Data subjects whose personal data is collected (whether they are users of the Company’s services or contracted with the Company as the provider of medical advice to users of the Company’s services) in line with the requirements of the GDPR.
(Last updated 13th May 2021)
Data subjects whose personal data is collected (whether they are users of the Company’s services or contracted with the Company as the provider of medical advice to users of the Company’s services) in line with the requirements of the GDPR.
We are Medstars Limited, a company registered in England and Wales under company number 08982663 who registered office is situated at The Oakley, Kidderminster Road, Droitwich, Worcestershire, England WR9 9AY.
For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation 16/679, the data controller is Medstars, which has ICO registration number ZB047428.
We offer an online service under which prospective patients can contact Medical Doctors with a view to receiving medical advice and treatment.
As we determine the purposes and means of the processing of your personal data, we are a controller under GDPR. In certain circumstances, such as where we are subject to the instructions of the Medical Doctors who we introduce to you, we are a processor.
Our GDPR Owner can be contacted directly here:
Upon registration as a prospective patient, we collect personal data from you. The personal data we would like to collect from and process on you is:
Personal data type: Source: (where Medstars obtained the personal data from if it has not been collected directly from you, the data subject. Note if the personal data has been accessed from publicly accessible sources): Name and address of the registrant or adviser Direct Contact Summary details of the reason for the call; interaction Direct Contact Additional data requested in online interaction relating to the data subject’s requirement for the Company services Direct Contact Adviser only: extensive liaison with regard to the adviser’s academic and work qualifications, including third party verification such as DBS checks. Direct contact and third party verification
The personal data we collect will be used for the following purposes:
Personal data will be shared with Medical Doctors with whom Medstars has a commercial relationship in addition to third party service providers for the purposes of secure retention of personal data under the terms of a data processing agreement
The two lawful reasons Medstars uses to process personal data are set out in Article 6 of the Regulation. Processing will only be lawful if and to the extent that at least one of the following applies:
Consent
Where We process personal data as a result of data subject consent, We ensure that consent is freely given, specific and informed, and established by a clear affirmative act. Where consent is withdrawn, we have set out (below) how this may be undertaken by the data subject.
Legitimate Interest
Where We process personal data as it is necessary for the purpose of our legitimate interests, We do so on the basis of a balanced evaluation of our interests and the rights and freedoms of the data subject which require protection. Presently, We have concluded that the way We manage the processing of personal data results in a cumulation of data subject protections which show that the balance is in favour of Medstars being able to rely on Article 6.1(f) of the Regulation as a lawful reason to process personal data.
In providing our services to you, Medstars offers prospective patients the option of obtaining medical advice and treatment with suitably qualified Medical Doctors. On balance, given that this is a service that is both necessary and of general utility, and, Medstars does not process personal data for any other reason than facilitating the provision of medical advice and treatment, Medstars deems the legitimate interest lawful reason for processing personal data to be appropriate.
Where you provide us with sensitive personal data, we may only process this under an exception to the general prohibition set out in Article 9 of GDPR. Under Article 9(2)(h) GDPR processing of personal data for inter alia, the purposes of medical diagnosis, is a lawful reason for the processing of personal data.
By consenting to our processing personal data as set out in this privacy notice you are giving us permission to process your personal data specifically for the purposes identified. Consent is required for Medstars to process your personal data, and it must be freely given, specific and informed and established by a clear affirmative act. Where we are asking you for Sensitive Personal Data we will always tell you why and how the information will be used.
You may withdraw consent at any time by emailing us at the following address: hello@medstars.co.uk with the following statement:
WITHDRAWAL OF CONSENT
I [STATE YOUR NAME] hereby withdraw my consent for Medstars Limited to process my personal data. Signed by data subject: [STATE YOUR NAME ]
Medstars will periodically disclose your personal data to third parties. The recipients of your personal data are as follows:
The Company will process personal data in accordance with the principles set out in Article 5 GDPR, namely that personal data will only be stored for as long as necessary. Where personal data is not required, it is deleted; where it is not required but may be subject to legal proceedings in the future, personal data is kept pursuant to the appropriate limitation period, namely 6 years. Tax-related data is kept for 7 years. In each case, such personal data will be archived with restricted access.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
In the event that you wish to make a complaint about how your personal data is being processed by Medstars, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Medstar’s data protection representatives GDPR Owner. The details for each of these contacts are:
Supervisory authority contact details | GDPR Owner contact details | |
---|---|---|
Contact Name: | Information Commissioner | Director, Medstars Limited |
Address: | Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: 0303 123 1113 (local rate) 01625 545 745 if you prefer to use a national rate number Fax: 01625 524 510 | The Oakley Kidderminster Road Droitwich Worcestershire England WR9 9AY Email us: hello@medstars.co.uk Call us: +44 330 088 9279 |
Document Owner and Approval
THE GDPR Owner is the owner of this document.