Privacy Policy

4ways Healthcare takes data protection and people’s privacy seriously and we are committed to continuing to comply with Data Protection laws. 

If you have any questions or wish to make a request in relation to your information, please contact our Data Protection Officer, dpo@4waysdiagnostics.co.uk

4ways Healthcare as a Data Processor

4ways Healthcare acts as a Data Processor for information we process on behalf of customers. This means that we act on our customer’s instructions when it comes to collecting, storing, accessing, using and sharing patient information.

Our customers decide the lawful basis and purpose of processing personal information and we have the necessary agreements in place to process information for these purposes.

Typically, our customers are NHS hospitals sometimes referred to as ‘NHS Trusts’ and private healthcare providers.

What services to do 4ways Healthcare provider?

4ways Healthcare provide support to the NHS and Healthcare organisations to supply outsourced radiology reporting services. We help the NHS and private Healthcare providers to save lives and improve patient care.

What information do we collect and use?

4ways Healthcare receives scanned images and reports from NHS Trusts and private healthcare providers for the purpose of supporting clinical patient care. We hold the information for a short period of days and then securely delete this information. We ensure and maintain confidentiality at all times.  

Who does 4ways Healthcare share information with?

4ways Healthcare does not share your information with anybody. We provide results back to the hospital or provide healthcare provider that sent us your scans. This information is processed in the UK and held in an encrypted format.

What about Information Rights?

Data Protection law provides a number of rights that 4ways Healthcare is committed to supporting their customers with:

  • Rights of access
  • Right to object or withdrawn consent
  • Right to correction
  • Right to portability
  • Right to complain

Since we act as a data processor and do not routinely have access to demographic information it makes it difficult to identify you and therefore any requests should be directed to the hospital or private provider who sent 4ways Healthcare your information.

Does 4ways Healthcare profiling or carry out automated decision making?

4ways Healthcare does not profile individuals and does not carry out any automated actions with your personal data.

How does 4ways Healthcare protect information?

4ways Healthcare are committed to ensuring the security and confidentiality of personal data. There are a number of ways we do this:

  • Staff receive regular training about protecting and using personal data
  • Policies are in place for staff to follow and are regularly reviewed
  • We check that only the minimum amount of data is shared or accessed
  • Our systems are structured so that it makes it difficult to identify patients
  • We use encrypted emails and storage which would make it difficult for somebody to intercept your information
  • We report and manage incidents to make sure we learn from them and improve
  • We put in place contracts that require providers and suppliers to protect your data as well

Cookies

Cookies are small text files which transfer to your computer or mobile when you visit a website or app. 

To learn more about the cookies we use please see here

How can I raise issues or make complaints?

You have the right to make a complaint to our Data Protection Officer (dpo@4waysdiagnostics.co.uk) or to the Information Commissioners Office in writing to the following address:-

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk

Subject Specific Notices  

For specified uses of information we have separate privacy notices below.

Plain English explanation

4ways acts a Data Processor working on behalf of health organisations in delivering Radiology reporting services for clinical organisations.

We receive basic personal information and scanned images about you if your local hospital is working with us. We keep this secure and confidential. Only clinicians working with us are able to view these images and report on these.

1) Data Controller contact details

Your Hospital or place where you are receiving treatment.  

2) Data Protection Officer contact details

dpo@4waydiagnostics.co.uk

3) Purpose of the processing

Direct Patient Care is care delivered to the patients in hospitals and healthcare settings in. We receive information from these organisations who use our reporting services to help treat and support you.

4) Lawful basis for  processing

The processing of personal data in the delivery of direct care and for providers’ administrative purposes in hospitals is supported under the following Article 6 and 9 conditions of the GDPR:

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.

Article 6(1)(f) “processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party”.

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…” 

5) Recipient or categories of recipients of the processed data

We do not share your information. We provide a report to your hospital or healthcare provider which supports them treating you.

6) Rights to object

You have the right to object to some or all the information being processed under Article 21.

Please contact your Hospital or healthcare organisation if you do not want us to process any of your information.

7) Right to access and correct

You have the right to access the data that is being shared and have any inaccuracies corrected. This should be done by contacting your Hospital or the healthcare organisation treating you.

8) Retention period

We only retain your personal information for a maximum of 15 days from the date of original imports before data is purged from our systems.

9)  Right to Complain

You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/  or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate).

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).

Date created: 1st July 2021

Last updated: 28/03/2023

Plain English explanation

As employers we need to keep certain information so that we can remain your employer and manage payments. This is a combination of personal and financial information.

We are required by law to hold certain types of data on those we employ under employment legislation.

We are also required by HMRC and various taxation laws, such as “The Income Tax (Pay As You Earn) Regulations 2003” to keep financial records.

For candidates who apply for to work at 4ways Healthcare we are also required to process your information for the purpose of recruitment and monitoring.

1) Data Controller contact details

4ways Healthcare Ltd

Nexus House

Boundary Way

Hemel Hempstead

Hertfordshire

HP2 7SJ

United Kingdom

2) Data Protection Officer contact details

dpo@4waydiagnostics.co.uk

3) Purpose of the processing

To comply with employment and tax legislation.

4) Lawful basis for  processing

The legal basis will be

Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.”

And

Article 9(2)(h) “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”

5) Recipient or categories of recipients of the processed data

We are required to share your information with HMRC for the purpose of taxation law.

6) Rights to object

You have the right to object to some or all the information being shared. Please contact our Data Protection Officer.

7) Right to access and correct

You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have records deleted except when ordered by a court of Law.

8) Retention

The data will be retained in accordance with our data retention policy to be held for:

Employees – 6 years after the contract period end date.

Job candidates – 6 months for unsuccessful applicants.

9)  Right to Complain.

You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/  or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate).

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website)

Date created: 27th February 2023  

Last updated: 28/03/2023

Plain English explanation

This Privacy Notice is addressed to:

  • our suppliers and service providers who are natural persons (such as self-employed persons); 
  • the representatives or contact persons of our suppliers and service providers who are legal entities; and 
  • any other visitors of one of our facilities.

1) Data Controller contact details

4ways Healthcare Ltd

Nexus House

Boundary Way

Hemel Hempstead

Hertfordshire

HP2 7SJ

United Kingdom

2) Data Protection Officer contact details

dpo@4waydiagnostics.co.uk

3) Purpose of the processing

For the purpose of billing, tenders, manage resources and support services provided to us by you.

4) Lawful basis for  processing

We will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal data if:

  • we have obtained your prior consent; 
  • the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;
  • the processing is necessary to comply with our legal or regulatory obligations; or
  • the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms. 

5) Recipient or categories of recipients of the processed data

The data will be processed will be contact information, bank account information (to pay you).

6) Rights to object

You have the right to object to some or all the information being processed under Article 21. Please contact our Data Protection Officer if you object. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance.

7) Right to access and correct

You have the right to access the data that is being held about you.

8) Retention period

The data will be retained in accordance with our contract with you and then held for 6 years after the contract period end date.

9) Right to Complain

You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/  or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate).

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).

Date created: 27/02/2023

Last updated: 28/03/2023

Plain English explanation

This privacy notice applies to all employees, workers, contractors on 4ways Healthcare Ltd Nexus House premises.

1) Data Controller contact details

4ways Healthcare Ltd

Nexus House, Boundary Way

Hemel Hempstead

Hertfordshire

HP2 7SJ

United Kingdom

2) Data Protection Officer contact details

dpo@4waysdiagnostics.co.uk

3) Purpose of the processing

4ways operates CCTV at Nexus House for the purposes of staff and visitor safety, maintaining the security of assets and premises and for preventing and investigating crime.

CCTV may also be used to monitor staff when carrying out work duties.  

4) Lawful basis for processing

Processing of this data is necessary to protect the vital interests of the data subject or another person; for compliance with legal obligations; and for the performance of tasks carried out in the public interest in our official functions.

5) Recipient or categories of recipients of the shared data

The data will only be processed by 4ways Healthcare Ltd and will not be shared except for the purpose of crime prevention.

6) Rights to object

You have the right to object to some or all of the information being shared.

7) Right to access and correct

You have the right to view any CCTV recordings.  Please contact the DPO to request the footage.

8) Retention period

The data will be retained for 60 days.

9) Right to Complain

You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/  or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate).

Date created: 27/02/2023

Last updated: 28/03/2023

Plain English explanation

This privacy notice applies to all employees, workers, contractors and users of our services and website. 

1) Data Controller contact details

4ways Healthcare Ltd

Nexus House, Boundary Way

Hemel Hempstead

Hertfordshire

HP2 7SJ

United Kingdom

2) Data Protection Officer contact details

dpo@4waysdiagnostics.co.uk

3) Purpose of the processing

4ways processes your information for the purpose of marketing and communication.   

This is likely because we believe our products or services will interest you.

4) Lawful basis for processing

We will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal data if:

  • we have obtained your prior consent; 
  • the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request;
  • the processing is necessary to comply with our legal or regulatory obligations; or
  • the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms. 

5) Recipient or categories of recipients of the shared data

The data will only be processed by 4ways Healthcare Ltd and will not be shared except for the purpose of crime prevention.

6) Rights to object

You have the right to object to some or all of the information being shared.

7) Right to access and correct

You have the right to request information held about you if it is held by us in social media accounts.

8) Retention period

The data will be retained for 60 days.

9) Right to Complain

You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/  or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate).

Date created: 27/02/2023

Last updated: 28/03/2023

Get in touch

To find out more, please fill in your details and a member of the team will be in contact shortly. 

Alternatively you can call us on

01442 260 322