Your data

It is important that you know how we handle your personal data. Privacy is very important to us, both in the delivery of our services, and for our website.

About us

We are Acos Medical Ltd, a limited company, registered in England under company number 10400922.

Our registered address is Websters, East Farm, Church Street, Codford, Warminster, Wiltshire, England, BA12 0PG.

You can contact us by filling out our contact form or by phone on 01647 507607.

We are registered to control data by the Information Commissioner’s Office under registration ZA514308.

For our ambulance services, we are regulated by the Care Quality Commission, as provider 1-5536637970.

What we do with data

To offer our services, we need to process personal data. This includes:

  • our patients and service users
  • our staff
  • clients and prospective clients
  • website users

Processing data includes collecting, recording, organising, storing, sharing, and destroying the data.

We will always be transparent about how your personal data is used and why. We will always respect your legal rights in relation to your data.

Patients and service users

As a medical service, we keep records about the work we do. This means that we collect and store:

  • personal information, including name, address, telephone number, date of birth, next of kin, and other essential information
  • information about your health, including medical observations that we make, and notes we take about what you tell us, or what others tell us about you. This is “special category” data under the data protection rules, which means we have to take extra care of it
  • metadata about your interactions with us, including location, time, ticket, wristband or competitor number, and other information which could, when combined with other information, identify you as an individual

Where you pay us for your service (like an ambulance transfer), we will also hold:

  • financial details, including details of how you pay us for your care

Why we hold this data

To process data, we need a “lawful purpose” and for patient data, we process data under the following lawful bases:

  • legal obligation – we are required, by law, to collect data about patients we treat under the Health and Social Care Act 2012, and for some patients under the Mental Capacity Act 2005.
  • vital interests – we process and share your data to protect life
  • public task – in some instances, we process data in the public interest

We do this so that we can:

  • provide and manage healthcare services, which serve patients’ interests
  • comply with our obligations under the law, as inspected by our regulator

We may also process your data on the basis of consent, where you wish for us to process your data in a particular way (such as sharing it with a third party)

How we hold your data

Patient data is primarily recorded using our paper records systems. This includes a number of forms designed for our staff to quickly and accurately record information at the point of treatment.

Our paper records are held securely at events, and then returned to our office, where they are transferred to secure storage. 

We will also make a digital record for every entry, which may include:

  • Surname
  • Date of birth and/or age
  • Category of treatment (e.g. allergy, trauma)
  • Metadata (e.g. time of incident)

This allows us to locate records if requested, and also forms the basis of our anonymised service monitoring data.

Who we share data with

Medical information is private, and we take this responsibility seriously.

We only share your information when we are legally obliged to do so, or when we have your express consent, freely given.

We are legally obliged to share your data under the following circumstances:

  • with other parts of the health and social care system to assist in your direct care. This is most commonly when we take a patient to hospital by ambulance, and hand over the patient information to them so you can be booked in. This follows the NICE Guideline CG138, and the requirements of the Health and Social Care (Safety and Quality) Act 2015.
  • where any safeguarding concerns exist, we are obliged to share information with local authorities, police, and other authorities
  • where your care is a regulated activity, with our regulator, the Care Quality Commission
  • where we have a court order

Friends and relatives

As part of our commitment to high-quality care, we do capture some information about friends, relatives, and other acquaintances of our patients.

This is usually:

  • personal information, including name, address, and telephone number

Occasionally we will capture other details, which can include:

  • information about your health, particularly in relation to family heritability (e.g. family history of a condition), based on what the patient or other people tell us.
  • observations about you, such as that you accompanying a particular patient

Why we hold this data

To process data, we need a “lawful purpose” and for patient data, we process data under the following lawful bases:

  • legal obligation – we are required, by law, to collect data about patients we treat under the Health and Social Care Act 2012, and for some patients under the Mental Capacity Act 2005, and data about relatives is part of this .
  • vital interests – we process and share your data to protect life, and next of kin can form part of this
  • public task – in some instances, we process data in the public interest

We do this so that we can:

  • provide and manage healthcare services, which serve patients’ interests
  • comply with our obligations under the law, as inspected by our regulator

We may also process your data on the basis of consent, where you wish for us to process your data in a particular way (such as sharing it with a third party)

How we hold your data

Data about friend and relatives are primarily recorded using our paper records systems. This includes a number of forms designed for our staff to quickly and accurately record information at the point of treatment.

Our paper records are held securely at events, and then returned to our office, where they are transferred to secure storage. 

We do not make any further processing of friend and relative data.

Who we share data with

Medical information is private, and we take this responsibility seriously.

We only share your information when we are legally obliged to do so, or when we have your express consent, freely given.

We are legally obliged to share your data under the following circumstances:

  • with other parts of the health and social care system to assist in the direct care of a patient. This is most commonly when we take a patient to hospital by ambulance, and hand over the patient information to them so you can be booked in. This follows the NICE Guideline CG138, and the requirements of the Health and Social Care (Safety and Quality) Act 2015.
  • where any safeguarding concerns exist, we are obliged to share information with local authorities, police, and other authorities
  • where the patient care is a regulated activity, with our regulator, the Care Quality Commission
  • where we have a court order

Your legal rights

For medical records in which you are featured as a relative, you have:

  • the right to be informed – you should be told when we are making records about you
  • the right of access – you can request to be told what information we hold about you. Note that we cannot release patient records without their consent, but we can check what data we hold about you as an individual. Contact us if you wish to exercise this right.

You have some limited rights to:

  • the right to rectification – your medical notes are contemporaneous, and cannot be changed, however we can append notes to your records if required
  • the right to restrict processing – you are able to restrict what we do with your personal information, except where we have a legal obligation as outlined above. Note that your personal data is never shared onwards or reprocessed except for these purposes.

You do NOT have:

  • the right to erasure – we are obliged to keep this data for the specified period, by law
  • the right to data portability – our notes are not held electronically, and are out of scope for this right
  • the right to object – you do not have the right to object to the holding of this data, as it is held by a legal obligation
  • rights in relation to automated decision making and profiling – we do not undertake any automated decision making

 

Staff and contractors

As a medical service, our staff are a vital asset to the business, and we do need to hold information about the people working for us, which includes:

  • personal information, including name, address, telephone number, date of birth, next of kin, national insurance number, and other essential information
  • financial details, so that we can pay you correctly
  • your training records, certificates, and CPD data
  • information from your disclosure and barring check
  • your important documents, such as driving licence, identity documents, and passport
  • information about your health, including physical and mental health, as part of our commitment to occupational health. This is “special category” data under the data protection rules, which means we have to take extra care of it
  • metadata about your interactions with us, including shift times, and records you make, which could, when combined with other information, identify you as an individual
  • data about work you do for us, including your details on other records

Staff and contractors can also choose to share data, including:

  • data about protected characteristics including sex, race, sexual orientation, and religion
  • photographs, videos, and similar

Why we hold this data

To process data, we need a “lawful purpose” and for patient data, we process data under the following lawful bases:

  • legal obligation – we are required, by law, to collect data about staff who treat patients
  • contract – where we need to hold this information as part of the contract you have with us
  • legitimate interests – where we need this data in order to function properly as a company

We do this so that we can:

  • provide and manage healthcare services, which serve patients’ interests
  • comply with our obligations under the law, as inspected by our regulator

We may also process your data on the basis of consent, where you wish for us to process your data in a particular way (such as sharing it with a third party)

How we hold your data

Staff data is held electronically, including:

  • personal data held securely on our access-controlled server
  • on the staff resourcing system “Sling” – Sling privacy policy

Who we share data with

Staff information is private, and we take this responsibility seriously.

Your basic details are shared to advance the legitimate interests of the company, which includes:

  • Name and qualification on rotas, briefing documents, and similar internal documents, so people can see when they are working, and who with
  • where we need to share details of specific qualifications (particularly state registration) with organisers

We only share your private information when we are legally obliged to do so, or when we have your express consent, freely given.

We are legally obliged to share your details in circumstances including:

  • with our regulator, the Care Quality Commission
  • where we receive a court order
  • where there are any safeguarding concerns, we may share your personal data with the police, local authority, or other competent authority

Where you have consented, by completing the relevant form, we may also share:

  • pictures of you
  • your first name