Privacy Notice
1. Introduction
Accession Healthcare Consulting Ltd (Accession, we, our, us) is committed to respecting privacy, protecting personal information from misuse or unauthorised disclosure and complying with applicable privacy and data protection laws. Accession values its reputation and aims to maintain high ethical standards in the conduct of our business affairs.
This privacy policy explains how we use your personal information (see section 6 below for what we mean by “personal information”) in our interactions with you or otherwise in the course of providing services to our clients.
2. Who we are
Accession is a UK-based company. We provide consultancy, technical solutions and other services to the healthcare industry.
In the provision of most of our services, we will act as the “data controller”, meaning that we will make the decisions about what personal information is collected, and how it is used. This policy applies to our position as a data controller.
For a limited amount of our activities, we will act as the “data processor” for our clients, meaning that it will be our clients, and not us, who make the decisions about what personal information is collected and how it is used. In those situations, the relevant client’s privacy policy will apply to our processing of personal information. It will be clear in the context of our relationship with you as to whether we are acting as data controller or data processor. If you are unclear, please do contact us using the contact details listed in Section 3.
3. Our contact details
Email Address: | compliance@accessionhealth.com |
Telephone Number: | (0) 1491 577 563 |
Postal Address: | Accession Healthcare Consulting Privacy |
Southfield House 24 Greys Road Henley on Thames Oxfordshire RG9 1RY UK |
4. Why we process your personal information
We may process your personal information in the following contexts:
- to enable us to respond to your enquiries and emails;
- in order to communicate with you when you work for a supplier or client of ours, and in the management of our relationship with suppliers and clients; and
- in the course of our research activities or other services for our clients.
5. Where we obtain your personal information from
We obtain your personal information from the following sources:
- directly from you (via an email, letter, call, social media contact, or from a contact form on our website);
- from someone on your behalf (for example, by one of your team when your employer interacts with us as a client or supplier);
- in the course of our interactions with you (for example where we make notes of our conversations with you); and
- from publicly available sources (such as the publicly available website of your employer, professional directories or social media platforms).
6. What personal information do we process?
Depending on the context, we may process the following personal information about you:
- name
- employer/company details
- role and experience
- email address
- phone number
- LinkedIn profile and any other applicable public social media profiles
- payment information (if you are a supplier or participant in a research activity, where applicable)
- opinions (where you volunteer them whilst you are a participant in a research activity)
- information collected by cookies on our website, accessionhealth.com. We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. You can read more about how we use cookies on our Cookies page.
7. What is our lawful basis for processing
UK data protection law requires that we only process your personal information where we have a “lawful basis” to do so. We rely on the following lawful bases for our processing:
- consent – where we have asked you for your explicit consent. For example, if you share dietary preferences with us when attending an event we will ask you for your consent to store this information and to use it to provide you with the correct dietary options.
- performance of a contract – where we need to process your personal information in order to perform a contract in place between us. For example, if you are a paid participant in a research exercise we will need to process your payment details in order to provide you with the payment for your participation.
- legitimate interests – where we have a legitimate interest in processing your personal information, as long as this does not infringe your rights. For example, where we collect personal information about you from publicly-available sources for the purposes of a research exercise.
8. Who do we share your personal information with?
We may share your personal information with the following:
- with our clients, where we are engaged in a research exercise;
- with your employer as relevant, in the course of our interaction with them; and
- with our IT service providers and any other managed service providers.
Whenever we share your personal data with anyone, we ensure that we are permitted to do so under applicable law and that we have in place any contractual provisions required by applicable law.
9. Where we might send your personal information (geographically)
We are a UK-based entity and most of our work is conducted in the UK. As a result, we rarely send personal information outside of the UK.
Where we work with clients who are based outside of the UK there will be occasions where we share personal information with them and so transfer such information outside of the UK. There may also be occasions where we engage hosted IT service providers in the normal course of our business who host personal information outside of the UK. We will only send personal information outside of the UK when we need to, and only in the following circumstances:
- to countries deemed by the Information Commissioner’s Office (the ICO, the UK’s main data regulator) as having adequate safeguards for protecting personal data;
- with your explicit consent; or
- where the entity to which we are transferring the information has entered into a contract with us which contains the clauses required by the ICO to ensure that your personal information has the same level of protection as if it remained in the UK.
10. How long do we keep your personal data
We will only retain your personal information for as long as we need it. The actual period of retention for each piece of personal information will depend on a number of factors, including:
- where we are in active contact with you, or have been so recently (in the previous 12 months);
- where the personal information has been made public by you and is still valid;
- where we have been asked by a client to retain the information for valid reasons set out by the client; and
- where we are asked by you or a regulatory authority to keep your personal information for a valid reason.
11. No automated decision making
We do not engage in any automated decision making in relation to your personal information.
12. Your rights as an individual in respect of your personal information we hold
You have the following rights in relation to your personal information:
- right to access – you can ask us whether we’re processing your personal information, including where and for what purpose. You can also request an electronic copy of your personal information (this will usually be free of charge, unless your request is manifestly unfound or excessive, and there may be circumstances where we are restricted from providing this information – we will let you know where these apply)
- right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal information
- right to rectification – you can ask us to correct inaccurate personal information we hold about you
- right to erasure (right to be forgotten) – in certain circumstances, you can ask us to erase your personal information
- right to data portability – you can ask us to provide you with a copy of your personal information in a commonly used electronic format so that you can transfer it to other businesses
- right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal information that produce significant legal effects (as above, we don’t do this currently)
- right to lodge a complaint – you can lodge a complaint with us or the ICO (https://ico.org.uk/concerns/handling/ or call the ICO on 0303 123 1113). We would appreciate the opportunity to resolve any concerns you have before you contact the ICO, if you are comfortable to do that. Our contact details are in Section 3 above.
13. Security
We have put in place appropriate security measures to prevent your personal information which we hold from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information which we hold to those employees, agents, contractors and other third parties who have a business need to know. We have put in place procedures to deal with any suspected data breach relating to your personal information we hold and will notify you and any applicable regulator of a breach where we are legally required to do so.
14. Revisions to this policy
We make updates to this policy from time to time to reflect developments in law and practice, and developments in our business. The currently applicable version of this policy will be found at https://www.accessionhealth.com/privacy-policy/. Please check this location from time to time for any updates.
Date of this version: 5 December 2024