Plain English Summary
Compass Lifestyle Medicine is committed to protecting your privacy and taking care with your personal data.
As a data controller we are responsible for how your information is used and explaining that to you. We use information systems to store the information we hold about you. These include:
1. CHIPHub Litmos learning management system
2. Wellbeing 360TM Online Health Assessment
Why we process your information
The lawful basis for processing your personal data is on the basis of your consent. You are not under any obligation to provide us with your personal data, and you can withdraw your consent to your personal data being processed in this way at any time by contacting us.
If you withdraw your consent, this does not mean that our processing of your personal data before you withdrew your consent was unlawful.
We regularly produce anonymised data and share this with partners, stakeholders and clients. Extra care will be taken to ensure your identity is protected.
Where we process your information
We store and process your data with care and take put in place appropriate technical and security measures in place to protect it.
We may transfer anonymised information to our partner company (Lifestyle Medicine Institute based in US). This will be used to audit the results of CHIP and further develop and enhance the program. This will be done on an anonymised basis.
Sharing your personal information
We will not share your information with any third parties for the purposes of direct marketing.
We use data processors who are third parties who provide elements of our services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold your personal information securely and retain it for the period we instruct.
Keeping your personal information
Your information will be deleted from our systems as detailed in our Records Management Policy.
The information you provide will be managed as required by Data Protection law. The rights available to you depend on our reason for processing your information.
You have the right to:
• Ask for copies of your personal information, commonly known as making ‘Subject Access Requests’. This right always applies
• Request your information to be changed if you believe it inaccurate or incomplete
• Ask us to erase your personal information in certain circumstances
• Ask us to restrict the processing of your information in certain circumstances
• Object to the processing of your information. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it if are able to process your information because the process forms part of our public tasks, or is in our legitimate interests
There are some exceptions to these rights, for instance if we have a legal obligation to retain your personal information so we cannot delete it. All requests to exercise your rights will be considered on a case by case depending on the circumstances.
How do we look after your information?
We are committed to ensuring that your information remains secure. The information provided is stored on secure databases in secured locations. We take the necessary steps to ensure that our infrastructure performs as expected by running health checks on these systems.
Data Protection Impact Assessments
Compass Lifestyle Medicine uses data protection impact assessments to help us systematically and comprehensively analyse our data processing and help us to identify and minimise data protection risks. These are reviewed regularly as part of our information governance processes.
Our contact details
There are many ways you can contact us, including by phone, email and post.
Queries about this privacy notice should be directed towards our Data Protection Officer.
Our Data Protection Officer function is provided by IG Health. You can contact our Data Protection Officer, Umar Sabat at Umar.firstname.lastname@example.org or via our postal address on the contact us page. Please mark your correspondence for the attention of the Data Protection Officer.