If you have entered into a contract with us to provide services to your patients then the only personal information we will hold are your contact details, name of the practise where you work, and your signature if it was you that signed the contract with us. We will also have a correspondence between us, but this is unlikely to contain personal data; only commercial. We also use your email address to keep you up to date with any news about Suvera that we think is relevant. You can opt out of these emails at any time.
Our lawful basis for processing this data is the fulfilment of a contract with you or legitimate interest for using the data for marketing emails.
We retain your data for the length of our contact and then 7 years in case of any legal disputes (which we hope there aren’t any!)
If you are a GP that has not signed a contract with us, but we believe may be interested in our services then we will likely hold your contact details with a view to introducing our services to you. We would have gathered this information from external sources such as NHS websites and Wilmington Healthcare. We will abide by our obligations of the GDPR to inform you that we have this data, ideally within 30 days of receiving it, and let you know why we will be processing the data and to give you the chance to opt out of communications with us.
Our lawful basis for processing is legitimate interest (we believe that you will be interested in our service and we need to be able to communicate with GPs to grow our business). When we email, we do so under the ICO guidance on direct marketing and PECR regulations; where we are able to send relevant marketing emails to businesses as long as we give you the chance to opt out at any time. A link to unsubscribe will be available in every email we send.
We retain this data for these purposes until you unsubscribe (in which case we will move you to a suppression list so we don’t accidently contact you again), or if you have not expressed an interest in our product after an interaction between us.
Data Sharing and transfers
Like most companies, we use a number of other companies as part of our data processing, for example cloud services and technology services. We have data processing agreements in place with these providers. Where data is transferred outside of the EEA, we ensure that appropriate protection and mechanisms are in place, for example standard contractual clauses. If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).
We do not sell your data to anybody.