Privacy & Confidentiality

Confidentiality Policy at PROMIS Clinics

At PROMIS Clinics, we are committed to maintaining the confidentiality of all personal information belonging to our service users and staff. Our policy ensures compliance with the UK GDPR, Data Protection Act 2018, and the Human Rights Act 1998, safeguarding privacy, promoting trust, and ensuring information is handled lawfully, fairly, and transparently.

Key Principles of Confidentiality

PROMIS Clinics adhere to the following principles when handling personal data:

  1. Lawfulness, fairness, and transparency — information is handled in compliance with the law.
  2. Purpose limitation: data is only used for its intended purpose.
  3. Data minimisation: only necessary information is collected and processed.
  4. Accuracy: data is kept up to date and correct.
  5. Storage limitation: data is not retained longer than necessary.
  6. Integrity and confidentiality (security): information is protected against unauthorised access.
  7. Accountability: staff ensure compliance with confidentiality policies.

Confidentiality Guidelines

  • PROMIS ensures all personal information is treated with the strictest confidence.
  • Information is only to be used for the purpose for which it was provided.
  • Personal information is not shared without your consent unless there is a lawful basis to do so, such as safeguarding concerns or statutory obligations.
  • Your data is not shared with family members without prior written consent, documented using the PROMIS Release of Information form.
  • Unauthorised access to records is strictly prohibited.
  • Physical and electronic records must be securely stored and disposed of appropriately.

Exceptions to Confidentiality

Confidentiality may be breached where there is a lawful basis to do so, including:

  • Where information indicates a serious risk to your safety or the safety of others.
  • Where disclosure is required to meet safeguarding responsibilities.
  • Where there is a legal obligation to disclose information, including in relation to criminal activity.
  • Where a statutory or regulatory body, such as the Care Quality Commission (CQC), has a lawful right of access.

Training and Compliance

  • All staff working at PROMIS receive training in confidentiality and record keeping.
  • Data storage and systems are subject to regular auditing, and practice is reviewed regularly.
  • Weekly management meetings review confidentiality incidents to improve practices.
  • Any breaches of confidentiality are investigated, with corrective actions implemented as required.

Should you wish to contact us for any matter relating to confidentiality, please email us at enquiries@promisclinics.com.

Privacy Policy at PROMIS Clinics

We respect the privacy of all our users and therefore collect and store only the data we require to provide our services to you, and ensure it is stored in a safe manner ensuring your privacy.

What personal data we collect and why we collect it

We collect only the information we need to respond to you and to provide our services.

Contact information

You may contact us via contact forms on this site or by phoning us directly via the numbers published on this site. We will collect your name, email and/or a phone number so we can get in touch with you, as well as any other contextual information provided by you so that we can advise you accordingly about the services we provide and how they may help you.

Cookies

Our website uses cookies. Some are essential for the site to function; others, used only with your consent, help us measure how visitors use the site so that we can improve it (see Analytics, below). You can control or delete cookies through your browser settings, though some features may not work as intended if you do.

Analytics

Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.

We use Google Analytics to help us understand how visitors use the site so that we can improve it. You can read more about how Google uses this information, and you can opt out of Google Analytics.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, and embed additional third-party tracking, and may monitor your interaction with that embedded content.

Who we share your data with

We do not and will never sell or transfer your data for reasons other than providing you with a better service on our own websites whilst maintaining your privacy and security. All third party services adhere to strict security and privacy policies which are also in accordance with UK GDPR and applicable data protection legislation. We use various services in order to achieve this including:

  • Hosting services for storing and serving information related to this website.
  • Analytics services for monitoring site usage.
  • CRM software for managing communication via email or phone between ourselves and those contacting us for information about our services.
  • Email Services for sending and storing email communication.

How long we retain your data

When you contact us, we will retain data concerning our communication until you ask us not to, in order to provide a better service should you contact us again.

What rights you have over your data

If you have gotten in touch with us directly, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

You can request this information, or for your information to be erased, by contacting us at enquiries@promisclinics.com.

How we protect your data and what data breach procedures we have in place

We protect customer data with the following site features:

  • We are entirely using SSL/HTTPS throughout all our sites. This encrypts our user communications with the servers so personally identifiable information is never captured by third parties without authorisation.
  • We use firewalls and malware scanners to prevent unauthorised access to your data.
  • Databases are sanitised (actual user personal details are removed) before deploying to a development or testing environment.

In case of a data breach, system administrators will immediately go through affected users and will attempt to reset passwords if needed after informing the user.