How we use your information
We are committed to protecting your privacy. This privacy notice tells you exactly what to expect when Bridge Case Management (BCM) collects personal information. It applies to information we collect about:
· Visitors to our website
· Referred clients
· NHS professionals
Bridge Case Management (BCM) has always followed strong data protection principles in line with the Data Protection Act 1998 and the Information Commissioner’s Office (ICO) guidelines. The instigation of the new GDPR regulations has prompted BCM to revise and publish its policies, to provide assurance and clarity to all those who interact with BCM as a client or professional.
Under Article 5 of the GDPR it is required that personal data shall be;
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The lawful basis for information gathering for BCM is – Medical diagnosis and treatment (GDPR).
- Art.8(3) The processing is required for the purpose of medical treatment undertaken by health professionals.
- Art.9(2)(h), processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.
Visitors to our website
When someone visitswe do not make any attempt to find out the identities of those visiting our website. If we do collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Cookies that we use are detailed below
We use session cookies to record non-sensitive information about your visit to our website and how you navigate your way around this so that you are able to return to previous pages or sections of a page you may have scrolled to. The information we record through this cookie can NOT be used to identify you personally and once your visit to our website has ended, this is automatically erased.
Universal Analytics (Google)
We make use of Google Analytics, a third party tool which allows us to understand where our visitors are originating from (Google, Facebook, Email, etc) and to also understand how our visitors interact with different sections of our website (return visits, pages viewed, time spent on the site, buttons clicked, forms completed, etc). The information collected through these cookies is only used to draw conclusions based on number counts and can NOT be used to identify you personally. They will only remain active on your computer for a maximum of 90 days, after which period this is automatically erased. Read Google's overview of privacy and safeguarding data
Individuals making enquiries
When enquires are submitted to us we use the information supplied to process the enquiry and respond appropriately. This includes telephone, email and web-based enquiries. Email monitoring and blocking software may be used to filter incoming emails. Please be aware that you have a responsibility to ensure that any email you send to BCM is within the bounds of the law.
Case Management Database
Clients details are added to the database at the point of referral, along with the solicitors and insurers details. As the clients’ rehabilitation journey progresses other relevant details will be added to the clients file on the database. This may include GP details, NHS treating professionals’ details and any funded therapy or provider details.
Copies of any clinic letters relating to injuries sustained, and reports received or generated by BCM will be stored on the database, along with correspondence with parties involved in the clients rehabilitation.
All data is stored securely with multiple safeguards in place.
In order to facilitate rehabilitation, it is imperative that BCM is able to share information with the service providers involved in the clients’ rehabilitation journey. Select information will be shared to appropriately vetted professionals, who hold appropriate registration and insurance, and in line with the clients signed consent held on record.
Appropriate information will be shared with the stakeholders, to facilitate the client’s rehabilitation.
Access to personal information
BCM tries to be as open as it can in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR. BCM has a policy of non-disclosure of information requested without prior consent of the individuals involved.
If we do hold information about you we will:
· Give you a description of it;
· Tell you why we are holding it;
· Tell you who it could be disclosed to; and
· Let you have a copy of the information in an intelligible form.
To make a request to BCM for any personal information we may hold, you need to put the request in writing, and send it to Bridge Case Management, Unit , Primrose Hill, Buttercrambe Road, Stamford Bridge, YO41 1AW or email us on. If you agree, we will try to deal with your request informally, for example by providing you with specific information over the telephone.
If we do hold information about you, you can ask to have us correct any mistakes by contacting us.
As an individual, if you have issues accessing your personal information with any organisation you have the right to lodge a complaint with the ICO.
Your rights as a data subject
Right to rectification – the right to request us to rectify inaccurate personal data.
Right to object - the right to object to processing based on either public interests or legitimate interests. Processing must stop, unless we demonstrate compelling grounds for continuing the processing or that the processing is necessary in connection with our legal rights.
Right to object to direct marketing.
Right to be forgotten – the right to have us erase personal data with undue delay. Contingent on the occurrence of one of the following: the data is no longer necessary, you withdraw your consent (where consent is our legal basis for processing), we have no overriding grounds for continuing to processing against the objection, processing was unlawful, erasure is necessary with EU or national law.
Right to restrict data processing – the right to have us restrict processing if: the accuracy of the data is contested, processing is unlawful, we no longer need the data for its original purpose, but need it for legal purposes, erasure is pending.
Right of data portability – the right to receive a copy of your data in a community in a machine-readable format for transfer to another controller.
BCM does not make a decision based on automated means without human involvement, nor engages in automated processing of personal data to evaluate certain things about an individual. Hence your right to automated decision making including profiling does not apply with us.
Any formal subject access request should be made in writing to the addresses provided earlier. This will be provided free of charge. However, we reserve the right to charge a reasonable fee for repetitive, unfounded or excessive requests or additional copies.
Retention and deletion
BCM retains your information whilst your case remains active. Case files can be disposed of six years after closure of a case. This in line with the Law Society guidelines. Cases which are settled on a provisional damages basis need to be held until at least six years after the expiry of the provisional damages order.
You may request your details be deleted at any time. However, subject to applicable law, BCM may retain information after a request for it to be deleted if there is an unresolved issue relating to the file.
BCM strives to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to notify us if they think our collection or use of information is unfair, misleading or inappropriate.
Links to other websites
This privacy notice does not cover the links contained within this site linking to other websites.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated July 2018.
How to contact us
If you want to request information about our policies or to make a comment you can contact us here or write to:
Data Protection Officer
Bridge Case Management