Reframe gathers and processes your personal data in accordance with this privacy notice and in compliance with relevant data protection regulations and laws. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.
Reframe is a trading style of Harley Street Concierge Ltd, a limited company registered in England and Wales under company number 8331310. Registered office is Regent House, 316 Beulah Hill, London, SE19 3HF. We act as a data controller and a data processor and Reframe is registered on the Information Commissioner’s Office Register of Data Controllers under registration number ZA033036. Our designated Data Protection Officer can be contacted at Reframe, The Square, Basing View, Basingstoke, Hampshire, RG21 4EB.
Data that we collect
Reframe processes your personal data to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your data in any way, other than specified in this notice.
The personal data that we collect may include:
*name, address and contact details, including email addresses and telephone numbers;
*date of birth and gender;
*employer name and employee ID;
*relationship to main policy holder;
*relationship to nominated representative;
*medical health records whether provide by the NHS or other third parties.
We collect data in the following ways:
*over the phone
*electronically through on-line forms, by e-mail, websites, or chat
*from relevant third-party organisations (e.g. NHS, employer, insurer)
Owing to the products and services we offer, Reframe sometimes needs to request sensitive personal data from you such as your health data and medical history. Where we collect sensitive personal data, we will only request the data required for the specified purpose and always ask for your explicit consent through a signature. You can modify or remove consent at any time, which we will act on immediately, unless there is a legitimate interest or legal reason for not doing so.
How we use your personal data
Reframe takes your privacy very seriously and will never disclose, share or sell your personal data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice.
We collect, process and store personal data in the performance of a contract or to provide a service requested by you, and as part of our legal obligation for business accounting and tax purposes.
Occasionally, Reframe would like to contact you with details of the products, services and information that we provide. If you consent to us using your contact details for these purposes, you have the right to modify or withdraw your consent at any time by using available opt-out or unsubscribe options or by contacting Reframe directly.
Other uses of data
We use anonymised and aggregated data gathered during the delivery of our services to track company performance, identify opportunities for improving services, identify potential complaints or near misses, and as examples of feedback.
Reframe does not provide clinical diagnosis or treatment advice to clients and therefore does not obtain consent for treatment. Such consent is obtained by healthcare professionals at the time of providing treatment.
How long we keep your data
Reframe only ever retains personal data for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep specific basic personal data for a minimum of 7 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise or withdraw your consent.
Consequences of not providing your data
You are not obliged to provide your personal data to Reframe, however this data is required for us to provide our services to you, so we will not be able to offer our products or services without the necessary data.
Sharing and disclosing your personal information
We do not share or disclose any of your personal data without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Reframe uses third parties to provide the services and business functions listed below, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
Clinicians & Medical Service Providers
We will share your name, contact details and relevant medical records with relevant Clinicians and Medical Service Providers to enable the performance of the contract you enter with us for a specific service. This data will only be shared when you have given us your consent. We will send you relevant documentation prior to us commencing our services that will allow you to provide your consent.
Where relevant, we will use PayPal to invoice you for a services that you purchase directly from Reframe. PayPal act in the capacity of a processor on our behalf. The only data we provide them with is your name, address and order details to meet their business and legal requirements.
Where relevant, we will share your personal data and relevant health information with your insurer, AmTrust. This information will only be shared when you have given us your consent as part of an insurance contract. We will send you relevant documentation prior to us commencing our services that will allow you to provide your consent.
Reframe takes your privacy seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
*data encryption, anonymisation and pseudonymisation;
*data access restrictions;
*system access controls and multifactor authentication;
*data security and protection risk assessment;
*internal and external audits;
*privacy by design for platform development;
*staff training on data protection.
Cookies and how we use them
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to track website usage and pages visit.
*analyse our web traffic using an analytics package so that we can use aggregated usage data to help improve the website structure, design, content and functions;
*identify whether you are signed into our website;
*test content on our website, for example, half our users might see one piece of content and the other half see a different piece of content;
*store information about your preferences so the website can then present you with information you will find more relevant and interesting;
*recognise when you return to our website so we may show you relevant content or provide functionality you used previously.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
To learn more about cookies and how they are used, visit http://www.allaboutcookies.org/.
Where you have consented to us providing you with promotional offers or marketing, you are free to withdraw consent at any time.
You have the right to access any personal data that Reframe processes about you and to request information about:
*the categories of personal data and your data that we hold;
*the purposes of the processing;
*the recipients to whom the personal data has or will be disclosed;
*how long we intend to store your personal data for
*the data source if we did not collect the data directly from you.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct or complete the data and we will strive update it as quickly as possible unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request. This is to ensure that your data is protected and kept secure.
Lodging a complaint
Reframe only processes your personal data in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or you are unsatisfied with how we have handled your data, you have the right to lodge a complaint with the supervisory authority in writing to the Data Protection Officer at Reframe, The Square, Basing View, Basingstoke, Hampshire, RG21 4EB, or by calling us on 0207 965 0309 or emailing us at firstname.lastname@example.org.
You may also contact the Information Commissioners Office by writing to Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, calling 0303 123 1113 or visiting the website at www.ico.org.uk.