What we do
Suvera Ltd operates a virtual clinic with health professionals that virtually manage patients with long-term conditions, such as hypertension, diabetes, asthma, COPD, depression and anxiety.
Privacy and information governance are essential to the provision of trusted technology services, particularly in healthcare. At Suvera, we put this at the heart of what we do, not just because of our legal obligations, but because we, our friends and our families are all patients too. We all want to experience high quality healthcare whilst being in control of our data and how it is used.
Typically, we act as a processor on behalf of your GP. This will be when your GP surgery has invited you to use our service, rather than you signing up of your own accord and asking us to share data for you with your GP. When we are a processor of your data, then all data is processed in line with your GP practice’s privacy notice and you should contact them for any queries.
This privacy notice applies to the data that we process when we are a controller of personal data. That will usually be the data of potential and existing employees, suppliers, direct patients, website users and then technical data when you use Suvera.
Being a controller means that we are trusted to look after and deal with your personal information in accordance with this notice. We determine the ways and means of processing your data and must therefore, be accountable for it.
How we process your data
The best way to understand how we process your data is to click on the role that best describes you.
As a data subject you have rights in respect of our processing of your personal data.
- Your right of access - you have the right to ask us for copies of your personal information.
- Your right to rectification - you have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - you have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing - you have the right to object to our processing your information if the legal basis is legitimate interests.
- Your right to data portability - this only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under a contract, or in talks about entering into one, and the processing is automated.
If you want to exercise any of these rights, please just contact us on firstname.lastname@example.org
You also have the right to lodge a complaint about our processing with a supervisory authority — in the UK that is the ICO whose details are here: https://ico.org.uk/make-a-complaint/
Technical and operational security measures
All of our employees are trained in data protection and are aware of their obligations to ensure the privacy of all data subjects.
Our offices have physical security in place, All data is password protected, access controlled by two-factor authentication, backed up securely and encrypted when appropriate. Data privacy by design and default is an integral part of our development processes. We have a range of internal agreements and policies in place for information governance, network security, information handling, remote working, business continuity, confidential information, incident reporting, access control and staff confidentiality. We review these policies at least annually and will update them if a product or business change necessitates.
What happens if our business changes hands?
We may, from time to time, expand or reduce your business and this may involve the sale and/or the transfer of control of all or part of your business. Any personal data that you have provided will, where it is relevant to any part of your business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, depending on the lawful basis, be permitted to use that data only for the same purposes for which it was originally collected by us.
In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes.
Changes to our privacy notice
We may change this privacy notice from time to time (for example, if the law changes). We recommend that you check this page regularly to keep up-to-date.
If we make any material changes to the manner in which we process and use your personal data, we will contact you to let you know about the change.
Data Sharing and Transfers
Like most companies, we use a number of other companies as part of our data processing, for example cloud services and technology services. We have Data Processing Agreements in place with these providers. Where data is transferred outside of the UK and EEA, we ensure that appropriate protection and mechanisms are in place, for example Standard Contractual Clauses. If data is transferred from the UK to the EEA then it is done so on the basis of those countries having a comparable data protection regime to the UK (adequacy).
We do not sell your data to anybody.