TMS Privacy Policy

Last reviewed date: 14 June 2018

We are Trident Medical Services (TMS), an independent occupational health provider. We are committed to being transparent about how we collect and use data and to meeting our data protection obligations. This policy sets out how we use and protect any personal information we hold and process about you.

Data protection principles

All personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

  • processing is fair, lawful and transparent;
  • data is collected for specific, explicit, and legitimate purposes;
  • data collected is adequate, relevant and limited to what is necessary for the purposes of processing;
  • data is kept accurate and up-to-date. Data which is found to be inaccurate will be rectified or erased without delay;
  • data is not kept for longer than is necessary for its given purpose;
  • data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures;
  • we comply with the relevant data protection legislation procedures for international transferring of personal data.

Personal data

In providing you with our services, we may process your personal data. Personal data is information about you from which you can be identified, such as your name, date of birth and contact details.

Confidentiality

The confidentiality of your personal data is of paramount concern to TMS and we comply with UK data protection legislation and all the applicable medical confidentiality guidelines issued by professional bodies such as the General Medical Council and the Nursing and Midwifery Council.  

How do we protect and safeguard your data?

We take the security of your data seriously. Our internal policies and controls are designed by default to ensure that your personal data is not accidentally destroyed, misused, disclosed or lost and is not accessed except by our employees in the performance of their job role duties.
Where we engage third parties to process personal data on our behalf, they do so under written instructions, a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

How long do we keep your data?

We only keep your data for as long as is necessary and in accordance with UK legislation and medical and industry guidelines.

Your rights and how to exercise them

As a data subject, you have a number of rights and freedoms. You can:

  • obtain confirmation as to whether your personal data is being processed and where that is the case, gain access to the personal data;
  • require TMS to rectify incorrect or incomplete data;
  • require TMS to erase or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data where TMS is relying on its legitimate interests as the legal ground for processing.
  • move, copy or transfer your personal data from one IT environment to another, securely and without affecting its usability.

If you would like to exercise any of these rights, please contact our Data Protection Officer (DPO) at: dpo@trident-ms.co.uk. We will ask you to provide documentation to confirm your identity or, if you are acting on behalf of another individual, we will ask you for proof of their consent or your legal right to receive their personal information.
If you believe that TMS has not complied with your rights and freedoms you can make a complaint. Please see the contact details in this document.

Changes to our processing arrangements

Should we need to change the way we collect, store or process your data we will contact you to let you know.

We have provided the rest of the information in a layered format to ensure it remains clear and concise. Please click on the sub-heading below that best describes you and the relevant information will be displayed.

Website users

What personal data do we collect?

When you use our website we may collect the following personal data:

  • your name, company, email address and telephone number;
  • the internet protocol (IP) address of the device you are using, the browser software you use, your operating system, the date and time of access and information on how you use our website;
  • details of contact we have had with you including records of telephone conversations and emails;
  • information you give us when responding to online surveys for research purposes.

We also collect technical data via Google Analytics, however these reports do not contain any personal data.

How do we collect your data?

We may collect this information in a variety of ways. For example, we might collect data when:

  • you complete our ‘contact us’ form;
  • you fill in your details to book an event or webinar;
  • you subscribe to email notifications and/or newsletters;
  • you complete an online survey.
Why do we process your personal data?

We may process your personal data for any of the following reasons:

  • to enable us to contact you in response to a query or request for information;
  • to register you for email notifications and/or newsletters that you have subscribed to;
  • to book you onto an event and/or webinar;
  • to collect your opinions as part of any research we may carry out.
What is the lawful basis for processing?

We may process your data on the grounds of contractual or legitimate interests – if we need to respond to your enquiry or enter into a ‘contract’ of services with you, or book onto an event we are hosting. If you have subscribed to our email notifications or newsletter we are relying on your consent to process your personal data. You can withdraw this consent at any time.  

Who do we share your data with?

Your data may be shared internally within TMS whose employees may view your data as part of their job role.

If you subscribe to our email notifications and/or newsletter your name, company and email address may be stored on the email platform Mailchimp. Mailchimp’s server is in the USA so your name and email address may be stored outside of the EEA.

We do not share your personal information with anyone outside of TMS or its partner organisations to use for their own purposes, except:

  • when we have your permission;
  • to comply with a legal obligation or to perform a public task;  
  • if we are under a duty to disclose or share personal data in order to enforce or apply our terms of use (of our website or any part of it) or terms and conditions of supply of any relevant products or services and other agreements;
  • to protect the rights, property, or safety of TMS, our customers, or others;
  • in order to detect, prevent and help with the prosecution of financial crime;
  • if there are other exceptional circumstances, and we are unable, or it is not appropriate to seek your permission;
  • to archive for statistical or research purposes or in the public interest;
  • in the reason of public interest.
Third party websites

Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.
We cannot ensure the security of your data when it is being transmitted to our website or other digital sites from other pages. All transmission of personal information and other data is done at your own risk.

Cookies

What is a cookie?

A cookie, also known as a browser cookie, is a text file containing small amounts of information which a server may download to your computer hard drive, tablet or mobile device when you visit a website or use an app.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Cookies may be either ‘persistent’ cookies or ‘session’ cookies. A persistent cookie will be stored on the web browser and will remain valid until its set expiry date, unless detected by the user before the expiry date. A session cookie, on the other hand, will expire at the end of the user session when the web browser is closed.

First-party and third-party cookies

Cookies can be set and controlled by the operator of the website which the user is browsing (known as a ‘first-party cookie’) or a third party such as Facebook, for example to display advertisements and social sharing features (known as a ‘third-party cookie’).

Cookies used by TMS

The only cookies in use on the TMS website are for Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so that they can improve it.

Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our website. We then use the information to compile reports to help us improve our website.

Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the website before and what site referred the visitor to the web page.

Google Analytics collects information anonymously. It reports website trends without identifying individual visitors.

How can you control the use of cookies?

You can opt out of Google Analytics without affecting how you visit our website – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.

Sharing of data from cookies

TMS may disclose data collected from third party cookies, such as visitor trends, to third parties, in an anonymous form, for research and statistical purposes, and to help us optimise our websites.

Learn more about cookies

To find out more about cookies in general either search in Google or visit aboutcookies.org or allaboutcookies.org.

A guide to behavioural advertising and online privacy has been produced by the internet advertising industry which can be found at www.youronlinechoices.eu. The guide contains an explanation of the Internet Advertising Bureau's self-regulatory scheme to allow you greater control of the advertising you see.

Marketing information/newsletter subscribers

What personal data do we collect?

When you subscribe to receive marketing information from us we may process the following:

  • your name, company name, email address, postal address and phone number;
  • details of contact we have had with you including records of telephone conversations and emails.
How do we collect your data?

We collect your data when you subscribe to email notifications and/or newsletters via our website.

Why do we process your personal data?

We will use your personal data in order to send you the marketing information you have requested and keep you up-to-date with our news and services. This may include:

  • sending you our e-newsletter;
  • sending you other email or postal communications to update you on our services;
  • contacting you regarding any research surveys.
What is the lawful basis for processing?

In order to send you marketing information that you have subscribed to receive we will be using your consent to do so. You can withdraw your consent at any time by emailing enquiries@trident-ms.co.uk or clicking on the unsubscribe link on the bottom of any of our emails.

Who do we share your data with?

Your data may be shared internally within TMS whose employees may view your data as part of their job role.

If you subscribe to our email notifications and/or newsletter your name, company and email address may be stored on the email platform Mailchimp. Mailchimp’s server is in the USA so your name and email address may be stored outside of the EEA.

We do not share your personal information with anyone outside of TMS or its partner organisations to use for their own purposes, except:

  • when we have your permission;
  • to comply with a legal obligation or to perform a public task;   
  • if we are under a duty to disclose or share personal data in order to enforce or apply our terms of use (of our website or any part of it) or terms and conditions of supply of any relevant products or services and other agreements;
  • to protect the rights, property, or safety of TMS, our customers, or others;
  • in order to detect, prevent and help with the prosecution of financial crime;
  • if there are other exceptional circumstances, and we are unable, or it is not appropriate to seek your permission;
  • to archive for statistical or research purposes or in the public interest;
  • in the reason of public interest.

Marketing information recipients

What personal data do we collect?

We may collect the following personal data:

  • your name, company name, email address, postal address and phone number;
  • details of contact we have had with you including records of telephone conversations and emails.
How do we collect your data?

We may collect this information in a variety of ways. For example, we might collect data when:

  • you give us your details via email, via a telephone call or face-to-face;
  • you fill in your details to book to attend an event or webinar via our website;
  • you are on a mailing list we have purchased from a reputable provider;
Why do we process your personal data?

We will use your personal data in order to send you marketing information we think may be of interest to you. This may include:

  • sending you email or postal communications to update you on our services;
  • contacting you regarding any research surveys.
What is the lawful basis for processing?

In order to send you marketing information we will be using legitimate interests as the lawful basis for processing your data. You can unsubscribe from receiving this information at any time by emailing enquiries@trident-ms.co.uk or clicking on the unsubscribe link on the bottom of any of our emails.

Who do we share your data with?

Your data may be shared internally within TMS whose employees may view your data as part of their job role.

Your name, company and email address may be stored on the email platform Mailchimp. Mailchimp’s server is in the USA so your name and email address may be stored outside of the EEA.

We do not share your personal information with anyone outside of TMS or its partner organisations to use for their own purposes, except:

  • when we have your permission;
  • to comply with a legal obligation or to perform a public task;  
  • if we are under a duty to disclose or share personal data in order to enforce or apply our terms of use (of our website or any part of it) or terms and conditions of supply of any relevant products or services and other agreements;
  • to protect the rights, property, or safety of TMS, our customers, or others;
  • in order to detect, prevent and help with the prosecution of financial crime;
  • if there are other exceptional circumstances, and we are unable, or it is not appropriate to seek your permission;
  • to archive for statistical or research purposes or in the public interest;
  • in the reason of public interest.

Job applicants

What personal data do we collect?

If you are applying for a job with us we may collect the following personal data:

  • personal details such as your name, address, email address and phone numbers;
  • information collected during the recruitment process such as your CV, covering letter  or job application;
  • information about your skills and competencies;
  • information on your education and employment history;
  • your right to work documentation;
  • contact details of your referees;
  • information on any disability or medical condition;
  • equal opportunities information such as race, religion, gender and marital status– this is not mandatory and is not made available to anyone outside of our HR team – it is also saved anonymously, and you cannot be identified by it.

If you have been shortlisted for interview and/or we wish to make a job offer, we may process the following information:

  • proof of your identity;
  • proof of your address;
  • proof of your qualifications;
  • name and contact details of your next of kin;
  • your photograph;
  • your driving licence;
  • a reference from two referees;
  • information about any criminal convictions;
  • identification documents such as passport, driving licence and utility bills.
How do we collect your data?

We may collect your personal data via a variety of means including:

  • you contact us via our website;
  • you contact us by telephone;
  • you email us and send us your information;
  • we are passed your data by a recruitment agency.
Why do we process your personal data?

We may process your data for any of the following reasons:

  • to assess your suitability for a job role;
  • to invite you to interview;
  • to comply with our legal obligations including right to work checks to make an offer of employment to you;
  • to monitor equality in recruitment (this applies to the anonymous equal opportunities form only).
What is the lawful basis for processing?

Our lawful basis for processing your personal data is as indicated below:  

Carrying out checks in relation to your right to work in the UK

Legal obligation

Making reasonable adjustments for disabled employees

Legal obligation

Making recruitment decisions in relation to both initial and subsequent employment EG. Promotion

Our legitimate interests

Making decisions about salary and other benefits

Our legitimate interests

Making decisions about contractual benefits to provide to you

Our legitimate interests

Assessing training needs

Our legitimate interests

Dealing with legal claims made against us

Our legitimate interests

Preventing fraud

Our legitimate interests

 

Special categories of data

Special categories of data are data relating to your:

  • health;
  • sex life;
  • sexual orientation;
  • race;
  • ethnic origin;
  • political opinion;
  • religion;
  • trade union membership;
  • genetic and biometric data.

We carry out processing activities using special category data:

  • for the purposes of equal opportunities monitoring;
  • to determine reasonable adjustments.

Most commonly, we will process special categories of data when the following applies:

  • you have given explicit consent to the processing;
  • we must process the data in order to carry out our legal obligations;
  • we must process data for reasons of substantial public interest;
  • you have already made the data public.

Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment or administer contractual benefits.

Criminal conviction data

We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role. We rely on the lawful basis of our legitimate interests to process this data.

Who do we share your data with?

Your data will be shared internally with our recruitment and HR team, the interviewing staff and, where necessary, support staff.  

We do not share your personal information with anyone outside of TMS and its partner organisations to use for their own purposes, except:

  • when we have your permission;
  • to comply with a legal obligation or to perform a public task  
  • if we are under a duty to disclose or share personal data in order to enforce or apply our terms of use (of our website or any part of it) or terms and conditions of supply of any relevant products or services and other agreements;
  • to protect the rights, property, or safety of TMS, our customers, or others;
  • in order to detect, prevent and help with the prosecution of financial crime;
  • if there are other exceptional circumstances, and we are unable, or it is not appropriate to seek your permission;
  • to archive for statistical or research purposes or in the public interest;
  • in the reason of public interest.
How long we keep your data

If your application is not successful and you if you have provided your consent for us to keep your data on file for future job vacancies, we will keep your data for 12 months once the recruitment process ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.

If your application is not successful and you have not provided your consent for us to keep your data for the purpose of future suitable job vacancies, we will keep your data for three months once the recruitment exercise ends, after which it will be deleted.

If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.

Customers/potential customers

What personal data do we collect?

We may collect and process a range of information about you. This includes:

  • basic details such as name, company, address and contact details;
  • details of contact we have had with you such as referrals and quotes;
  • details of services you have received;
  • information about complaints and incidents;
  • information from customer surveys, competitions and marketing activities;
  • written summaries of calls we receive or make;
  • email communications we receive or make;
  • written minutes of meetings and service reviews;
  • other information we receive from other sources, including from your use of websites and other digital platforms we operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information about you.
How do we collect your data?

We may collect this information in a variety of ways. For example, we might collect data when:

  • you apply for a quote or enquire about our services;
  • you enter into a contract with TMS for the provision of services, and when you use those services;
  • you submit a query to us, for example by email, telephone, social media or the TMS website;
  • you participate in any marketing activity;
  • you complete our customer feedback surveys or research surveys;
  • you leave us your contact details at a promotional event;
  • you subscribe to email notifications and/or newsletters.
Why do we process your personal data?

We use your personal information to provide you with our services, and to improve and extend our services. This may include:

  • responding to your queries, including providing quotes;
  • internal record keeping and administration;
  • responding to requests where we have a legal or regulatory obligation to do so;
  • assessing the type and quality of service you have received and any concerns or complaints you raise, so that these can be properly investigated;
  • using your contact information to send you service-related information;
  • using your contact information to send promotional material about new services, special offers or other information we think you may find interesting (we will only do this with your consent);   
  • using your contact information to give you an opportunity to complete a customer satisfaction survey;
  • using your contact information to conduct and analyse market research;
  • sending statements, invoices and payment reminders to you, and collecting payments from you;
  • sending you non-marketing commercial communications;
  • sending you our email newsletter or notifications if you have requested them.
What is the lawful basis for processing?

We process your information in order to;

  • perform the contract which we have entered into with you or take steps to enter into a contract with you;
  • carry out our legitimate interests (to provide a quality service and to maintain transparent and accurate records).
Who do we share your data with?

Your data will be shared internally with TMS staff in order for them to complete their job role and to carry out our obligations under our contract with you and/or in line with the purposes set out above. This is likely to include the enquiries team, service delivery team, directors, IT and finance staff. Your financial data may also be shared with our bank as necessary where you are making payments to us.

Your contact details may also be shared with our marketing team to ensure you are invited to events or provided with important updates. You can opt out of marketing communications at any time.

We may share your personal information with third parties where required by law (for example to comply with anti-money laundering legislation) and where it is necessary to administer the working relationship with you (as stated above).   

We do not share your personal information with anyone outside of TMS and its partner organisations to use for their own purposes, except:

  • when we have your permission;
  • to comply with a legal obligation or to perform a public task  
  • if we are under a duty to disclose or share personal data in order to enforce or apply our terms of use (of our website or any part of it) or terms and conditions of supply of any relevant products or services and other agreements;
  • to protect the rights, property, or safety of TMS, our customers, or others;
  • in order to detect, prevent and help with the prosecution of financial crime;
  • if there are other exceptional circumstances, and we are unable, or it is not appropriate to seek your permission;
  • to archive for statistical or research purposes or in the public interest;
  • in the reason of public interest.

 

Law relating to this document

General Data Protection Regulation (2016/679 EU)
Data Protection Act 2018
Privacy and Electronic Communications Regulations (PECR)

Contact information

Should you need to, you can contact us via the following routes:

  • In person or by post:
    Trident Medical Services
    3B Olympus House
    Calleva Park
    Aldermaston
    RG7 8SA
  • By telephone:
    Tel: 0118 324 9333
  • By email:
    Email: enquiries@trident-ms.co.uk

Our Data Protection Officer can be contacted via the following routes:

  • By post:
    Trident Medical Services
    3B Olympus House
    Calleva Park
    Aldermaston>
    RG7 8SA
  • By telephone:
    0118 324 9333
  • By email:
    dpo@trident-ms.co.uk

Trident Medical Services is a company registered in England and Wales with number 3017087.

The TMS registered office is Aquis House, 49-51 Blagrave Street, Reading, Berkshire RG1 1PL.

Trident Medical Services is registered with the Information Commissioners Office, registration number Z4946055.

Complaints

If you think we have not complied with our data protection obligations and you wish to complain to the Information Commissioner, you can use the contact details below:

Information Commissioner’s Office
Helpline: 0303 123 1113
www.ico.org.uk/concerns