Website Terms & Conditions
THERAPYAUDIT Limited on behalf of the Come Correct Scheme
THERAPYAUDIT Limited are the data processor for the Come Correct Condom Distribution Scheme (“the scheme”).
The data controllers for this scheme are the individual boroughs (Local Authorities) which make up the scheme as presented within their respective pages.
For all requests regarding the control of your data please contact dataprotection@comecorrect.org.uk. Your request will be forwarded (if required) to the relevant controller.
For requests relating to data collection for the purposes of the Come Correct website please contact dataprotection@therapyaudit.com.
The remainder of this policy relates to the use of this website (excluding online registration) as this is handled by the policy presented on the respective registration page.
Come Correct Team
THERAPYAUDIT Limited
Suite 4Century House
Swavesey
Cambridge
CB24 4QG
dataprotection@therapyaudit.com
1. Why we process personal data (the legal basis)
We process each type of personal data for one the following reasons:
- We need to process the data under our contract with the Local Authorities that make up The Scheme in order to provide you with information about the services that they provide.
- We have a legitimate interest as a business in processing your data;
- We have a legal obligation to process the data; or
- We have your consent (which you can withdraw at any time).If you don’t provide us with the data we need then we will not be able to show the services that may be of benefit to you.
2. Types of personal data
For the purposes of this website we collect:
Technical data: including IP address, your login data, browser type and version, location, browser plug-in types and versions, online chat logs and other information on the devices you use to access our services;Location Data (where allowed) to present services that are geographically closest to you. This location data is not stored, once you leave the page the data in the User Session is “lost”.
3. How we use personal data
We process your personal data collected on this website solely for the purposes of facilitating and reporting on the uptake of Come Correct Scheme, this includes:
- Informing you of services which may be of relevance to you
- Auditing and improving our IT systems and websites
- Facilitating stakeholder engagement such as focus groups or surveys
If you contact us directly, we will need to process your personal data in order to resolve your request.
4. How we obtain your information
We may collect your personal data from a variety of sources, including (but not limited to)
- Information provided by you directly to us
- when you visit our website, we may collect and process information about your usage of these by using “cookies” and other similar technologies to help us make improvements to the websites and to the services we make available.
5. Who your information is shared with
Personal data collected is only shared in aggregated form in order to inform and promote the success of the Come Correct Scheme.
However if you contact us directly (e.g. a Subject Access Request) we may need to pass your information onto the Data Controller for your Local Authority, which is required to complete your request.
Finally, we will only share personal data if we are required to do so by law – for example, by court order or to prevent fraud or other crimes.
Vendors, Consultants, and Other Third-Party Service Providers: We may share your data with third-party vendors, service providers, contractors, or agents third parties who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organisation apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:
- Website Hosting Providers
- When we use Google Maps API and if you choose to share your location. In this situation sharing of your location data with google is needed in order for Google Maps to correctly function. You can find out more about Google’s Privacy Policy here [https://policies.google.com/privacy].
We will not:
- sell or rent your personal data to third parties
- share your personal data with commercial companies for marketing purposes
6. How long we keep your information
As the data collected by this website is used for reporting purposes, it is aggregated as soon as feasibly possible in order that it is no longer classed as Personal Data. Please contact dataprotection@comecorrect.org.uk if you wish to make a request.
7. Security and storage of information
We recognise that your personal data is very valuable and so we take its security very seriously. We have set up systems and processes to prevent unauthorised access or disclosure of your data through the use of:
- Auditing – we keep records of those who access personal information
- Access controls – members of staff are provided with their own username and password to access your information
- Electronic records management – all healthcare records are stored confidentially and in secure locations
- Computer controls – We have complex security controls to ensure our computers cannot be accessed by those not authorised to do so – such as hackers
- Encryption – computer devices that hold personal information such as laptops are encrypted in case the device storing the data is lost or stolen
All THERAPYAUDIT staff must complete Information Governance training. This training makes staff aware of the importance of confidentiality and security of your personal data and makes clear that they are personally responsible for the security of any information, which they are processing. This training must be completed every two years. We also make sure that any third parties we deal with keep all personal data they process on our behalf safe and secure.
8. Your rights
Data Protection legislation provides various individual rights for data subjects including:
- Right to be informed
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated decision making and profiling
Not all of these rights are absolute, which means we often have to balance your wishes against other requirements. For example, it is unlikely that a request from an individual to delete their entire health record would be agreed. We are always guided by our clinical customers and their data security advisors when considering requests for deletion of data. This may be because there are other legal reasons that such records need to be kept and, if future treatment is required, the individual could be at risk of harm as a result of information not being available. Some rights are unlikely to apply in the context of the work we do, for example, the right to erasure and right to portability. For an explanation of all your rights please see the ICO’s guidance, which you can access here. If you wish to exercise any of these rights or have any queries or concerns regarding our processing of your personal data, please contact us using the contact details provided below.
9. This Website
Our public-facing websites use SSL encryption to secure any data you may submit to us in a contact form or request for information.
Google Analytics
Our websites may use Google Analytics (external website), a web analytics service provided by Google Inc. (‘Google’). Google Analytics uses ‘cookies’ and JavaScript code to help analyse user activity on websites. The information generated about your use of the website (including your IP address) will be transmitted to and stored on Google servers in the United States. Google will use this information to produce user activity reports for the website visited. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data previously held. You may refuse the use of cookies by selecting the appropriate settings on your browser. Please note that if cookies are disabled, you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Read Google’s Full Privacy Policy (external website) and Terms of Service (external website) for detailed information
Use of cookies
Cookies are small files that websites put on your computer hard disk drive when you visit. Cookies pass information back to websites each time you visit. They are used to uniquely identify web browsers, track user trends and store information about user preferences. You can restrict/disable cookies on your browser; please note that some website features may not function properly without cookies
Use of search engine technology
Our website may contain search facilities. Search queries and results may be logged anonymously to help us improve our website and search functionality. No identifiable personal information will be collected by us.
12. Changes to this policy
We keep our privacy policy under regular review to ensure it remains relevant, accurate and up to date. Any changes to this privacy policy will apply to you and the information held about you immediately.
13. Right of complaint
You have the right to lodge a complaint in relation to this privacy notice or our processing activities with the Information Commissioner’s Office, which you can do through the website or their telephone helpline.