Connexus Medical Appointments Limited (referred to as “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our clients that communicate (online or offline) with us, at events, over the phone, via our website, helpdesk and social media platforms.

We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information.

Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018.

This policy should be read together with our Cookie Policy that can be found on our website.

Connexus Medical Appointments Limited are the controller for the personal information we process, unless otherwise stated. We are registered with the Information Commissioner’s Office (the ICO) with registration number Z3293705.

Connexus Medical Appointments Limited is part of the Connexus Group of companies, (a private limited company registered in England with the company number 07821240).

You can contact us either by phone, email or post.

  • By phone: 0333 0433 796
  • By email: please use the Contact us page of the website
  • By post: 850 Ibis Court, Warrington, WA1 1RL

Our Data Protection Officer can be contacted at the above address or by emailing cmadataprotection@connexus.co.uk

We collect Personal Data directly from you via our Website (www.connexusmedicalappointments.co.uk) and other communications between us when you use or apply for our services.

We only collect personal information that we know we will genuinely use and in accordance with the Data Protection Legislation. The type of personal information that we will collect about you, from third party organisations or that you have voluntarily provided to us on this website or from enquiry/contact forms, event/exhibition or other contact methods includes:

Identity Data includes first name, maiden name, last name, marital status, title, date of birth, gender, passport information, driving licence information or other identification information, CCTV footage if you visit the practice.

Contact Data includes present and previous address, email address, telephone numbers, registration form, LinkedIn profile

Employment Data includes the industry you work within.

Financial Data includes payment card details. This is retained in line with Payment Card Industry Data Security Standards (PCI DSS)

Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website. Records of conversations.
(Calls may be recorded for training and monitoring purpose)

Profile Data includes information you provide us, services offered and used, your marketing preferences, feedback and survey responses

Other Personal Data you voluntarily provide, which may include people appointed to act on your behalf and special category personal data, for example data which you provide about your health where this relates to your ability to meet your obligations under the agreement. We have details of any accident you may have had including the date and any photographic evidence.

Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

For information received/added to the MedCo portal, please refer to the Medco Privacy Policy for information on how they will process personal data.

We must have a legal basis (lawful reason) to process your personal data. In most cases, the legal basis will be one of the following.

  • Contract: the processing is necessary to enter into a contract you have with us.
  • Legal obligation: the processing is necessary for us to comply with the law. For example, Money Laundering Regulation and associated laws.
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. For example, to understand how customers use our services so we can develop new services and improve the services we currently provide.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws.

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you choose not to provide it, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

Purpose/Processing activity Lawful bases for processing
To contact you, following your enquiry or to reply to any questions. Performance of a contract
Customer Service enquiries: reply to suggestions, issues or complaints you have contacted us about. Legitimate interest
Fulfilling our contract to provide you with the agreed service. Performance of a contract
Taking payment from you or giving you a refund. Performance of a contract
Process medical details/history provided by you or received from a Doctor/Medical Expert Performance of a contract
Consent
Helping us understand more about you as a client, the services you consume, so we can serve you better. Legitimate interest
Marketing/analytics from our website using cookies. Consent (where required)
For the purposes of arranging medical appointments with medical experts and obtaining such medical reporting either from the medical expert and your General Practitioner. Performance of a contract
For research and statistical analysis about our service. Legitimate interest

We may share your personal data with other organisations in the following circumstances:

  • If the law or a public authority says we must share the personal data.
  • If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk).
  • Insurers that have asked us to produce a report following an accident
  • Solicitors/Legal Advisors who have asked us to produce a report following an accident.
  • Medical Experts/General Practitioners (GP’s)/Consultants/Rehabilitation Providers who we need to share any information with
  • Diagnostics Providers who carry out specialist investigation
  • External Auditors who audit us to ensure we are working within regulations.
  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If the company or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • To protect the rights, or safety of our clients or others.

We will send you relevant news about our services in a number of ways including by email, but only if we have a legitimate interest to do so and we have completed a legitimate interest assessment for the processing activity.

Newsletters and marketing communications might be sent from our own domain - www.connexusmedicalappointments.co.uk

Each email communication will have an option to object to the processing, if you wish to amend your marketing preferences, you can do so by calling us on the number displayed on our website and update your preferences.

Your personal information is protected under data protection law and you have several rights (see below) available to you depending on our reason for processing. Please contact our Data Protection Officer should you wish to exercise these rights. We may need to verify your identity before we can act on your request.

You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you, subject to certain exceptions.

Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Request erasure of your personal data. You may ask us to delete information we hold about you in certain circumstances, this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in certain circumstances. It may not always be possible for us to delete the information we hold about you, for example, if we have an ongoing relationship with you or we are required to retain information to comply with our legal obligations.

Object to processing of your personal data when it is based upon our legitimate interests or for the purpose of statistical analysis, profiling or direct marketing.

Request restriction of processing of your personal data. This is not an absolute right and only applies in certain circumstances. For example, where you contest the accuracy of your personal information, it may be restricted until the accuracy is verified, or where the processing is unlawful but you object to it being deleted and request that it is restricted instead.

Request data portability of your personal data to you or to a third party. You have the right to receive, move, copy or transfer your personal information to another controller.

We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

For more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers, such as us, are available publicly. You can access them here - Your data matters.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with the Data Protection Legislation and never retain your information for longer than is necessary.

Unless otherwise required by law, your data will be stored for a period of seven years after our contract with you expires or two years after our last contact with you or some other identifiable action, at which point it will be deleted.

We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

If your information is transferred to a third party their Data Retention Policy may differ to ours.

We do not automate any of our services

Data security is of great importance to Connexus Medical Appointments Limited and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:

  • Limiting access to our buildings to those that we believe are entitled to be there by use of passes.
  • Implementing access controls to our information technology; and
  • We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, website and offices.

We do not transfer your personal data outside the European Economic Area (EEA), and should we require to do so, we will ensure we have standard contractual clauses in place.

It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes during your relationship with us. This should include any change of address, telephone numbers and health matters that may affect the management of your account.

If you have any questions about how we treat your personal data and protect your privacy please contact us at:

You also have the right to make a complaint to the Information Commissioner’s Office (ICO) here or call 0303 123 1113.

This version was last updated on 26 March 2021 and historic versions can be obtained by contacting us at compliance@connexus.co.uk. If changes to this privacy notice have a major effect on what we do with your personal data or on you personally, we will give you enough notice to allow you to exercise your rights (for example, to object to the processing).