iWGC PRIVACY NOTICE
(FOR RATINGS AND REVIEWS ON THE PUBLIC WEBSITE)
CONTENTS
You can click through to the specific content areas set out below.
You can download a pdf version of this notice here.
- About Us
- Why this notice is important
- Introduction
- How we obtain your personal data
- The types of personal data we use and how we use them
- Special categories of personal data
- Consent
- Change of purpose
- Marketing
- Automated decision making
- Sharing your personal data
- Transfers of your personal data outside the EU
- Data security
- How long we keep your personal data
- Your rights
- You are not obliged to provide us with any personal data
- Links to other websites
- Complaints and enquiries
- How to contact us
- Changes to this privacy notice and your personal data
ABOUT US
We are iWGC Limited, a company registered in England with company number 06632290.
Our registered office is at Suite 16, Cromwell Business Centre, Fairfax House, Cromwell Park, Banbury Road, Chipping Norton, OX7 5SR.
We are registered with the UK Information Commissioner’s Office under registration number Z1387794.
WHY THIS NOTICE IS IMPORTANT
Please read this notice carefully. It sets out how we use your personal data and your rights as a data subject.
Please read this Privacy Notice together with any other privacy notice we may provide for specific circumstances when we process your personal data.
This Privacy Notice supplements those other notices; it does not replace them.
INTRODUCTION
Personal data is information about an identifiable individual; anonymous or anonymised data about an individual is not personal data.
This Privacy Notice applies when we control the purposes for which your personal data is collected and used and when we collect personal data to connect you to an appropriate healthcare professional or provider; it does not apply when we process personal data on behalf of someone else (e.g. one of our patient feedback customers) who controls how your personal data is used.
This Privacy Notice applies to personal data about:
- clinicians who register or open an account with us;
- clinicians who are rated or reviewed on our public website;
- patients and members of the public over 18 years old who provide us with a rating, review or feedback for our public website or require to be connected to a healthcare professional or provider;
- parents and guardians of any patient or member of the public who provides us with a rating, review or feedback for our public website and who is under 13 years old;
- family members of any patient or member of the public and who provides us with a rating, review or feedback for our public website; and
- carers over 18 years old of any patient or member of the public who provides us with a rating, review or feedback for our public website.
Clinicians include doctors, dentists, nurses, optometrists, physiotherapists, pharmacists and other healthcare professionals.
Our public website is at www.iwantgreatcare.org.
This Privacy Notice does not apply to how we handle:
- patients and members of the public who are under 18 years old who provide us with a rating, review or feedback for our public website or require to be connected to a healthcare professional or provider; or
- carers under 18 years old of any patient or member of the public who provides us with a rating, review or feedback for our public website.
- our current or former employees’ or workers’ personal data or personal data of job applicants; or
- personal data of our suppliers (if they are individuals) or of individual contacts at organisations who are our customers, suppliers or prospects.
Data Protection law obliges us to:
- use your personal data lawfully, fairly and in a transparent way;
- collect your personal data only for valid purposes which we have clearly explained to you and not use your personal data in any way which is incompatible with those purposes;
- collect and hold personal data which is relevant to the purposes we have told you about and limited only to those purposes;
- keep your personal data accurate and up to date;
- keep your personal data only for as long as is necessary for the purposes we have told you about; and
- keep your personal data securely.
HOW WE OBTAIN YOUR PERSONAL DATA
Clinicians
We collect personal data from you if you register or open an account with us, and when you change the information you have provided to us.
We collect personal data about you from anyone who sends us a review, rating or feedback which mentions you.
We collect information about you from public registers such as the GMC register.
We collect information about you which is available to the public through your practice’s or your employer’s website.
Patients and reviewers
We collect personal data from you when you provide us with a rating, review or feedback.
We collect personal data from you when you request to be connected to a healthcare professional or provider.
Carers, parents or guardians and family members
We collect personal data from you when you assist a patient to provide us with a rating, review or feedback or provide a rating, review or feedback on behalf of a patient.
If you are a carer, parent or guardian or family member of a patient, please do not send us information about yourself, e.g. your age, ethnicity, gender, health or healthcare experience. Our intention is to collect and process personal data about the patient.
Interaction with our website: We collect data about your equipment and browsing when you use our website. We use cookies and similar technologies. Please see our cookie notice for more information.
We use a third party service, Google Analytics who are based outside the European Union, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of our website. This information is processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identity of anyone visiting this website.
THE TYPES OF PERSONAL DATA WE USE AND HOW WE USE THEM
The types of personal data we collect and use, the purposes for which we use your personal data, and the lawful bases we rely on to allow us to use your personal data in that way are set out below.
Where the lawful basis is our legitimate interests or the legitimate interests of a third party, we have also indicated what those interests are.
We may have more than one lawful basis for using your personal data.
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers in the public having access to reliable information
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to reliable information
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to reliable information
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to reliable information
The legitimate interests of the public and organisations in the healthcare and pharmaceutical sectors in having access to those results
The legitimate interests of the public and organisations in the healthcare and pharmaceutical sectors in having access to those results
The legitimate interests of the public in having access to information about hospitals, wards, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, and nursing homes
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to information
The legitimate interests of the public in having access to information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to information
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers in the public having access to reliable information
The legitimate interests of the public in having access to information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers in the public having access to information
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to reliable information
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to reliable information
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to reliable information
The legitimate interests of the public in having access to reliable information about clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, medicines, treatments and wheelchair providers
The legitimate interests of clinicians, other healthcare professionals, hospitals, clinics, GPs’ practices, dentists’ practices, pharmacies, hospices, nursing homes, other healthcare providers, and wheelchair providers in the public having access to reliable information
The legitimate interests of the public in having access to information about clinicians, and the healthcare providers for whom you work
Your legitimate interests in providing information to your patients and the public
The legitimate interests of the public in having access to reliable information about clinicians, and the healthcare providers for whom you work
Your and your practice’s or employer’s legitimate interests in providing reliable information to your patients and the public
The legitimate interests of the public in having access to reliable information about clinicians, and the healthcare providers for whom you work
Your and your practice’s and employer’s legitimate interests in providing accurate information to your patients and the public
The legitimate interests of the public in having access to information about clinicians, and the healthcare providers for whom you work
Your legitimate interests in providing information to your patients and the public
The legitimate interests of the public in having access to information about clinicians, and the healthcare providers for whom you work
Your legitimate interests in providing information to your patients and the public.
The legitimate interests of the public in having access to information about clinicians, and the healthcare providers for whom you work
Your legitimate interests in providing information to your patients and the public.
The legitimate interests of the public in having access to information about clinicians, and the healthcare providers for whom you work
Your legitimate interests in providing information to your patients and the public.
The legitimate interests of the public in having access to information about clinicians, and the healthcare providers for whom you work
Your legitimate interests in providing information to your patients and the public.
The legitimate interests of the public in having access to information about clinicians, and the healthcare providers for whom you work
Your legitimate interests in providing information to your patients and the public.
Criminal convictions and offences: We do not collect any data about criminal convictions and offences.
Derived data: We derive information about you by combining the information we hold about you with other data sets such as, if you are a clinician, your professional registration data, e.g. the GMC register.
Aggregated Data: We collect, use and share aggregated data such as statistical or demographic data for any purpose, including research and statistical analysis.
Aggregated Data may be derived from your personal data but is not personal data because it does not directly or indirectly identify you.
If we combine or connect any aggregated data with your personal data so that you can be identified, the combined data will be used in accordance with this Privacy Notice.
SPECIAL CATEGORIES OF PERSONAL DATA
The special categories of personal data we collect and use, the purposes for which we use that personal data, the legal bases we rely on to allow us to use your personal data in that way and further justification for using that personal data are set out in the table below.
The legitimate interests of the public and organisations in the healthcare and pharmaceutical sectors in having access to those results.
Your explicit consent, should we wish to use the data in any form which is not anonymised.
The legitimate interests of the public and organisations in the healthcare and pharmaceutical sectors in having access to those results
Your explicit consent, should we wish to use the data in any form which is not anonymised
The legitimate interests of the public and organisations in the healthcare and pharmaceutical sectors in having access to those results
Your explicit consent, should we wish to use the data in any form which is not anonymised
The legitimate interests of the public and organisations in the healthcare and pharmaceutical sectors in having access to those results
Your explicit consent, should we wish to use the data in any form which is not anonymised
YOUR CONSENT
If you are identified or identifiable, we will not process special categories of your personal data without your explicit consent. If we ask for your consent, we will provide you with full details of the special category personal data we would like to process and the reason we need to process it, so that you can consider whether or not you are willing to give your consent.
You will always be free to withhold that consent and, once you have given it, to withdraw it at any time.
CHANGE OF PURPOSE
We will use your personal data only for the purposes for which we collected it, unless:
- we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose; or
- we anonymise your personal data and use it for research or statistical purposes.
For an explanation as to how use of your personal data for a new purpose is compatible with the original purpose, please email our Data Protection Officer at dpo@iwantgreatcare.org, or write to our office at Suite 16, Cromwell Business Centre, Fairfax House, Cromwell Park, Banbury Road, Chipping Norton, OX7 5SR.
If we intend to use your personal data (except anonymised and aggregated) for an unrelated purpose, we will contact you to explain the legal basis which allows us to use your personal data for that unrelated purpose.
MARKETING
Unless you have requested us not to do so, we may send marketing materials to you at your home or work address. You have the right to opt out of this at any time. Please see Your Rights.
We may send emails to you to market our products and services which are similar to those which you have previously acquired or negotiated to acquire, but you can always opt out.
Otherwise we will not send marketing materials to you at your email address unless we have your specific consent (which you can withdraw at any time).
AUTOMATED DECISION MAKING
We do not use information about you for the purposes of automated decision making.
SHARING YOUR PERSONAL DATA
We may share your personal data with:
- other data controllers. Please click here for a list of other data controllers with whom we, as a controller, currently share personal data. Those controllers will be obliged to provide you with information about what personal data they use, for what purposes and of their legal bases for processing your personal data, and to comply with the data protection legislation;
- a purchaser of iWGC or of our business or any business assets - we may disclose your personal data to the prospective buyer(s) and its or their professional advisers and, if our business assets are sold, personal data will be one of the assets transferred;
- any business with which we merge or merge part of our business;
- any company or business which we acquire;
- anyone we engage to process personal data for us, such as a provider of our IT systems. That person will be obliged to use your personal data only for our purposes, to process it only in accordance with our instructions and to have appropriate security measures in place to protect your personal data. For a list of the people we currently use to process personal data for us please click here;
- if necessary to obtain advice, to our professional advisers who owe an obligation of confidence to us;
- to law enforcement agencies, if we know of think that you or your employer are/is engaged in any illegal activity;
- anyone, if necessary to comply with any law or regulation; and
- anyone, if necessary to enforce our rights or to protect our property or to protect the rights or property of anyone else.
TRANSFERS OF YOUR PERSONAL DATA OUTSIDE THE EU
We may transfer your personal data outside the European Union (the EU), but we will not do so unless:
- we transfer it to a country which the European Commission has decided ensures an adequate level of protection for personal data or if the recipient has entered into the Standard Contractual Clauses published by the European Commission. If you wish to see a copy of the Standard Contractual Clauses, please email our Data Protection Officer at dpo@iwantgreatcare.org, or write to our Data Protection Officer at Suite 16, Cromwell Business Centre, Fairfax House, Cromwell Park, Banbury Road, Chipping Norton, OX7 5SR.
- we transfer your personal data to an entity in the United States which participates in the Privacy Shield. That obliges the US entity to protect personal data shared between the EU and the US. For more information please click here.
- you have given your explicit consent to the transfer of your personal data outside the EU. (If you have given that consent you may withdraw it at any time by emailing our Data Protection Officer at dpo@iwantgreatcare.org, or writing to our Data Protection Officer at Suite 16, Cromwell Business Centre, Fairfax House, Cromwell Park, Banbury Road, Chipping Norton, OX7 5SR);
- we cannot perform a contract with you without making that transfer;
- we cannot take steps you have requested us to take without making that transfer;
- we cannot enter into or perform a contract with someone else and which is in your interests without making that transfer;
- the transfer is necessary for important reasons of public interest; or
- the transfer is necessary for the establishment, exercise or defence of legal claims.
Your personal data may be accessed by our staff when they are outside the EU, but the same safeguards will apply as though our staff were accessing your personal data from within the EU.
DATA SECURITY
We have appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will process your personal data only on our instructions and they are subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will tell the Information Commissioner’s Office and you of a breach of security involving your personal data if the law obliges us to do so.
HOW LONG WE KEEP YOUR PERSONAL DATA
We will keep your personal data only for so long as is necessary to achieve the purpose for which we have collected that data, or as required by law, or as required for in order to meet any legal, accounting, or reporting requirements.
When deciding what is the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from any unauthorised use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are set out in our data retention policy. You can request a copy of that by emailing our Data Protection Officer at dpo@iwantgreatcare.org, or writing to our Data Protection Officer at Suite 16, Cromwell Business Centre, Fairfax House, Cromwell Park, Banbury Road, Chipping Norton, OX7 5SR.
In some circumstances you can ask us to delete your personal data. Please see Your Rights.
If we anonymise your personal data, it will no longer be personal data and we may use it indefinitely.
YOUR RIGHTS
In certain circumstances you have the right to:
Request access to your personal data: You have the right to receive confirmation of whether or not we are holding or using your personal data and, if we are, to obtain a copy of your personal data.
Request the correction of your personal data: You have the right to have any incomplete or inaccurate personal data we hold about you corrected. We may need to verify the accuracy of any new data you provide.
Request the erasure of your personal data (the right to be forgotten): You have the right to ask us to delete or remove personal data where we have no good reason to continue using it.
You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to our using it (see below), where we may have used your personal data unlawfully or where we are required to erase your personal data to comply with the law. We may not always be able to comply with your request for erasure for legal reasons which we will inform you about if you request erasure.
Request a restriction on the processing of your personal data: You have the right to ask us to suspend the processing of your personal data in the following circumstances:
- if you want us to establish the data's accuracy;
- where our use of your personal data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
Object to the processing of your personal data: You have the right to object, where we are relying on our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data and that those grounds override your rights and freedoms.
Object to the use of your personal data for direct marketing purposes: You have the right to object where we are processing your personal data for direct marketing purposes.
Withdraw consent: Where you have given consent to our using your personal data for a specific purpose, you have the right to withdraw that consent at any time. Your withdrawal of consent will not affect the lawfulness of any use of your personal data based on your consent before you withdraw consent.
Request the transfer of your personal data (data portability): You have the right, where you provided your personal data to us, you gave consent to our using your personal data or we used that personal data to perform a contract with you and we have processed that data by automated means, to receive the personal data you have provided to us and to have us transmit that data to another person, if it is feasible to do so.
If you want to exercise any of the above rights please email our Data Protection Officer at dpo@iwantgreatcare.org, or write to our Data Protection Officer at Suite 16, Cromwell Business Centre, Fairfax House, Cromwell Park, Banbury Road, Chipping Norton, OX7 5SR.
We try to respond to all legitimate requests within a month. It may take us longer than a month if your request is complicated or you have made a number of requests. In this case, we will notify you and keep you updated.
Normally you will not have to pay a fee to access your personal data or to exercise any other right, but, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any other right. This is to ensure that personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
YOU ARE NOT OBLIGED TO PROVIDE US WITH ANY PERSONAL DATA
You may decide not to give us any personal data, but if you do not to provide data which is necessary for us to provide a service or to verify your identity we may not be able to provide and you may not be able to use that service or we may not be able to comply with any request to exercise your rights if we are unsure about your identity.
LINKS TO OTHER WEBSITES
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control those third-party websites and we are not responsible for their privacy policies or statements.
This Privacy Notice does not apply to any website operated by a third party. If you visit a third party website, please read its Privacy Notice or privacy statement to find out how it uses your personal data.
COMPLAINTS AND ENQUIRIES
We take any complaints we receive very seriously. Please bring it to our attention if you think that our collection or use of your personal data is unfair, misleading or inappropriate.
We also welcome any suggestions for improving our procedures.
This Privacy Notice was drafted with brevity and clarity in mind. It does not provide exhaustive details of our collection and use of personal data, but please feel free to contact us if you want any additional information or further explanation.
You have the right to make a complaint about the way we have used your personal data to the UK Information Commissioner’s Office (the ICO) at The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or www.ico.org.uk. Or, if you are in the European Union but based outside the UK, you can make a complaint to the data protection supervisory authority in the country in which you live.
Please give us a chance to address your concerns before you contact the ICO or any other data protection supervisory authority.
HOW TO CONTACT US AND OUR DATA PROTECTION OFFICER
If you want to ask us about this Privacy Notice, please email our Data Protection Officer at dpo@iwantgreatcare.org, or write to our Data Protection Officer at Suite 16, Cromwell Business Centre, Fairfax House, Cromwell Park, Banbury Road, Chipping Norton, OX7 5SR.
CHANGES TO THIS PRIVACY NOTICE AND YOUR PERSONAL DATA
We keep this Privacy Notice under review. It was last updated on 2 April 2024.
It is important that your personal data is accurate and up to date. Please let us know if your personal data changes.