Last updated: April 2019
We (Kath Lancaster Nursing Consultancy Ltd are known in this document as “we” or “KLNC Ltd”) operates http://www. Thelancastermodel.co.uk (the “Site”) and are registered in England and Wales with the company number 06668242 and having a registered office at Windsor House, Cornwall Road, Harrogate, HG1 2PW
Please note – this policy relates only the Lancaster Model website and not any services that may be provided through IDH Ltd or Kath Lancaster Nursing Consultancy Ltd.
DATA PROTECTION PRINCIPLES
We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
THE KIND OF INFORMATION WE HOLD ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Information Collection and Use
While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally, identifiable information may include, but is not limited to your name (“Personal Information”) is only requested if you join the membership zone or you complete a “Contact Us” form.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
No Personally identifiable data is used for marketing or sold to any other company.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the TLM zone of the website.
Like many site operators, we collect information that your browser sends whenever you visit our Site(“Log Data”).
This Log Data may include information such as your computer’s Internet Protocol (“IP”)
browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics. This is purely used by us to improve our website and services.
HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We will gather information in the following ways:
· Indirectly (through use of thelancastermodel.co.uk)
· Directly (where information is provided by you)
HOW WE WILL USE INFORMATION ABOUT YOU
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
1. Where we need to perform the contract we have entered into with you.
2. Where we need to comply with a legal obligation.
3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
1. Where we need to protect your interests (or someone else’s interests).
2. Where it is needed in the public interest (or for official purposes).
Situations in which we will use your personal information
We need all the categories of information in the list above (see The kind of information we hold about you) primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below. We have indicated above the purpose or purposes for which we are processing or will process your personal information, as well as indicating which categories of data are involved.
· To improve our website
· To answer your queries or feedback
What automated decision making and/or profiling we do with user data?
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
We will ensure that third parties respect the security of your data and treat it in accordance with the law.
Who we share this information with
Information processed through this website is not shared with any other organisation outside of Integrated Digital Health Ltd, Kath Lancaster Nursing Consultancy Ltd or its agreed associates ( who support the Data Processing function)
The following third-party providers process personal information about your for the following purposes:
1and1: website host
Attigo: Website design and developers
IDH Ltd Consultant: TLM zone facilitator and website manager (day to day)
We may also use your personal information in the following situations, which are likely to be very rare:
1. Where we need to protect your interests (or someone else’s)
2. Where it is needed in the public interest (or for official purposes)
Our “third parties” and other entities within the company are required to take appropriate security measures to protect your personal information in line with our policies. No third party is allowed any data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with instructions.
Website users should be aware that any comments left may be checked through an automated spam detection service
Why we collect and use this information
· To enable us to carry out specific functions which each customer has requested or agreed
· Provide requested information and enable training and information facilitation within the customer secure space.
· Evaluate and improve our business services and website
· To answer your queries or feedback
· To make sure we are following guidelines and best practice with applicable legal requirements of governmental and regulatory bodies
The lawful basis on which we use this information
We collect and use this information under the basis of
· Where it is in our Legitimate Interest to do so (Article 6 GDPR) such as:
o To follow guidance and recommended best practice of governmental and regulatory bodies
o To administer our good governance requirements for internal reporting and compliance regulations for AGM’s
o Subject to the appropriate controls, to provide insight and analysis of our customers to business partners either as part of providing products or services, helping us improve products or services, or to assess or to improve the operating of our businesses
o To ensure that we can carry out specifically requested functions from users, including requests or actions
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained by emailing email@example.com
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
For how Long is your personal information retained by us?
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
DIRECT MARKETING COMMUNICATIONS
Customers who are using The Lancaster Model currently are able to sign in to the TLM Zone. For those customers only we may use their data to enable us to communicate by post or email further information that we believe may be of relevance or interest to them. These customers have the right to withdraw from or amend the receipt of direct marketing communications. If you would like to do so, please contact: firstname.lastname@example.org and let us know.
RIGHTS OF ACCESS, CORRECTION, ERASURE AND RESTRICTION
Your duty to inform us of changes
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information in a portable format to another party. This allows you to take your information from our IT environment to another organisation’s IT environment. The format will be chosen based on the information provided, this is likely to be a generic file format such as CSV.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact email@example.com
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact firstname.lastname@example.org . Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
What are cookies?
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you. Cookies can be “persistent” or “session” cookies.
When you use and access the Service, we may place a number of cookies files in your web browser.
· to enable certain functions of the Service
· to provide analytics
We use both session and persistent cookies on the Service and we use different types of cookies to run the Service:
Session Cookies will be used to keep members logged in an associate their comments to their accounts
Persistent Cookies will be used for storage of user account interactions with posts.
Essential cookies. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts.
Third -party cookies
In addition to our own cookies, we may also use various third party cookies to report usage statistics of the Service and some of the plug ins required need to have cookies to work correctly.
What are your choices regarding cookies?
Where can you find more information about cookies
You can learn more about cookies and the following third party websites:
· AllAboutCookies: http://www.allaboutcookies.org/
· Network Advertising Initiative: http://www.networkadvertising.org
Embedded Contents from other websites and Links to other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
or write to us at
Kath Lancaster Nursing Consultancy Ltd
Attention: Information Governance Officer
Date of next review April 2020