Introduction
Harmony Healthcare (“we”, “us”, or “our”), the trading name of Grapecroft Limited, is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, and safeguard your personal data when you use our website, in compliance with GDPR, ISO/IEC 27001, and ISO/IEC 27701 standards. By using our website, you consent to the practices described in this Privacy Policy.
1. Data Collection
We may collect and process the following personal data:
- Identity Data: Includes name, date of birth, gender, and contact details (e.g., email address, phone number).
- Health Data: Specific health information relevant to your enquiry about our services.
- Technical Data: Internet Protocol (IP) address, browser type, time zone settings, and device type used to access our website.
- Usage Data: Information on your interactions with our site, including pages visited, session duration, and referral sources.
- Marketing and Communications Data: Your preferences for receiving marketing and communication preferences.
2. Use of Data
Your data will only be used when legally permissible, for the following purposes:
- Service Delivery: To provide healthcare services, respond to enquiries, and manage our relationship with you.
- Customer Support: For handling requests, complaints, or feedback.
- Legal Compliance: To comply with applicable laws, regulations, and ISO standards.
- Service Improvement: To analyse and enhance website performance and user experience.
- Marketing and Communications: To send updates and promotional information if you’ve opted in. You may unsubscribe at any time.
3. Data Sharing and Third-Party Processors
We may share your data in the following situations:
- Healthcare Providers: When necessary for delivering care, data may be shared with healthcare professionals.
- Third-Party Service Providers: We may work with third parties for IT services, data analysis, and customer support, requiring them to uphold our data security standards.
- Legal and Regulatory Requirements: We may disclose your data to authorities where legally required.
4. Information Security Measures
In compliance with ISO/IEC 27001 standards, we employ the following measures to protect your data:
- Data Classification and Access Control: Personal data is classified based on sensitivity, and access is restricted based on necessity and role.
- Encryption: Data in transit and at rest is encrypted to prevent unauthorised access.
- Incident Response: We have a dedicated team to handle data breaches, and affected users will be notified within legal timeframes.
- Data Minimisation and Retention: Data collection is minimised, and retention periods are defined based on legal, healthcare, and operational requirements.
5. Data Retention
We retain personal data only as long as necessary to fulfil the purposes we collected it for, including legal, accounting, or reporting obligations. Specific retention schedules are as follows:
- Healthcare Data: Retained in accordance with healthcare regulations and only as long as necessary to provide ongoing care.
- Marketing Data: Retained until you opt out.
6. Your Rights
You have the following rights under data protection laws:
- Access: Request a copy of your data.
- Rectification: Correct any inaccurate or incomplete data.
- Erasure: Request data deletion, subject to legal requirements.
- Restriction: Restrict data processing in certain circumstances.
- Portability: Request a structured transfer of your data.
- Objection: Object to processing, including for direct marketing purposes.
- Automated Decision-Making: Where automated decisions are made, you have the right to request human intervention and express your view.
Contact Information
For questions or to exercise your rights, contact our Data Protection Officer at info@harmonyhealthcare.co.uk, by phone at 0800 292 2331, or by post to 34 Lafone Street, London, SE1 2LX.