Robust Information Governance is crucial to our business, so we understand how important it is to be open and clear about our use of personal data, and to comply with European Union Law and the General Data Protection Regulation (GDPR) in this regard.
Under data protection law, individuals have a right to be informed about how we use any personal data that we hold about them. We comply with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where we are processing their personal data.
This privacy notice explains how we collect, store and use personal data about Sollis customers and users of our software and services.
Why we collect customer and user information
Our lawful basis for collecting customer and user information is to enable us to conduct business with them and provide system support and services.
We use customer and user data to:
- Implement software and services
- Provide a helpdesk and consultancy facility
- Provide an account management facility
- Market products and services
For the purposes of data protection law, Sollis is the data controller. Our data protection officer is Graham Head (email@example.com).
What personal data do we collect?
The personal data that we may collect, hold and share (when appropriate) about customers and Sollis software users includes, but is not restricted to:
- Job Title
- Business / employers address
- Business contact telephone number
- Business contact email address
- Link to public social media profile
Note that Sollis holds no patient data. Sollis acts as either a ‘data processor’ or ‘sub-processor’ of patient data, depending on our contract with the customer, according to documented data processing agreements.
What is the legal basis for using this data?
We collect and store customer and user personal data where:
- We need to comply with legal obligations of running the business
- We need to comply with ISO 9001 requirements
How long do we store customer and user personal data?
We keep customer and user data for the duration of the contract between Sollis and the customer. On the termination of a contract, we keep customer data for a further 7 years for business auditing purposes. Any data related to our responsibility as a data processor or sub-processor is deleted on termination of the corresponding contract with our customer.
Who do we share customer and user personal data with?
We do not share customer or user data with third parties without consent unless the law and our policies allow us to do so. As part of a contract to provide Sollis software and services, we may need to provide customer and user contact details to partners, sub-contractors and associates in order for them to fulfil their obligations to the customer.
Our partners, sub-contractors and associates are:
Johns Hopkins HealthCare LLC
Apollo Medical Software Solutions
GE Healthcare Finnamore Ltd.
Jackie Reeves Associates
Channel 3 Consulting
NHS North East London Commissioning Support Unit
Outcomes Based Healthcare
IT Health Partnership
How can you request access to your personal data?
Under data protection legislation, you have the right to make a ‘subject access request’ to gain access to personal data about you that we hold.
If you make a subject access request, and if we hold personal data about you, we will:
- Tell you what it is
- Tell you why we are holding and processing it, and how long we will keep it for
- Tell you who it has been, or will be, shared with
- Let you know whether any automated decision-making is being applied to the data, and any consequences of this
- Give you a copy of the information in an intelligible form
If you would like to make a request, please contact firstname.lastname@example.org.
You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for the purpose of direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
- Claim compensation for damages caused by a breach of the Data Protection regulations
To exercise any of these rights, please contact email@example.com.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.
To make a complaint, please contact firstname.lastname@example.org.
Alternatively, you can make a complaint to the Information Commissioner’s Office:
- Report a concern online at https://ico.org.uk/concerns/
- Call 0303 123 1113
- Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF