly or indirectly
including but not limited to names, email addresses, postal addresses, job roles, photographs, CCTV,
online identifiers and special categories of data as defined in section 6.7
Key facts - Professionals
Professionals providing this service should be aware of the following:
The Website Privacy Policy applies to personal data collected via the website of HG HEALTH LIMITED
Key Facts - People affected by the service
People affected by this service should be aware of the following:
Personal data provided to HG HEALTH LIMITED via its website will be processed in accordance with the Website Privacy Policy at HG HEALTH LIMITED
Further Reading
As well as the information in the 'underpinning knowledge' section of the review sheet we recommend that
you add to your understanding in this policy area by considering the following materials:
Please find the form below in the Forms section of the GDPR suite of policies within the QCS
Management system:
Cookie Example Policy Statement
Website Privacy Statement
BBC - What do I need to know about cookies?
What do I need to know about cookies? - Using the BBC
ICO cookie guidance:
https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/
Outstanding Practice
To be ‘ outstanding ’ in this policy area you could provide evidence that:
The wide understanding of the policy is enabled by proactive use of the QCS App
HG HEALTH LIMITED has modified the template Website Privacy Policy to ensure that it includes all
information relevant to the collection of personal data via its website and has uploaded a copy to its website
HG HEALTH LIMITED ensures that clear links are available to the privacy policy on its website and that,
if a person inputs personal data into the website, they are directed to the policy and required to accept its terms
Forms
The following forms are included as part of this policy:
Cookies Example Policy Statement - GDPR08 - Use: When HG HEALTH LIMITED has
no information on the use of cookies on its website (a Cookie Policy). It can be used with the Website Privacy Statement.
Website Privacy Policy Statement - GDPR08 - Use: To be used on a website if the website processes personal data.
Cookies Example Policy Statement - GDPR08
Cookies are small text files which a website may put on your computer or mobile device when you first visit the
website. The cookies will help the website recognise your device the next time you visit. Web beacons or other
similar files can also do the same thing. We use the term “cookies” in this policy to refer to all files that collect
information in this way.
We use cookies to distinguish you from other users of the website. This helps us to provide you with a good
experience when you use the website and also allows us to improve the services we provide to you. On revisiting
the website, we will be able to obtain information about your previous visits and about your computer including
where available, your IP address, operating system and browser type, for system administration [and to report
aggregate information to our advertisers] [insert an explanation about the information your cookies collect if it is
necessary to expand on this]. [If you do not report aggregate information to advertisers, you can delete the
foregoing policy entry]. This is statistical data about your browsing actions and patterns and does not identify you.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is
stored on the hard drive of your computer.
We use the following cookies:
• Strictly necessary cookies. These are cookies that are essential in order to enable you to move
around the website and use its features, such as accessing secure areas of the website. Disabling them
may mean you are not able to access parts of our website.
• Analytical or performance cookies. We use these cookies to collect information about how
visitors use the website, for instance which pages visitors go to most. This helps us to improve the way
our website works, for example, by ensuring that users are finding what they are looking for easily.
Some of these cookies are known as analytic cookies which allow us to monitor website traffic using
industry accepted third parties. [If you do not use analytical or performance cookies, you can
delete this policy entry].
• Functionality cookies. These cookies are used to recognise you when you return to our website
and to remember changes you have made to things such as text size, fonts and other parts of the
website you can change so we can personalise our content for you.
• Targeting cookies. We use these cookies to record your visit to our website, the pages you have
visited and the links you have followed. We will use this information to make our website and the
advertising displayed on it more relevant to your interests. We may share this information with third
parties for this purpose. [If you do not use targeting cookies, you can delete this policy entry].
For more details on the specific cookies we use, why we use them and when they will expire, please see Part 1 of
Appendix 1 of this Cookie Policy.
[Please note that third parties (such as advertising networks and providers of external services) may also use
cookies on the website, over which we have no control. These cookies are likely to be analytical cookies,
performance cookies or targeting cookies. Part 2 of Appendix 1 of this Cookie Policy provides a list of the third
parties who may use these cookies and the reasons for which they use them.] [If you do not use third parties for
these services, you can delete this policy entry].
Most browsers accept cookies automatically, but you can change your cookie preferences by adjusting your
browser settings to refuse the setting of all or some cookies if you prefer. You can usually do this by visiting the
“options” or “preferences” menu on your browser. Please note, however, that if you do this and choose to block all
cookies (including essential cookies) we cannot guarantee that your experience will be as fulfilling as it would
otherwise be, and you may not be able to access all or parts of our website.
Where we collect personal data as part of our use of cookies on the website, we will do so in accordance with
our Privacy Policy [insert hyperlink to Privacy Policy].
Website Privacy Policy Statement - GDPR08
We are HG HEALTH LIMITED, a [company] incorporated in [England and Wales] [Scotland]. Our company
number is [insert registered company number] and our registered address is Suite 701-702
Tower Bridge Business Centre
46-48 East Smithfield
London
E1W 1AW
("HG HEALTH LIMITED" / "we" / "our" / "us"). We are committed to ensuring that your privacy is protected. We
comply with the UK General Data Protection Regulation (“UK GDPR”) unless and until the UK GDPR is no longer
directly applicable in the UK. We also follow all national implementing laws, regulations and secondary legislation
as amended or updated from time to time in the UK, and any successor legislation to the UK GDPR and the DPA
(together “Data Protection Legislation”). We are the data controller of data you pass to us pursuant to this policy.
Our Data Protection Officer can be contacted at [insert email address for DPO. If there is no DPO, delete
reference to them].
This Privacy Policy [together with our website terms and conditions and cookie policy] sets out how we collect
personal information from you and how the personal information you provide will be processed by us. By visiting
the website at https://hansongrey.com/ (the “Website”) you are accepting and consenting to the practices
described in this Privacy Policy. If you do not consent, please do not submit any personal data to us.
What information does HG HEALTH LIMITED hold and how will we use it?
Information you give HG HEALTH LIMITED: You may give us information about you by completing enquiry
forms on the website or by requesting via the website that we send you marketing information, or [insert any other
reason for which a person may upload their personal data to the website]. The information you give us may
include your name, email address, address/location and phone number [if there are any other types of personal
data that HG HEALTH LIMITED collects via the website, add them to this list. This does not include all personal
data processed by HG HEALTH LIMITED but only personal data it collects through its website].
We will retain this information while we are corresponding with you or providing services to you or to a Service
User you represent. We will retain this information for [insert the relevant retention period for the types of personal
data listed above. If it is not possible to insert the retention period, explain the criteria HG HEALTH LIMITED
uses for determining how long it will retain the personal data. Refer to the Records Management Code of
Practice for Health and Social Care if required].
Information HG HEALTH LIMITED collects about you: HG HEALTH LIMITED may collect the following
information from you when you visit the website:
• Technical information, including the Internet protocol (IP) address used to connect your computer to the
Internet, your login information, browser type and version, time zone setting, browser plug-in types and
versions, operating system and platform; and
• Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through
and from the website (including date and time), products you viewed or searched for, page response times,
website errors, length of visits to certain pages, page interaction information, methods used to browse away
from the page and any phone number used to call our helpline
We retain this information for [insert the relevant retention period for the types of personal data listed above. If it
is not possible to insert the retention period, explain the criteria HG HEALTH LIMITED uses for determining how
long it will retain the personal data].
Information we receive from other sources: This includes information we receive about you when you use
other websites operated by us or other services we provide. This information may include your name, email
address, postal address and phone number. We will retain this information for [insert the relevant retention period
for the types of personal data listed above. If it is not possible to insert the retention period, explain the criteria
HG HEALTH LIMITED uses for determining how long it will retain the personal data].
Cookies
The Website uses cookies to distinguish you from other users of the website. For detailed information on the
cookies we use and the purposes for which we use them, please see our Cookie Policy [insert hyperlink to Cookie Policy].
Use Made of the Information
We may use the information we receive and/or collect about you to:
• Fulfil our obligations under any contract that we have entered into with you or with a Service User that you
represent, and to provide you or the relevant Service User with information or services that you or the Service
User has requested
• Send you newsletters and marketing information if you have consented to us doing so
• Notify you of products and services that we feel may interest you, or permit third parties to do so if you
have provided the appropriate consent
• Monitor website usage and provide statistics to third parties for the purposes of improving and developing
the website and the services we provide via the website
HG HEALTH LIMITED processes personal information for certain legitimate business purposes, which include
some or all the following:
• Where the processing enables HG HEALTH LIMITED to enhance, modify, personalise or otherwise
improve the website, its services or communications
• To identify and prevent fraud
• To enhance the security of the network and information systems of HG HEALTH LIMITED
• To better understand how people interact with the websites of HG HEALTH LIMITED
• To administer the website and carry out data analysis, troubleshooting and testing; and
• To determine the effectiveness of promotional campaigns and advertising
If we obtain consent from you to do so, we may provide your personal details to third parties so that they can
contact you directly in respect of services in which you may be interested.
Where we are processing personal data that we have obtained via the website on the basis of having obtained
consent from you, you have the right to withdraw your consent to the processing of your personal data at any time. If
you would like to withdraw your consent or prefer not to receive any of the above-mentioned information (or if you
only want to receive certain information from us) please let us know by contacting us via the following webpage
[insert link to webpage]. Please bear in mind that if you object, this may affect our ability to carry out the tasks
above for your benefit.
If you wish to have your information removed from our database or if you do not want us to contact you for
marketing purposes, please let us know by clicking the "Unsubscribe" option in any email we send to you and
providing the details requested or by contacting us via the following webpage [insert webpage link] and we will
take steps to ensure that this information is deleted as soon as reasonably practicable.
We will not share, sell or distribute any of the information you provide to us (other than as set out in this policy)
without your prior consent, unless required to do so by law.
We may carry out automated decision-making using the personal data you provide to us. We do so to [insert an
explanation about the automated decision-making (including profiling) that you carry out. You should explain
the logic involved and the significance and potential consequences for the Data Subject. For example, if you
track their behaviour on your website to send targeted advertising, explain this process. If you do not carry out
any automated decision making, you can delete this policy entry].
Third Party Sites
Our website may contain links to third party websites, including websites via which you are able to purchase
products and services. They are provided for your convenience only and we do not check, endorse, approve or
agree with such third-party websites nor the products and/or services offered and sold on them. We have no
responsibility for the content, product and/or services of the linked websites. Please ensure that you review all
terms and conditions of website use and the Privacy Policy of any such third-party websites before use and before you submit any personal data to those websites.
How Safe is your Information?
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the
website, you are responsible for keeping this password confidential. We ask you not to share a password with
anyone.
Protecting your security and privacy is important to us and we make every effort to secure your information and
maintain your confidentiality in accordance with the terms of the Data Protection Legislation. The website is
protected by various levels of security technology, which are designed to protect your information from any
unauthorised or unlawful access, processing, accidental loss, destruction and damage.
We will do our best to protect your personal data but the transmission of information via the Internet is not
completely secure. Any such transmission is therefore, at your own risk.
Disclosure of your Information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate
holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006. We may share your
information with selected third parties including:
• Business partners, suppliers and sub-contractors for the performance of any contract we enter with them
or you
• Third parties who may wish to contact you in respect of services or products they offer or sell which may
be of interest to you, provided we receive your consent to such disclosure; and/or advertisers and advertising
networks that require the data to select and serve relevant adverts to you and analytics and search engine
providers that assist us in the improvement and optimisation of the website
Please note, we may need to disclose your personal information where we:
• Sell any or all of our business or assets or we buy another business or assets in which case we may
disclose your personal data to the prospective buyer or seller
• Are under a legal duty to comply with any legal obligation or to enforce or apply our terms and conditions;
or
• Need to disclose it to protect our rights, property or the safety of our customers or others, including the
exchange of information with other companies, organisations and/or governmental bodies for the purposes
of fraud protection and credit risk reduction
Where we Store your Personal Data
Although we have left the EU, UK GDPR still requires the following:
[if HG HEALTH LIMITED does not transfer personal data outside the EEA, this policy entry can be deleted].
The data that we collect from you may be transferred to, and stored at, a destination outside the European
Economic Area ("EEA") to [insert the reasons why personal data is transferred outside the EEA, for example,
because it is hosted on a server outside the EEA]. By submitting your personal data, you agree to this transfer,
storing or processing. HG HEALTH LIMITED will take all steps reasonably necessary to ensure that your data is
treated securely and in accordance with this Privacy Policy. If a finding of adequacy hasn't been made by the EC
Commission in respect of the country to which the data is transferred, we will only transfer it where there are
appropriate safeguards in place, including the use of EU standard contractual clauses or an intragroup agreement.
Your Rights in Respect of your Data
If any of the information you provide to us via the website changes, please let us know as soon as possible so that
we can make the necessary changes to the information we hold for you on our database. If you wish to make any
changes to your information, please contact us via the following webpage [insert webpage link].
If you wish to access or rectify the information we hold about you, or request that such information be transmitted
directly to another data controller, please contact us via the following webpage [insert webpage link]. We shall
process your request to access your information within one month of receipt, or we will let you know within that timeframe if we need more information from you. We will process your request free of charge.
To request that your information is deleted or if you wish to restrict or object to the processing of your information,
please contact us via the following webpage [insert webpage link].
If you have any complaints about our use of your personal data, please contact us. You also have the right to
complain to the relevant supervisory authority in your jurisdiction. In the UK, the supervisory authority is the
Information Commissioner's Office. Contact details for the ICO can be found at https://ico.org.uk/.
If you have any further queries or comments on our Privacy Policy, please contact us via the following webpage
[insert webpage link] or you can contact us by emailing [insert email address]. We also welcome your views about
our website and our Privacy Policy.