Terms, Privacy & Cookies

This Privacy Notice covers the use of your personal data for the purpose of providing you with use of our website and keeping you up to date with new and upcoming activities carried out by us 

We at Cristal Health Limited take our responsibilities under both the General Data Protection Regulations and Data Protection Act 2018 very seriously.

You can be assured that your information will be used appropriately and in a lawful manner and always in line with data protection legislation.

We will store your data securely with appropriate safeguards in place to protect it against unauthorised or unlawful processing. 

This privacy notice was last updated on 19 January 2021.

Employees

What information do you collect and use?

We use data about you to fulfil our obligations to you as an employer, including ensuring that you are paid for your work and are protected in the workplace. We do this because you have entered into a contract of employment with us.

We collect information from you, as well as creating information once you have been successful in a job application, this includes:

  • Information that identifies you, basic details such us name, gender, date of birth.
  • Contact information like address, telephone number, and email address.
  • Financial information including bank and pension details, and national insurance number.
  • Computer records, including email and messaging history relating to your work.
  • Qualifications and employment history.
  • Information relating to leave, including annual leave, maternity, paternity, adoption, and shared parental leave.
  • Medical and health information, including sick leave, allergies or occupational health requirements.
  • Images and photographs

We may also collect personal information about you from other people and organisations, such as:

  • We request confidential references from referees that you have given to us, which contain information about you.
  • We receive information from HMRC such as tax codes.

Do you share my information?

We share your personal information under certain circumstances. When we do share information, we use as little as possible, and on a need to know basis.

  • If you require emergency medical treatment we will share your personal information with health professionals to ensure you receive appropriate treatment
  • We share your information with HMRC to ensure that you are taxed correctly
  • Akrivia shares data with companies who process the data on our behalf, including Microsoft who store data, and CharlieHR, our HR platform.

How do you use the information you collect?

We use your personal information so to fulfil our obligations to you as an employer, to ensure you are paid for your work, and that you are protected in the work place. This includes:

  • Using financial information to make sure you are paid and taxed correctly.
  • Using your information to manage your performance in fulfilling your contract with us.
  • Understanding how we can support you if you have a disability or impairment.
  • Ensuring that you are employed in a suitable environment.
  • Assessing if you may present any risk to other individuals.
  • Understanding the diversity of our workforce and complying with equality and diversity legislation.
  • Ensuring that you receive adequate training for your role.
  • Investigating incidents.

How long do keep my information for?

The Trust keeps your personal information during your employment and we also retain the information when you leave the Trust for an appropriate time. Employee information is kept for at least 6 years after you stop working for us. If you apply for a job with us and are unfortunately unsuccessful, we will erase your information within 6 months of the close of the recruitment process.

We keep your information to defend ourselves against any potential legal claims. We may keep anonymised information for longer than 6 years. Anonymised information cannot identify you and helps us better understand the colleagues that we have employed.

How do you comply with the law?

Data protection law requires organisations to have a legal basis for processing personal data.

  • You have a signed a contract of employment with us and we use the information to fulfil that contract
  • We can share your information with healthcare professionals in emergency situations where your life is at risk. This is known as a ‘vital interest’.
  • We can use healthcare information for occupational medical care, and to assess your working capacity.
  • We rely on a legitimate interest to collect and use information like confidential references, and employee feedback.
Clients

What information do you collect and use?

We use data about you to fulfil our obligations to you, including business communications with you, and the provision of services to users, this includes:

  • Information that identifies you, basic details such us name, gender, date of birth.
  • Contact information like address, telephone number, and email address.

Do you share my information?

We do not share your information unless you have provided consent.

How do you use the information you collect?

We use your personal information to fulfil our contractual obligations, to ensure that you are able to use the services that Akrivia Health provide.

How long do keep my information for?

The Trust keeps your personal information for the duration of the contract to provide services, and 6 years after the end of the contract.

How do you comply with the law?

Data protection law requires organisations to have a legal basis for processing personal data. We rely on a legitimate interest to collect and use information like names and contact details so that we can liaise with you and fulfil our contractual obligations.

Data protection law requires organisations to have a legal basis for processing personal data. We rely on a legitimate interest to collect and use information like names and contact details so that we can liaise with you and fulfil our contractual obligations.

Marketing & Communication

What information do you collect and use?

We collect information from you, this includes:

  • Information that identifies you, basic details such us name, gender, date of birth.
  • Contact information like address, telephone number, and email address.
  • Institutions or companies that you may be associated with.

Do you share my information?

We do not share your information unless you have provided consent.

How do you use the information you collect?

We use your personal information to inform you about events we are running, and market our products to you.

How long do keep my information for?

The Trust keeps your personal information for so long as you have consented. You can withdraw your consent at any time.

How do you comply with the law?

The Trust relies on your consent for processing this data.

Legal & Regulatory Obligations

We may receive requests for information from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence. When we receive these requests we will inform you as soon as possible. There are circumstances in which we cannot inform you that information is used or shared, because it may prejudice the work of law enforcement agencies and other organisations.

We may be required to use and keep personal information for legal reasons, such as the prevention, detection, or investigation of crime or fraud. We may also use personal information to meet our internal and external audit requirements, and information security purposes.

Data we process on behalf of NHS Trusts

Akrivia Health are a data processor for several NHS Trusts, this means that we handle data on behalf of those Trusts and that we do not have a legal obligation to inform you about how your data is used. We believe in the importance of privacy and want to make it as easy as possible for you to understand how your information is used, so we have provided links below to the privacy notices of the Trusts we work with to help you understand how your data is used.

Avon and Wiltshire Mental Health Partnership NHS Trust

Birmingham and Solihull Mental Health NHS Foundation Trust

Cardiff and Vale University Health Board

Cumbria, Northumberland, Tyne and Wear NHS Foundation Trust

Devon Partnership NHS Trust

Kent and Medway NHS and Social Care Partnership Trust

Mersey Care NHS Foundation Trust

Nottinghamshire Healthcare NHS Foundation Trust

Oxford Health NHS Foundation Trust

South West London and St George’s NHS Foundation Trust

Southern Health NHS Foundation Trust

West London Mental Health Trust

Your Rights

Under the General Data Protection Regulation, individuals (data subjects) have a number of rights which are detailed below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in information protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.

Access to personal information

You have a right to request a copy of the personal information that we hold about you. You should include adequate information to identify yourself and such other relevant information that will reasonably assist us in fulfilling your request. Your request will be dealt with as soon as possible.

Right to rectification (correction)

You can request us to rectify and correct any personal information that we are processing about you which is incorrect. We provide you with account settings and tools to access the information associated with your account.

Right to withdraw consent

Where we have relied upon your consent to process your personal information, you have the right to withdraw that consent. To opt out of marketing, you can use the unsubscribe link found in the email marketing communication you receive from us. For other marketing preferences you can contact us, providing details of services or marketing that you wish to opt-out.

Right of erasure (right to be forgotten)

You can request us to erase your personal information under certain circumstances, it is not a guaranteed or absolute right.

Right to data portability

This right allows you to obtain your personal information in an electronic format, where you have provided information to us with your consent, or where the information was necessary for us to provide you with our services or employment. You can request that the information be given in a format which enables you to transfer that personal information to another organisation. You may have the right to have your personal information transferred by us directly to the other organisation, if this is technically feasible.

Right to restrict processing of personal information

You have the right in certain circumstances to request that we suspend our processing of any or all your personal information. Where we suspend our processing of your personal information we will still be permitted to store your personal information, but any other processing of this information will require your consent, subject to certain exemptions. This could restrict the ability of the Trust to care for residents and pay employees.

Right to object to processing of personal information

You have the right to object to our use of your personal information which is used where we feel that we have legitimate interest. However, we may continue to process your personal information, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal information in connection with any legal claims.

Getting in Touch

Should you have any queries about the how your information is used then please contact Simon Pillinger, Information Governance Manager, c/o Oxford Centre for Innovation, New Road, Oxford, OX1 1BY, or email simon.pillinger@akriviahealth.com.

Should you remain unhappy with the resolution suggested by the person mentioned above, you can make a complaint to our Data Protection Officer: David Newton, Chief Operating Officer, c/o Oxford Centre for Innovation, New Road, Oxford, OX1 1BY, or email him on: David.Netwon@akriviahealth.com

You can also contact the ICO for further information or to make a complaint:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Email ICO

Report a concern on the ICO website