Privacy Policy 

Main Purpose of this privacy notice

This privacy notice tells you what to expect when Smart Health Solutions Limited collects or processes personal information:

To help explain this we have included information about:

  • Who Smart Health Solutions (SHS) are and the services we deliver
  • How we process personal information regarding customers and both current and former employees
  • Your legal rights to your personal information
  • How to contact us

In compliance with the General Data Protection Regulation (GDPR) and Data Protection Act 2018, we are committed to being fully open and transparent about what we do with your personal information.

Who are Smart Health Solutions Limited (SHS) and what do we do?

Smart Health Solutions’ main passion is the prevention and management of cardiovascular disease (CVD).  As a leading provider of NHS Health Checks training our mission is to improve the uptake and quality of NHS Health Checks in England.

SHS is registered with the Office of the Information Commissioner, registration number 08756225.

You can contact us by using our Website or by writing to us at:

Smart Health Solutions
2 – 6 Boundary Row
London
SE1 8HP

What is our role when we process your personal data?

As an employer, SHS is a Controller as defined by Article 4(7) of the GDPR

We are responsible for the nature, scope, context and purposes of the processing and the risk to your rights and freedoms your personal data.   (Recital 74 of the GDPR)

As the ‘Controller’ of your personal information we are accountable for ensuring that the personal information we use and hold about you is:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid, specified, and explicit purposes that we have clearly explained to you and not used in any way that is incompatible with those initial purpose(s)
  • Relevant, and proportionate (adequate) to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

Who are our data subjects?

  • Employees: We process the data of former, current and potential staff
  • Customers: We process data on our customers in order to aid provision of the service
  • Website users/Potential customers: We collect personal data provided to us through our website for marketing initiatives

How we collect your information

We are required by law to tell you what information we collect about you and what lawful basis we rely on to use it.  You can find out more about this here

We collect your information for the following purposes:

For the purpose of Employment, we use for personal information for:

  • Keep records about your employment, including contracts, hours worked, holidays and sickness
  • Pay you, and ensure you pay the correct tax and national insurance
  • Administer any pension schemes, including schemes required by statute (such as NEST)
  • Keep records about other statutory requirements, such as Equality monitoring
  • Perform background checks using the Disclosure and Barring Service

Personal information we process for this purpose:

In our role as an employer, and because of the nature of our business, we process a number of different categories of data from our employees during and after your working relationship with us. This includes:

  • Name
  • Contact details (postal address, phone number, email address)
  • Bank details
  • Age / date of birth
  • Gender
  • Marital status
  • Driving licence number
  • Photograph
  • Payroll records (benefits, salary, tax status, etc.)
  • Performance management records (direct observations, appraisals, supervisions, disciplinary, grievance)
  • Training and competency records
  • Absence records (annual leave, etc.)
  • Next of kin contact details
  • Recruitment records (including employment history, references, right to work, etc.)
  • National Insurance number
  • Extra information you choose to tell us (in writing or verbally)

Certain information that we process is classed as ‘special category data’. It is sensitive by nature. We have a higher duty of care in how we process such information, which may include details such as:

  • Religion
  • Medical and health information (including sickness details)
  • Nationality or ethnicity
  • Criminal cautions or convictions
  • Motoring convictions
  • Ethnic origin
  • Sexual orientation
  • Trade union membership

For this purpose, our lawful basis is the employment contract signed between SHS and you.  When you apply for a position with us (before you sign a contract), we will rely on your consent to use your information.

This information is retained for the period of employment plus 7 years, unless you are on a pension scheme in which we are required to retain your information for 75 years or until you are 100 years old.

For commissioning Suppliers to aid Smart Health Solution Limited in the delivery of services, we will record your personal information in order to:

  • Keep a record of Contracts and Contact details
  • Keep in touch with you about SHS services

For this purpose, our lawful basis is the performance of a contract with our Supplier.

This information is retained for the period of the contract for suppler plus 7 years.

For the purposes of providing services to you as our customer, we will use your personal information to:

  • Keep in touch with you about SHS services
  • Transact payments

Personal information we process for this purpose:

In our role as a service provider, and because of the nature of our business, we process a number of different categories of data from our website. This includes:

  • Customer Name
  • Customer Address
  • Customer email address
  • Customer billing information
  • Organisation Name
  • Training courses attended

For this purpose, our lawful basis is the contract between us and our customers

This information is retained for the period of the customer contract + 30 days

For the purpose of sales and marketing to website users and potential customers from marketing initiatives, we will record and use your personal information to:

Answer any questions you have through our ‘contact us’ section or if you email us at info@smarthealthsolutions.co.uk

Add you to our mailing list, if you sign up to our newsletter from our home page

Personal information we process for this purpose:

In our role regarding customer relations, and because of the nature of our business, we process a number of different categories of data from our website. This includes:

  • Name
  • Email address
  • Contact number

For this purpose, our lawful basis is your consent.

This information has been obtained under the ‘soft opt-in’ as defined by the Privacy and Electronic Communications Regulation, and can therefore be retained until permission to do so is withdrawn by the individual.

Visitors (sales and marketing from expos and forms from website, + tracking data from website, soft opt-in under PECR, for needs a privacy notice attached, kept until deleted).

Recipients of the information

We share the above information where necessary with:

  • Government organisations where required to do so by law (for example HMRC)
  • Our Data Centre suppliers, SkyeCloud, who store our data on their servers
  • Our CRM System, HubSpot, where we store the history of our contact with you

Transfers to third countries

Smart Health Solutions Limited does not transfer any of your information outside the European Economic Area (EU member states plus Norway, Liechtenstein and Iceland).

Retention periods for the data

Smart Health Solution Ltd. retains an internal retention policy regarding all personal data processed by the organisation, which reflect the retention periods highlighted above. Where SHS is the data controller, this period has been determined by SHS as necessary for the purpose for which it was collected.

Your rights

You have the right to privacy under the General Data Protection Regulation, the Data Protection Act 2018 (DPA), and the Human Rights Act 1998.  The Equality Act 2010 may also apply.

You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.

You have the right to apply for access to the information we hold about you.

This includes:

  • Have a copy of all the information we hold about you
  • Restrict our use of your information
  • Have your information erased (known as the right to be forgotten)
  • Have your information corrected
  • Object to our use of your information
  • Be told if we use automated decision-making

If you wish to exercise any of the above rights please email info@Smarthealthsolutions.co.uk.  In some circumstances we may be legally allowed to extend the time to process your request.  Where this is the case we will inform you.

Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us as soon as possible.

If you feel we have not properly allowed you to exercise those rights, or you have a more general complaint about the way we use your information, you can complain to the information commissioner.  Please use their website here.

The right to withdraw consent (if consent is the basis of the processing)

Where we have indicated that we use consent as the lawful basis to use your information, you can withdraw your consent at any time by emailing info@smarthealthsolutions.co.uk.

Automated decision making

Smart Health solutions Limited does not use automated decision-making

Last updated November 2021