Privacy notice

Copying and distribution of all site material including but not limited to brand, images and textual information, is expressly forbidden.

Disclaimer

Whilst we have taken reasonable steps to ensure the information and data shown on this website is correct and accurate, we do not accept responsibility for any omissions or errors contained herein. Furthermore, we cannot be held responsible for inaccuracies of other information accessed through hypertext links used on this website.

Who we are?

The Medical Specialist Group LLP provides a range of medical services and as such, we use information about of patients to provide them with the best possible health care and this information may be held in a written or digital form.  The Medical Specialist Group LLP are responsible for keeping the personal information we use safe and we take the privacy and rights of our patients very seriously.    The policy detailed below outlines how we use your data and provides contact details should you require any further information.

Your rights

Under The Data Protection (Bailiwick of Guernsey) Law, 2017 you have several rights with regards to the personal information that we hold about you. Your rights are as follows:

1. Rights of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which mean you may not always receive all the information we have about you. For more information, please visit My medical records in Patient information on our website.

2. Right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. It is important that we have a correct copy of the information available to enable our consultants to treat you.

3. Right to erase

You have the right to ask us to erase your personal information in certain circumstances. You can find out more about this from The Office of the Data Protection Authority. We will not normally delete information from medical records. This is because it is important that we have a copy of the information available to enable our consultants to treat you.

4. Right to restrict processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

5. Right to object to processing

You have the right to object to the processing of your data in certain circumstances. These include when data is processed for direct marketing, legitimate business interests or by a public body, or when data is processed for historical or scientific purposes.

6. Right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you.  The right only applies if we are processing information based on your consent or under a contract (or in conjunction with a potential contract) and the processing is automated.

7. Right to withdraw consent

You have the right to choose if your personal information is used to provide you with marketing information.

You are not required to pay any charge for exercising your rights.

For more information, please visit The Office of the Data Protection Authority’s website at

www.odpa.gg

Your information

The information we collect about you includes personal data (eg name, contact details, date of birth etc.) and special categories of sensitive personal data (eg race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life and sexual orientation etc).

Who do we collect information about you from?

We may collect information directly from you either verbally or in writing. We also collect information from your General Practitioner and other healthcare professionals either within Guernsey or elsewhere. We may receive information about you from the Committee for Health and Social Care. We occasionally receive information about you from other States of Guernsey departments (eg Committee for Education, Sport and Culture, Committee for Employment and Social Security) or from other organisations, such as health insurers.

How do we use information about you?

We use the information we collect about you to provide healthcare advice and treatment. This is in accordance with local law, which allows for the processing of data “for health and social are purposes undertaken by a health professional”.

In addition, we may use your information for the following purposes:

(a)     To verify your identity

(b)     To improve our services and your patient experience

(c)     To comply with regulation

(d)     As part of our joint governance processes with the Committee for Health and Social Care to investigate complaints and clinical incidents.

(e)     To respond to any legal enquiries

(f)      We also use the information for billing purposes for any services not funded by the secondary healthcare contract.

(g)     For the protection of vulnerable individuals (adult and child safeguarding) and as other law requires.

(h)     To promote and offer to you our private services

Finally, your information may be used for “legitimate interests of our business”. For example, to ensure that our business runs efficiently, plans for future services, training of staff and to receive any monies due.

If we do not collect this data about you, then we may not be able to provide you the healthcare you require. We may use the information we hold for direct marketing purposes but do not share your information with others for this purpose.

Who do we share your information with?

To provide the advice or medical treatment you require we often need to share the information we collect about you with the Committee for Health and Social Care, your General Practitioner and other healthcare organisations within Guernsey or elsewhere.

We may share your information with your insurance company for the purposes of billing, and with our insurance companies or legal advisors for the purposes of managing complaints or clinical incidents. We sometimes share your information with other clinicians not directly involved in your care to provide expert advice for the purposes of clinical care and the management of complaints or incidents.

We may occasionally share information with Education, Social Services or the Police for the protection of vulnerable individuals (adult and child safeguarding) and as other law requires. 

In certain circumstances, we may need to share your data with other companies or individuals. We are very careful about the third parties with whom we share your data and we ensure that we only share the minimum amount of information that is necessary. We also ensure that we have appropriate contracts in place to ensure third parties continue to protect your data, when they are processing it on our behalf.

Service providers

We sometimes need to share your data with certain third parties who provide service to us, so that they can provide those services. These third parties process your data on our behalf and we have strict contracts with them to ensure they process your data only on our instructions and with appropriate security in place.

The service providers we use vary depending on how we are interacting with you. You can find further details of the exact types of service provider who may receive your data from us under the relevant section of this Privacy Notice that applies to your situation.

We use the following types of service providers for all of the personal data we collect:

  • Email and data storage providers such as Microsoft,
  • Document storage providers such as Google Docs,
  • Cloud providers such as AWS,
  • General service providers such as letter transcript

Children’s information

This policy applies equally to both adults and children’s information.

How long do we keep your data?

We will delete your data after a period of time if it is no longer required. There are different legal requirements and professional guidelines about keeping certain kinds of records to which we adhere, some examples of which are shown below:

Maternity Records Records need to be kept for 25 years after the birth of the last child or 8 years after the person’s death if earlier
Children and Young People Records will be retained until the person’s 25th birthday or if the person was 17 at the conclusion of treatment until their 26th birthday or until 8 years after the person’s death if sooner
General Health Records 8 years after conclusion of treatment
Financial Records 7 years

Technical information

Transfer of information to other countries

We may need to transfer your information outside Guernsey to other jurisdictions including United Kingdom and other countries within the European Economic Area. These countries have equivalent Data Protection Laws. Outside of the United Kingdom and EEA countries we do not transfer your information to other countries without your consent.

Use of email

We appreciate many people like to use email as a means of communication these days and we would like to accommodate this.

Under The Data Protection (Bailiwick of Guernsey) Law 2017 we are required to apply appropriate technical and organisational measures to ensure the security of our patients’ (data subjects) data.

However, it is important that you understand that we cannot guarantee the secure transmission of emails to personal email accounts.

Some email service providers provide a level of encryption, to reduce the risk that emails count be intercepted (hacked).  Please check with your service provider exactly what cover they provide.   Please also bear in mind that personal email accounts are at risk of being hacked once emails have been received.

The MSG sends emails using forced Transport Layer Security (TLS), and therefore any email addresses which also has TLS will be automatically encrypted in this way.

If we are unaware of the TLS status, we ensure any emails containing personal identifiable information are password protected.

Please note, due to the risks mentioned above, the MSG will never initiate the use of email to communicate details about your medical care (special category data). Should you wish to use email for this purpose, it will be at your own risk.

If you provide us with an email address it will be used for providing information considered relevant to your health.   This may include information regarding services we think would be of interest/benefit to your health and any practice development initiatives (i.e. surveys, patient feedback, newsletters etc).

You can request we do not use your email address for any of the above purposes at any time by emailing/calling/unsubscribing at any time.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie policy.

Links

This website contains links to other sites. Please be aware that the Medical Specialist Group is not responsible for the privacy practices of other websites. We encourage users to be aware when they leave our site and to read the privacy statements of other websites.

Acceptance of this Privacy notice

By using this website you accept our Privacy notice. If you do not agree, please do not use this website.

Data privacy

The Medical Specialist Group is registered with the Data Protection Commissioner and is committed to comply with the Data Protection (Bailiwick of Guernsey) Law 2017.

As a medical practice, we will only process (ie collect, store and use) personal data in a manner that is compatible with the Data Protection (Bailiwick of Guernsey) Law 2017. This means that we as a Data Controller and Processor will always strive to ensure that we handle personal data fairly and lawfully with justification.

The processing of personal and sensitive data is necessary for medical purposes and is undertaken by:

a) a health professional; or

b) a person who, in the circumstances, owes a duty of confidentiality which is equivalent to that which would arise if that person were a health professional.

“Medical purposes” includes the purposes of preventative medicine, medical diagnosis, medical research, the provision of care and treatment and the management of healthcare services as other legislation may require.

We keep our privacy policy under regular review, and we will place any updates on our website.  This privacy policy was last updated on 12 November 2020.

Further information

If you would like to understand more about what data is held during your patient journey and where it is held please use the following links:

Secondary Healthcare – Contract Patient Journey

Secondary Healthcare – Private Patient Journey

Secondary Healthcare – GP Referral

Contact us

We have appointed Calligo (UK) Limited to be our data protection officer. 

Please note that any correspondence you have with MSG in relation to this Privacy Notice will be shared with Calligo so that they can advise us on it. Calligo’s privacy notice is available here - https://calligo.cloud/privacy-policy/

If you have any queries regarding this Notice or have any concerns about our use of Your Data, please contact us by using the method below and we will do our best to deal with your concern or query as soon as possible.

Email: privacy@msg.gg