Southwest Pathology Services (SPS) and data privacy
SPS, part of SYNLAB Group is committed to protecting and respecting your privacy.
This privacy statement sets out the basis on which we will process any personal information that we may collect about you as a visitor to our website or premises or a contact at one of our customers, suppliers or other business partners. We therefore ask you to read this privacy statement carefully.
1. THE INFORMATION THAT WE COLLECT ABOUT YOU
We may collect and process the following information about you:
1.1 Information that you give us: This is information about you that you give to us by:
1.1.1 filling in forms on our website (or other forms that we ask you to complete), (ii)
1.1.2 giving us a business card (or similar); or
1.1.3 corresponding with us by telephone, post, email or otherwise.
It may include, for example, your name, address, email address and telephone number; information about your business relationship with SYNLAB; and information about your professional role, background and interests.
1.2 Information that our website and other systems collect about you:
1.2.1 If you visit our website it will automatically collect some information about you and your visit, including the internet protocol (IP) address used to connect your device to the internet and some other information such as your browser type and version and the pages on our site that you visit.
1.2.2 Our website may also download “cookies” to your device – this is described in our separate cookie statement.
1.2.3 If you exchange emails, telephone conversations or other electronic communications with our employees and other staff members, our information technology systems will record details of those conversations, sometimes including their content.
1.2.4 Some of our premises have closed circuit TV systems which may record you if you visit our premises, for security and safety purposes.
1.3 Other information: We may also collect some information from other sources. For example:
1.3.1 If we have a business relationship with the organisation that you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the relationship.
1.3.2 We sometimes collect information from third party data providers or publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.
2. THE USES THAT WE MAKE OF YOUR INFORMATION
2.1 We may use your information for the following purposes:
2.1.1 to operate, administer and improve our website and premises and other aspects of the way in which we conduct our operations;
2.1.2 to comply with our legal and regulatory obligations and bring and defend legal claims;
2.1.3 in connection with our financing and banking arrangements;
2.1.4 to operate, manage, develop and promote our business and, in particular, our relationship with the organisation you represent (if any) and related transactions – for example, for marketing purposes; and
2.1.5 to protect our business from fraud, money-laundering, breach of confidence, cyber-attack, theft of proprietary materials and other financial or business crimes.
2.2 We may from time to time review information about you held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business-protection purposes as described above.
2.3 This may include reviews for the purposes of disclosure of information relevant to litigation and/or reviews of records relevant to internal or external regulatory or criminal investigations.
2.4 To the extent permitted by applicable law these reviews will be conducted in a reasonable and proportionate way and approved at an appropriate level of management. They may ultimately involve disclosure of your information to governmental agencies and litigation counterparties as described below.
2.5 Your emails and other communications may also occasionally be accessed by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left SYNLAB).
2.6 We will only process your personal information as necessary so that we can pursue the purposes described above, and then only where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest in pursuing those purposes.
2.7 In exceptional circumstances we may also be required by law to disclose or otherwise process your personal information. We will tell you, when we ask you to provide information about yourself, if provision of the requested information is necessary for compliance with a legal obligation or, on the other hand, if it is purely voluntary and there will be no implications if you decline to provide the information. Otherwise you should assume that we need the information for our business or compliance purposes (as described above).
2.8 If you are uncertain as to SYNLAB’s need for information that we request from you, please contact the SYNLAB representative asking for the information, or Contact us (see below), with your query.
3. DISCLOSURE AND INTERNATIONAL TRANSFER OF YOUR INFORMATION
3.1 We may disclose personal information about you where we have obtained your consent or where it is reasonably necessary for the various purposes set out above:
3.1.1 to the other members of the SYNLAB group of companies;
3.1.2 to your colleagues within the organisation that you represent;
3.1.3 to service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf (including doctors and other health professionals), under strict conditions of confidentiality and security;
3.1.4 to a person who takes over our business and assets, or relevant parts of them; or
3.1.5 in exceptional circumstances:
• to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory; or
• where we are required by law to disclose.
3.2 The disclosures referred to in paragraph 3.1 above may involve transferring your personal information overseas. If you are dealing with us within the European Economic Area (or the UK, after it has left the European Economic Area), you should be aware that this may include transfers to countries outside the European Economic Area / UK, which do not have similarly strict data privacy laws. In those cases, where we transfer personal data to other members of the SYNLAB group or our service providers, we will ensure that our arrangements with them are governed by data transfer agreements or mechanisms, designed to ensure that your personal information is protected (including, where appropriate, under an agreement on terms approved for this purpose by the European Commission).
3.3 Please Contact us (see below) if you would like to know whether any such agreements referred to in paragraph 3.2 are in place or, if so, to see a copy.
4. RETENTION AND DELETION OF YOUR INFORMATION
4.1 We intend to keep your personal information accurate and up-to-date. We will delete the information that we hold about you when we no longer need it.
4.2 We will retain your information for no longer than 6 years [after our most recent communication with you], after which it will be deleted or anonymised. Contact us for more information.
4.3 Note that we may retain some limited information about you even when we know that you have left the organisation that you represent, so that we can maintain a continuous relationship with you if and when we are in contact with you again, representing a different organisation.
5. YOUR RIGHTS
5.1 You may have a right of access to the personal information that we hold about you, and to some related information, under data protection law. You can also require any inaccurate personal information to be corrected or deleted.
5.2 You can object to our use of your personal information for direct marketing purposes at any time and you may have the right to object to our processing of some or all of your personal information (and require them to be deleted) in some other circumstances.
5.3 In some circumstances, you may also have a “data portability” right to require us to transfer your personal data to you or to a new service provider.
5.4 If you wish to exercise any of the rights referred to above, please Contact us as set out in paragraph 6 (Contact us) below.
5.5 You can also lodge a complaint about our processing of your personal information with the body regulating data protection in your country (details are available here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).
6. CONTACT US
6.1 We welcome questions, comments and requests regarding this privacy statement and our processing of personal information.
6.2 Please email our Local Data Protection Manager Charles Lilley.
7. CHANGES TO THIS POLICY
Any changes we make to this privacy statement in the future will be posted to our website and also available if you Contact Us at:
• email: email@example.com
• address: SPS Hub Laboratory, Lisieux Way, Taunton, TA1 2LB
Please check back frequently to see any changes.
Last updated: 25th May 2018