PRIVACY NOTICE
To the extent that we process relevant personal information this Privacy Notice explains how we process personal data on individuals or GP practices who deal with or interact with our business. We take privacy very seriously, and this document explains things you should know about what we do with personal data.
We Ash Lane are the “data controller” (i.e. the legal entity which decides the means and purpose for the processing of your personal data). We are registered at Park Farm, Ash Lane, Oakhill, Radstock, BA3 5BQ.
LAWFULNESS OF PROCESSING
Under the UK Data Protection Act 2018 (GDPR), the lawful basis we rely on for us to process your personal information has to be stated. In our case depending on circumstance we rely on (‘Legitimate Interest’.)
Under the UK DPA 2018 you have the following rights over the way we process personal data relating to you. We aim to comply without undue delay, and within 30 days at the latest, to subject access requests (SARs) or other information requirements relating to:
The information we collect very much depends on how you interact with us:
.
We are required to detail in our privacy notice the legal basis for data processing. We in the main rely on ‘legitimate Interest’ as the legal basis for the processing of data in the following areas:
The collection of contact details of our customers and prospective customers (predominantly GP Practices).
We may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies within the UK); in connection with any legal proceedings or prospective legal proceedings; and to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention, or other illegal activities; tax evasion; illegally working; visa violations, child support etc.).
Our web site may deploy and use cookies to enhance your browsing activities and allows us to gather statistical information about our visitors. However, the regulations require us to obtain consent for any marketing activities we carry out and in addition any cookies we deploy other than those essential to the operation of the web site. Please see our separate cookie notice for details on how we comply with these requirements. In regard to marketing activities we will only send emails or newsletters or invitations to events if we have your valid consent.
If we are involved in a merger or structural re-organisation, the information we hold may be included as part of that merger or re-organisation, in which case you will be notified via email and/or a prominent notice on the Website (when operational) of any changes in ownership or use of your information, as to any choices you may have regarding that information.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. Where we require you or recommend you use these third party service providers, such as payment gateways and other payment transaction processors, we irrespective of the fact, that they have their own privacy policies, are responsible for their use of your information.
Where we just provide access to third-party organisations, we recommend that you read their privacy policies, so you can understand the manner in which your personal information will be handled by these providers who are responsible for safeguarding your information.
To protect your personal information, we take, in our opinion, all necessary precautions to comply with the requirements of the DPA 2018 to ensure that personal data is not inadvertently or maliciously disclosed, altered or destroyed. When we use an external processor for Data services, we will have taken such steps to ensure, so far as we are able under contract, that the processor shall implement appropriate technical and organisational measures in accordance with DPA stipulated terms surrounding GDPR Article 32 (1).
We will hold your personal information on our systems for as long as is necessary for the relevant purpose, or as otherwise described in this privacy policy. The retention of data concerned with financial transactions and contracts are 7 years after transaction date or contract termination. Similarly, for employment data retention period is 7 years after termination of contract.
We reserve the right to modify this privacy notice at any time, if our business processes change or we have a change in processing activities we will update this notice, accordingly, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information to contact us info@ashlane.co.uk.
COOKIE POLICY
We may use cookies to ensure you can interact with all features of our website as described below.
Essential Website Cookies
Always Active
These cookies are strictly necessary to provide you with services available through our websites and to use some of its features, such as access to secure areas. Because these cookies are strictly necessary to deliver the websites, you cannot refuse them without impacting how our websites function.