GDPR Committment

Direct Access Healthcare is committed to GDPR and the principals therein.

Data protection is a fundamental function of our business, we commit to the secure processing of any customer data and we welcome the new General Data Protection Regulation (GDPR).  GDPR places stricter controls on systems and process for organisations that process personal data within the EU.

As a supplier of consulting services that support the reduction of preanalytical errors in community diagnostics, we take seriously the need to demonstrate strict data governance and to anticipate and manage risk.

We have appointed a Data Controller who has carried out a Data Protection Impact Assessment to identify the data we hold, how information is collected, stored, used and protected.

Further information is available by contacting the data controller at contact@dahgroup.co.uk, a summary of our key processes is listed below for the purpose of transparency.

Web-site Analytics

When you visit www.dahgroup.co.uk, we use a third-party service, Google Analytics, to collect information and details of visitor patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is anonymous and does not identify anyone. You can view the Google Analytics Data and Security policy here.

Cookies

We use a cookies tool on our website which relies on implied consent of users.  You will be asked to confirm that you accept the use of cookies when visiting, www.dahgroup.co.uk.   Users may disable cookies or delete any individual cookie

Marketing and Customer Engagement

The personal information used for marketing purposes is either provided by a company contact in a web form or collected by the Direct Access Healthcare Sales team or its partners from events, conferences, direct contacts, or accessing other services or publicly available information (contact data on websites, data brokers etc.)

This data is used for marketing purposes, but also for statistical purposes and improving the quality of our Solutions.

We use a Customer Relationship Management (CRM) system to hold existing customer data and non-customer data.  The CRM tool is hosted and maintained by Freshworks. We will only ever use your details to inform and help you optimise community diagnostics, reduce preanalytical errors and improve diagnostic outcomes.

Third Party Providers

Our web site is maintained and hosted by WordPress, you can view their privacy policy here.

Our CRM system is maintained and hosted by Freshworks, you can view their Data Security Policy here and you can view their GDPR policy here.

We use an embedded Twitter link on our website, you can view the Twitter privacy policy here.

We use an embedded LinkedIn, link of our website, you can view the LinkedIn privacy policy here.

We use Amazon Web Services (AWS) to produce client dashboards, to optimise transport functions and to analyse transactional data you can view the AWS privacy policy here.

We use Microsoft services Office and One-Drive, you can view the Microsoft privacy policy here.

Data Storage

All data is stored in the cloud using Microsoft services including Office and One Drive for file storage.  We use Amazon Web Services for data modelling, this includes transactional data held in secure S3 buckets. We do not store client data on local devices, laptops or mobile devices.

Client projects are anonymised using numerical codes, i.e. Project 6500X.

All files held on our systems are password protected.

We do not process any personal data, patient data, patient identifiers or any other personal data in the production of modelling outputs.

We do process transactional data such as; fuel consumption, mileages travelled, transport collection times, product temperature data, collection addresses, clinic opening and closing times, practice list sizes, product use by volume, product consumption by volume, travel time data, specimen integrity data and other non-personal data used to calculate performance trends.

Microsoft complies with ISO 20718, https://download.microsoft.com/download/F/D/A/FDA4697E-D72D-4513-8626-A5F294DC7A0F/ISOIEC_27018_Compliance_Backgrounder.pdf

AWS complies with ISO 20178. https://aws.amazon.com/compliance/iso-27018-faqs/

Data held within third party applications is stored within the EU or UK.

Data Security

We use a VPN service to encrypt data sent over the internet.

Purpose and legal basis for processing

The purpose for implementing all the above is to maintain and monitor the performance of Direct Access Healthcare service and to improve access the community healthcare services where our users operate. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.