Privacy Notice
Website Privacy Statement
1. Introduction
The OneMedical Group (OMG) of companies respects your privacy and is committed to protecting your personal data. This privacy notice explains how we handle your personal data when you visit our website (regardless of your location) and informs you about your privacy rights and how the law protects you.
2. Purpose of This Privacy Notice
This privacy notice provides information on how we collect and process your personal data through your use of this website. This website is not intended for children, and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy or fair processing notice we may provide on specific occasions when collecting or processing personal data about you. This privacy notice supplements other notices and is not intended to override them.
3. Controller
OneMedical Group is the data controller responsible for your personal data (referred to as “the Practice,” “we,” “us,” or “our” in this notice).
If you have any questions about this privacy notice or wish to exercise your legal rights, please contact our Data Protection Officer:
Hannah Johnson OneMedical Group Bank Top Business Centre Bank Top Farm Blackhill Road Leeds, LS21 1PY Tel: 0113 284 3158 Email: dpo@onemedicalgroup.co.uk
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues:
Information Commissioner’s Office Wycliffe House Water Lane Wilmslow, Cheshire, SK9 5AF Tel: 0303 123 1113 Website: www.ico.org.uk
We would, however, appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first.
4. Changes to the Privacy Notice and Your Duty to Inform Us of Changes
We keep our privacy notice under regular review. This version was last updated on 25/02/2025 It is important that the personal data we hold about you is accurate and current. Please inform us if your personal data changes during your relationship with us.
5. Third-Party Links
Our website may include links to third-party websites, plug-ins, and applications. Clicking on these links or enabling these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
6. The Data We Collect About You
Personal data refers to any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, and transfer different kinds of personal data about you, categorised as follows:
· Identity Data: First name, last name, username, marital status, title, date of birth, and gender.
· Contact Data: Email address, telephone number, billing address, and delivery address.
· Technical Data: IP address, browser type and version, time zone setting, operating system, and other technology used to access the website.
· Usage Data: Information on how you use our website, products, and services.
· Marketing and Communications Data: Your preferences in receiving marketing from us and third parties.
7. How We Use Your Personal Data
We will only use your personal data when the law allows us to, including:
· Where we need to perform a contract with you.
· Where it is necessary for our legitimate interests, provided your rights do not override those interests.
· Where we need to comply with a legal or regulatory obligation.
8. Opting Out and Change of Purpose
You can opt out of marketing messages at any time. If we need to use your personal data for a purpose different from the original collection reason, we will notify you and explain the legal basis for doing so.
9. Disclosures of Your Personal Data
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes.
10. International Transfers
If we transfer your personal data outside the UK, we ensure a similar level of protection is afforded by implementing one of the safeguards recognised under UK law.
11. Data Security
We have implemented security measures to prevent your personal data from being accidentally lost, accessed, or disclosed unlawfully. In the event of a suspected data breach, we will notify you and the relevant regulatory authority where required by law.
12. Data Retention
We will only retain your personal data as long as necessary to fulfill the purposes for which we collected it, including legal, accounting, and reporting requirements. In some cases, we may anonymise your data for research or statistical purposes.
13. Your Legal Rights
Under data protection laws, you have rights regarding your personal data, including the right to access, correct, erase, restrict processing, object to processing, request data transfer, and withdraw consent.
We aim to respond to all legitimate requests within one month. If your request is particularly complex, we will notify you of any delays.
14. Auditing
To ensure compliance with UK data protection regulations, OneMedical Group conducts regular audits of its data protection practices. These audits include:
· Reviewing our data processing activities to ensure compliance with the UK GDPR and Data Protection Act 2018.
· Assessing third-party service providers to ensure they meet our security and compliance standards.
· Internal training for employees on data protection policies and best practices.
· Regular risk assessments to identify and mitigate any potential vulnerabilities in our data protection framework.
· Ensuring compliance with the Data Security and Protection Toolkit (DSPT) for healthcare organisations handling personal data.
