Terms, Privacy & Cookies

This Privacy Notice covers the use of your personal data for the purpose of providing you with use of our website and keeping you up to date with new and upcoming activities carried out by us 

We at Cristal Health Limited take our responsibilities under both the General Data Protection Regulations and Data Protection Act 2018 very seriously.

You can be assured that your information will be used appropriately and in a lawful manner and always in line with data protection legislation.

We will store your data securely with appropriate safeguards in place to protect it against unauthorised or unlawful processing. 

This privacy notice was last updated on 26 August 2021.

Employees

What data do you collect & use?

We use data about you to fulfil our obligations to you as an employer, including ensuring that you are paid for your work and are protected in the workplace. We do this because you have entered into a contract of employment with us.

We collect data from you, as well as creating data once you have been successful in a job application, this includes:

  • Data that identifies you, basic details such us name, gender, date of birth.
  • Contact data like address, telephone number, and email address.
  • Financial data including bank and pension details, and national insurance number.
  • Computer records, including email and messaging history relating to your work.
  • Qualifications and employment history.
  • Data relating to leave, including annual leave, maternity, paternity, adoption, and shared parental leave.
  • Medical and health data, including sick leave, allergies or occupational health requirements.
  • Images and photographs

We may also collect personal data about you from other people and organisations, such as:

  • We request confidential references from referees that you have given to us, which contain data about you.
  • We receive data from HMRC such as tax codes.

Do you share my data?

We share your personal data under certain circumstances. When we do share data, we use as little as possible, and on a need to know basis.

  • If you require emergency medical treatment we will share your personal data with health professionals to ensure you receive appropriate treatment
  • We share your data with HMRC to ensure that you are taxed correctly
  • Akrivia shares data with companies who process the data on our behalf, including Microsoft who store data, and CharlieHR, our HR platform.

How do you use the data you collect?

We use your personal data so to fulfil our obligations to you as an employer, to ensure you are paid for your work, and that you are protected in the work place. This includes:

  • Using financial data to make sure you are paid and taxed correctly.
  • Using your data to manage your performance in fulfilling your contract with us.
  • Understanding how we can support you if you have a disability or impairment.
  • Ensuring that you are employed in a suitable environment.
  • Assessing if you may present any risk to other individuals.
  • Understanding the diversity of our workforce and complying with equality and diversity legislation.
  • Ensuring that you receive adequate training for your role.
  • Investigating incidents.

 How long do keep my data for?

We keep your personal data during your employment and we also retain the data when you leave the Akrivia for an appropriate time. Employee data is kept for at least 6 years after you stop working for us. If you apply for a job with us and are unfortunately unsuccessful, we will erase your data within 6 months of the close of the recruitment process.

We keep your data to defend ourselves against any potential legal claims. We may keep anonymised data for longer than 6 years. Anonymised data cannot identify you and helps us better understand the colleagues that we have employed.

How do you comply with the law?

Data protection law requires organisations to have a legal basis for processing personal data.

  • You have a signed a contract of employment with us and we use the data to fulfil that contract
  • We can share your data with healthcare professionals in emergency situations where your life is at risk. This is known as a ‘vital interest’.
  • We can use healthcare data for occupational medical care, and to assess your working capacity.
  • We rely on a legitimate interest to collect and use data like confidential references, and employee feedback.
Clients

We process a limited amount of personal data relating to the employees of our clients and partners that is separate from the data that we process as a data processor.

What data do you collect & use?

We use data about you to fulfil our obligations to you, including business communications with you, and the provision of services to users, this includes:

  • Data that identifies you, basic details such us name, gender, date of birth.
  • Contact data like address, telephone number, and email address.

Do you share my data?

We do not share your data unless you have provided consent.

How do you use the data you collect?

We use your data to fulfil our contractual obligations, to ensure that you are able to use the services that Akrivia Health provide.

How long do keep my data for?

We keep your personal data for the duration of the contract to provide services, and 6 years after the end of the contract.

How do you comply with the law?

Data protection law requires organisations to have a legal basis for processing personal data. We rely on a legitimate interest to collect and use data like names and contact details so that we can liaise with you and fulfil our contractual obligations.

Volunteers & Public Patient Involvement (PPI)

What data do you collect & use?

We use data about you to fulfil our obligations to you, including communications with you, arranging meetings, and fulfilling your role with us, this includes:

  • Data that identifies you, basic details such us name, gender, date of birth.
  • Contact data like address, telephone number, and email address.
  • Relevant medical data like allergies and access requirements.

Do you share my data?

We do not share your data unless you have provided consent.

How do you use the data you collect?

We use your data, to ensure that you are able to use the services that Akrivia Health provide.

How long do keep my data for?

We keep your data for the duration of your agreement with us, and 3 years after the end of the agreement.

How do you comply with the law?

Data protection law requires organisations to have a legal basis for processing personal data. We rely on your consent to collect and use data like names and contact details so that we can liaise with you and fulfil our contractual obligations.

Marketing & Communication

What data do you collect & use?

We collect data from you, this includes:

  • Data that identifies you, basic details such us name, gender, date of birth.
  • Contact data like address, telephone number, and email address.
  • Institutions or companies that you may be associated with.

Do you share my data?

We do not share your data unless you have provided consent.

How do you use the data you collect?

We use your personal data to inform you about events we are running, and market our products to you.

How long do keep my data for?

Akrivia keeps your personal data for so long as you have consented. You can withdraw your consent at any time.

How do you comply with the law?

Akrivia relies on your consent for processing this data.

Legal & Regulatory Obligations

We may receive requests for data from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence. When we receive these requests we will inform you as soon as possible. There are circumstances in which we cannot inform you that data is used or shared, because it may prejudice the work of law enforcement agencies and other organisations.

We may be required to use and keep personal data for legal reasons, such as the prevention, detection, or investigation of crime or fraud. We may also use personal data to meet our internal and external audit requirements, and data security purposes.

Data we process on behalf of NHS Trusts

Akrivia Health are a data processor for several NHS Trusts, this means that we handle data on behalf of those Trusts and that we do not have a legal obligation to inform you about how your data is used. We believe in the importance of privacy and want to make it as easy as possible for you to understand how your information is used, so we have provided links below to the privacy notices of the Trusts we work with to help you understand how your data is used.

Avon and Wiltshire Mental Health Partnership NHS Trust

Birmingham and Solihull Mental Health NHS Foundation Trust

Cardiff and Vale University Health Board

Cumbria, Northumberland, Tyne and Wear NHS Foundation Trust

Devon Partnership NHS Trust

Kent and Medway NHS and Social Care Partnership Trust

Mersey Care NHS Foundation Trust

Nottinghamshire Healthcare NHS Foundation Trust

Oxford Health NHS Foundation Trust

South West London and St George’s NHS Foundation Trust

Southern Health NHS Foundation Trust

West London Mental Health Trust

Your Rights

Under data protection law, individuals (data subjects) have a number of rights which are detailed below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.

Access to personal data

You have a right to request a copy of the personal data that we hold about you. You should include adequate data to identify yourself and such other relevant data that will reasonably assist us in fulfilling your request. Your request will be dealt with as soon as possible.

Right to rectification (correction)

You can request us to rectify and correct any personal data that we are processing about you which is incorrect. We provide you with account settings and tools to access the data associated with your account.

Right to withdraw consent

Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent. To opt out of marketing, you can use the unsubscribe link found in the email marketing communication you receive from us. For other marketing preferences you can contact us, providing details of services or marketing that you wish to opt-out.

Right of erasure (right to be forgotten)

You can request us to erase your personal data under certain circumstances, it is not a guaranteed or absolute right.

Right to data portability

This right allows you to obtain your personal data in an electronic format, where you have provided data to us with your consent, or where the data was necessary for us to provide you with our services or employment. You can request that the data be given in a format which enables you to transfer that personal data to another organisation. You may have the right to have your personal data transferred by us directly to the other organisation, if this is technically feasible.

Right to restrict processing of personal data

You have the right in certain circumstances to request that we suspend our processing of any or all your personal data. Where we suspend our processing of your personal data we will still be permitted to store your personal data, but any other processing of this data will require your consent, subject to certain exemptions.

Right to object to processing of personal data

You have the right to object to our use of your personal data which is used where we feel that we have legitimate interest. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims.

Getting in Touch

Should you have any queries about the how your information is used then please contact Simon Pillinger, Head of Governance, Ethics, & PPI, c/o Clarendon House, Cornmarket Street, Oxford, United Kingdom, OX1 3HJ, or email simon.pillinger@akriviahealth.com.

Should you remain unhappy with the resolution suggested by the person mentioned above, you can make a complaint to our Data Protection Officer: David Newton, Chief Operating Officer, c/o Clarendon House, Cornmarket Street, Oxford, United Kingdom, OX1 3HJ, or email David.Netwon@akriviahealth.com

You can also contact the ICO for further information or to make a complaint:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Email ICO

Report a concern on the ICO website