Who we are and what we do:
CLEO Systems, we are a subsidiary of IC24, the only UK urgent care provider to have developed a suite of digital solutions. We use our privileged access to in-house clinicians and administrators to make sure that our solutions are uniquely intuitive and simple to use – to meet our mission of providing CLinical Excellence Online (CLEO).
We take our responsibilities under data protection legislation seriously and understand just how fundamental it is to your business to ensure your personal data is safe and secure. Like our digital solutions our knowledge of the best way to safeguard personal data comes from our years of experience within the healthcare setting handling the most sensitive of personal data in a high pressured and fast environment.
We understand the need for privacy by design, the pressures of meeting the Data Security and Protection Standards as well as ISO standards and our policy is written with this in mind.
Please note that we will update or modify the notice to ensure that it accurately reflects all our processes and so you may wish to refer to this policy regularly.
Our legal bases for processing personal data under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018) are:
CLEO Systems is a Data Controller of personal data we collect from visitors to our website, for website improvement and statistics, that is collected for business activities such as sales and marketing. We are also the Data Controller for data we collect about our existing customers, marketing leads and prospective customers in the course of our marketing activities.
We are the Data Controller of data we collect through lead generation by our marketing team and via third part data providers. We do send marketing communication to customers or prospective customers, we do this based on their consent or our legitimate interest. We include information on all our marketing communications on how to change marketing preferences and opt-out if required.
Where CLEO Systems is a Data Processor we will process all Customer Data strictly on behalf of our customers in accordance with our contractual agreements with them and/or as required or permitted by law.
CLEO Systems is a Data Processor to customers who have purchased products and/ or services and therefore collect, store, use, maintain and retain data for them and/ or their end-users for the performance of the contract in place.
CLEO Systems is a Data Processor in relation to providing any solutions via a cloud environment in order to deliver the service requested.
How and why we use your data
We do not collect or capture sensitive personal data via the website or would request such as credit or debit card numbers, personal financial account information, Social Security numbers, passport numbers, driver’s license numbers or similar identifiers, or employment, financial or health information.
CLEO Systems will use contact details of existing customer, marketing leads and prospective customers to send information of new products, new services, offers, events and product upgrades that they might find useful.
We will send the information and direct marketing where we have a legitimate interest to do so or consent based on an opt-in.
Where personal data is collected for marketing purposes, CLEO Systems use a CRM solution that is hosted on Amazon Web services. Customer and prospective customer data are securely stored with restricted access. This system ensures that we comply with our obligations under the Data Protection legislations in relation to marketing activities.
CLEO Systems store personal data for the period set out in our contracts if you are a customer. However, if you choose to opt-out of communications, we will remove your details from our marketing database. Any leads or prospective customers where data has been shared with us by a third party or through lead generation, it will be processed and stored for one year. If you have opted – in to receiving information and marketing communication from us, we will store and process your data as long as you do not opt-out.
Contacting the offices:
All calls to and from our offices are recorded for training and quality monitoring purposes.
Data Transfer outside EEA
We use the CRM solution for marketing purposes that stores minimal personal data and your marketing preferences that is held outside of the EEA. We have sought assurances that they have legal and Operational controls for processing this personal data outside of the EU in order to provide us with this service.
Where we use third-party applications or cloud based service providers located outside EEA. In all such instances, we ensure that there are appropriate safeguards in place in line with the data protection legislation.
Information security is an integral part of our business. We have a risk framework in place for protecting data assets this is based on:
- ISO 27001
- NHS DSP Toolkit
- Cyber Essentials
All staff are trained annually on Information Governance and Cyber security and have to adhere to the policies that are in place.
Due to our extensive experience in handling personal and sensitive personal data we are aware of the Common Law Duty of Confidentiality. Therefore, data provided in confidence will only be used for the purposes described within this policy and our contractual agreements. All staff are trained to adhere to these standards also.
For further information see our Security Policy.
Your individual rights
The following will explain your rights over your data with CLEO Systems.
- The right to be informed;
You have a right to be informed about the collection and use of your data. This notice is one of the ways that we are informing you but if at any time you wish to have further details on the categories of data we’re processing or the purposes for a specific instance then you have a right to ask for this.
- The right of access;
You have the right to obtain confirmation that we are processing your personal data and a copy of that data.
This includes the right to ask for supplementary information about the third parties it is shared with, the parties we have collected it from, if any and how long it is stored for.
We will provide you with the information within one month of your request.
If you want to access your records, you should make a written request to the Data Protection Officer:
Integrated Care 24,
Kingston House, The Long Barrow,
Orbital Park, Ashford,
Kent, TN24 0GP
- You can change your mind about your choice at any time
Marketing preferences can be changed by contacting the DPO or via any of the unsubscribe links that are sent within every communication.
- The right to rectification
You have a right to have inaccurate personal data rectified or completed if it is incomplete. You can make a request verbally or in writing and we will respond to you within a month.
- The right to erasure;
You have a right to have personal data erased, you can make a request and we will advise accordingly.
- The right to restrict processing;
You have the right to request the restriction or suppression of your personal data.
- The right to data portability;
You have a right to have your data transferred to another service, as we do not currently use online portals we do not have information we can transfer to another service.
- The right to object;
You have the right to object to the processing of your personal data in certain circumstances. We will adhere to this in circumstances where we do not believe we have a compelling reason for doing so.
You can make an objection verbally or in writing and we have one calendar month to respond to an objection.
You have the right to lodge a complaint regarding your use of your data
Please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline 0303 123 1113or directed on their website at www.ico.org.uk or via post:
Information Commissioner's Office
Last updated: September 2020