Healthier workforce, healthier bottom lines. Join our upcoming webinar. Thursday 9th March, 12.30 GMT. Register here.
Surgery Hero respects and protects your privacy. In this policy you will find information about when, how and why we collect personal data as well as the rights you have in relation to data collected.
We may revise this policy depending on changes in law or our operating practices. We will notify you if there are any major changes you need to be aware of. If you have any questions about any of this, please get in touch by emailing our Data Protection Officer at firstname.lastname@example.org. This policy was last updated on 25/01/2023.
Who we are
Who this policy applies to
How and why we process your data varies depending on which of the below categories you fall into;
How Personal Information is Obtained
We collect information when you
The information collected may come from you directly (ie information entered into forms or indirectly ie information collected when you browse our site such as IP address).
Types of Personal Information Obtained
Information collected includes;
If you are a patient or user of the Surgery Hero (Patient) App
Additional information about you and the status of your health is necessary in order to tailor our services, personalise advice and content for you and the healthcare professionals handling treatment. Some of the additional information we may use to do this includes special data as defined by Article 9 of the GDPR. Additional information collected includes ;
If you are a Healthcare Professional or Healthcare Administrator
To help us deliver the best possible experience, both for you and the patients you care for. We may request the following additional information;
If you are a supplier, applying for a job or visiting the site for another reason
Additional information may be required in order to assist you with your reason for getting in touch. For job applicants this may include;
Additional supplier information requested can include;
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA), Privacy and Communications Regulation (PECR) and the UK General Data Protection Regulation (GDPR) as it applies. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with ;
GDPR affords EU Data subjects with rights which are summarised below. In order to assert any of these rights, or to ask any questions, please contact our Data Protection Officer using email@example.com.
Right of Confirmation
You have a right to obtain confirmation as to whether or not personal data concerning you is being processed.
Right of Access
You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information, details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the UK.
Right to rectification
You have a right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have any incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erasure
You have the right to erasure of personal data concerning you without undue delay. We will action this right where one of the statutory grounds applies as long as the processing is not necessary.
Right of Restriction of Processing
You have the right to restrict processing where a statutory reason applies.
Right to Data Portability
You have a right to receive the personal data concerning you in a structured, commonly used and machine readable format.
Right to Object
You have a right to object on grounds relating to your particular situation, at any time, the processing of personal data concerning you.
Automated individual decision making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling.
Right to Withdraw Consent
Where consent forms the basis for processing, you have the right to withdraw consent to processing at any time. You can do this via our services or by contacting the data protection officer.
Right to complain to the supervisory authority
You also have a right to make a complaint to the Information Commissioner's Office, or the data protection regulator in the country where you usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, you may seek a remedy through the courts if you believe your rights have been breached.
Legal Basis for Processing
The legal basis for Surgery Hero processing personal data is typically where;
The legal basis for Surgery Hero processing special category data is typically;
How we share your information
We may share your personal information with the following third parties or categories of third parties.
Any third party with whom we share your personal information with shall be subject to privacy and security obligations consistent with applicable laws.
We will also disclose your personal information to third parties where it is in our legitimate interests to do so to run, grow and develop our business for example, In the event that we undergo re-organisation or are sold to a third-party personal information we hold about you may be transferred to that re-organised entity or third-party.
We may disclose your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Services or the rights, property or personal safety of any person.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
SurgeryHero uses traffic log cookies to identify and provide statistics on which pages are being used and how. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. When you click accept you are enabling these statistical cookies, you do have the option to decline this.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
How long we store your personal information
We keep your personal information for no longer than is necessary keeping in mind the reasons it was collected. The length of time for which we retain personal information depends on the reasons for which it was collected and if we are required to retain it to comply with any applicable laws or to defend our legal rights.
Security and Transfers
Surgery Hero takes all reasonable precautions to safeguard the confidentiality of your personal information, including through the use of appropriate organisational and technical measures.
Where you have been given or chosen a password that enables you to access certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
The personal information we collect is generally transferred to and stored on secure third-party servers located in the UK. Such storage is necessary in order to process the information. Where your data is processed or stored outside of the UK, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the appropriate safeguards described in the GDPR is in place, such as;
Any transfers made will be in full compliance with the Data Protection Legislation.
We encrypt your data at transmission to and from the App and Dashboard and at rest. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Changes to this policy