“Data Controller”means the person who or organisation which determines the purposes for which, and the manner in which, any Personal Data is processed, who/which makes independent decisions in relation to the Personal Data and/or who/which otherwise controls that Personal Data;
“Data Processor”means the person who processes Personal Data on behalf of the Data Controller;
“Data Subject”means a natural person whose Personal Data is processed by a Data Controller or Data Processor;
“Clients’ Data”means Personal Data of Clients, including clinical notes and assessments;
“Service”means all or any of the services provided through this website (and “Services” shall be construed accordingly);
“Sub-Processor”means any person or entity appointed by or on behalf of the Data Processor to process Personal Data on behalf of the Data Controller;
“We”, “Our”or “Global Response Aid”means the compan. Below you can find out more about how we collect and process your Personal Data in connection with your use of the Global Response Aid website and for marketing purposes.
- Who is responsible for your Personal Data?
- Where Global Response Aid acts as the Data Controller
- What Personal Data do we collect?
- For Clients
If you are a Client using our website we may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
- Identity Data includes first name, last name, username or similar identifier, title, date of birth.
- Contact Data includes billing address, delivery address, email address and telephone numbers, next of kin address, phone, email, medical care giver.
- Financial Data includes payment card details processed through Stripe.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services.
We may process some special categories of Personal Data about you via third parties (for example, where a Professional gathers details about health and Biometric Data in order to comply with medicolegal documentation obligations) where the third parties act as Data Controllers. Where this happens it is the duty of the Data Controller to inform you and a higher standard of protective measures will apply.
- How do we collect your Personal Data?
Direct interactions. You may give us your Identity and Contact Data by filling in forms on our website or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
- make an enquiry with regard to our services;
- request marketing to be sent to you; or
- give us some feedback.
- Personal information we collect indirectly. We indirectly collect Personal Data when Professionals use the Global Response Aid website to record data about a Client. This may include for instance Identity, Contact or Transaction Data as well as special categories of Personal Data (as listed above)/information about your health.
- Third parties or publicly available sources. We may receive Personal Data about you from various third parties and public sources as set out below:
- Contact, Financial and Transaction Data from providers of technical and payment services such as Stripe.
- Identity, Usage and Contact Data from peer to peer video consultation infrastructure providers.
- Identity and Contact Data from SMS infrastructure providers.
- Identity and Contact Data from publicly availably sources such as Companies Registration Office and the Electoral Register.
- For what purposes do we process your Personal Data and what is our legal basis?
We have set out below the categories of date required and a description of all the ways we plan to use your Personal Data, and which of the legal bases we rely on to do so. In order to arrange consultations between Clients and Professionals, which includes the management of consultation bookings, electronic records, billing/invoicing and payments we will need to
(d) Marketing and Communications
- Do we share your Personal Data with anyone else?
We may share your Personal Data with the following parties in connection with our processing of your Personal Data:
- Third Party/Reason for sharing data
- SparkpostThe service provider allows us to service Professionals with email communications
- MailchimpThe service provider allows us to send you email communications and alerts us if you request to be removed from our mailing lists.
- AmazonHosts our cloud storage system.
We store our document management system and backups on the cloud and so your personal details will be stored on our secure cloud storage system. Personal Data of the Clients and Professionals will be shared between the Clients and Professionals as necessary to facilitate the setting up of consultations.
- StripeProvides our payments services.
- OpenTokProvides us with peer to peer video consultation infrastructure.
- TwilloProvides us with SMS infrastructure.
This agreement requires third parties to have appropriate security systems in place and only to use your Personal Data on our instructions and in accordance with data protection law. In rare circumstances, we may be obliged to disclose Personal Data if disclosure is required to comply with the law.
- Keeping your Personal Data secure
We take appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data. We limit access to your Personal Data to those employees, agents and other third parties who are required to have access to your Personal Data and where they have agreed that they are subject to a duty of confidentiality. We have put in place procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction. We have procedures in place to deal with actual and suspected data breaches which include an obligation on us to notify the supervisory authority and/or you, the Data Subject, where legally required to do so.