Privacy Policy

Great Bear Healthcare are an experienced healthcare organisation and among the UK’s leading providers of medical devices. We are committed to making a real difference to our customers’ lives with our range of high-quality products and services.

The Nightingale website is operated by Great Bear Healthcare Limited (Referred as “Nightingale” “Great Bear Healthcare”, “we”, “our”, “us” in this, Privacy Policy)

www.greatbearhealthcare.co.uk

Nightingale is a specialist delivery company for all Intermittent Self Catheter (ISC) and Urology/Continence products. Great Bear Healthcare manufacture Urology products and distribute these in the UK & Ireland

Great Bear Healthcare is a private limited company registered in England and Wales under company number 2503030 and we have our registered office at 3C Robins Drive, Bridgwater, Somerset, TA6 4DL.

We have developed this privacy notice to inform you of the data we collect, what we do with your data, what we do to keep it secure as well as the rights and choices you have over your personal data.

Your personal data may be collected and received by us through several different ways.

1. You contact us and provide the information directly
2. Your healthcare professional contacts us to provide the information on your behalf such as your GP, clinician, or health carer.
3. You contact us in a professional capacity on behalf of a Care Home. (Applies to healthcare professionals only)

Online or by Phone

Whatever your preferred way to contact us we will need to collect the following details:

Title, First Name, Last Name

Email

Telephone, Mobile

Contact preferences for delivery and service updates (Phone, Email, SMS)

GP Surgery (Name and Address)

Date of Birth

Prescription Status (exemptions)

Country of Residence (if living in Scotland)

NHS Number

Electronic Prescription Service Consent

NHS Prescription Prepayment Certificate Number & Expiry Date (PPCs)

Home/Delivery Address

Contact preferences for news and surveys

Online or by Phone

We will need to collect some personal information and work information to register you as a healthcare professional:

Title, First Name, Last Name

Email

Work Telephone, Mobile

Hospital/DN Base Details

Ward (optional)

Patient Consent to become a Dispensing Appliance Contractor

Contact preferences for news and surveys

Online or by Phone

We will need to collect some personal information and work information to register the Care Home:

Title, First Name, Last Name

Email

Work Telephone, Mobile

Care Home Details (Name and Address)

Patient/Care Home Consent to become a Dispensing Appliance Contractor

Contact preferences for news and surveys

In addition to your registration information, we may also collect the following:

Financial Data includes bank name, sort code and account number, payment card details, VAT number.

Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this site.

Profile Data includes any purchases or orders made by you, preferences, condition type, feedback, and survey responses.

Usage Data includes information about how you use our site, products, and services.

Marketing Data includes your preferences in receiving marketing from us and your communication preferences.

Communications data including emails, telephone calls and post which you receive from us or send to us, and your preferences in receiving information and being contacted by us.

Nightingale works as a trusted partner with GPs and nurses nationwide. We are a registered provider to the NHS which means we cover all delivery charges.

Your prescription. Your way. Here’s how it works:

Checking if you have an NHS exemption

We will use the information you provide to tell you if:

• you have a valid exemption certificate
• your exemption certificate expires within the next month
• your exemption certificate entitles you to free NHS prescriptions
• your age entitles you to free NHS prescriptions

In cases where individuals haven't provided their medical exemption status during registration, Nightingale kindly asks that they provide this information later. This contact may occur through various means, including email, SMS (text messages), or phone calls. The purpose of this contact is to obtain the necessary medical exemption information to ensure compliance with The National Health Service (Charges for Drugs and Appliances) Regulations 2015. You can also check if you're entitled to free NHS prescriptions here.

For processing to be lawful under the UK GDPR and Data Protection Act 2018, Great Bear Healthcare is obliged to identify a lawful basis before it can process personal data. The obligation requires Great Bear Healthcare to satisfy a condition under Article 6 and, where special category data (health information) is being processed, also under Article 9.

For Great Bear Healthcare purposes, the following conditions, under Article 6, for lawful processing will apply: 6(1)(b) ‘processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’. There may be occasions when the data subject’s consent will provide the legal basis for the processing of their personal data: 6(1)(a) – Consent of the data subject.

For necessary processing of special categories, e.g., health information, the following condition, under Article 9, will apply: 9(2)(h) ‘Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional’.

Great Bear Healthcare works with the NHS and other health and social care organisations to share information that will form part of your Integrated Care Record. The Integrated Care Record allows health and care professionals involved in your care to view your records to help them understand your needs and make the best decisions with you, and for you.

Our Nurses work together with NHS professionals to deliver drop-in clinics and home visits, advice and guidance on products, clinical education, and training. Following a visit by the Nurse, feedback will be provided to your GP and your referring Nurse.

Our Nurse can provide everything from hands on training to advice and support on a range of day to day issues you need to consider when managing your products.

The Clinical Nursing Service works in conjunction with your referring NHS or independent sector nurse to ensure you get access to the best ongoing care, advice and support with your bladder and bowel management.

OurNurses will undertake an assessment and review for all people referred to the service and then suggest an appropriate plan of care. The care package will be discussed and agreed with you and your referring Nurse.

The Nursing Service will ensure all individuals, their families and carers receive appropriate information and support, so that they are competent and confident in managing their bladder and/or bowel care.

Nightingale makes use of surveys for a variety of functions, including improvement of service provision and regulatory requirements.

Responding to surveys is entirely voluntary.

In the case of customer satisfaction surveys and research, we will primarily use the data for internal purposes. In some cases, we may publish a summary report, but this will not contain any personal data.

In the case of consultations, we will publish a summary of the consultation responses and, in some cases, the responses themselves but these will not contain any personal data.

Please note that if you choose to provide contact details, your survey response will no longer be anonymous. However, your contact details will not be disclosed, and therefore your responses will be reported anonymously, and you will not be identifiable.

We process the information internally for the above stated purpose. We don't intend to share your personal data with any third party. Any specific requests from a third party for us to share your personal data with them will be dealt with in accordance with the provisions of the data protection laws.

We will retain consultation and survey response information until our work on the subject matter of the consultation is complete.

We may also use a third-party processor, to administer surveys on our behalf, and carry out statistical analyses of the survey results in accordance with our instructions. We will always ensure that we have a contract in place with these third-party processors. This means that they cannot do anything with your personal data unless we have instructed them to do it. The third-party processors will not share your personal data with any organisation, except where we authorise them to do so. Third party processors will always have their own privacy policy which they will share with you on request.

Condition Type

To help us offer a more personalised streamlined service, we’re asking our consumers for the medical reason leading them to use the products being supplied by Nightingale.

It’s completely optional whether you provide this information, and we will treat it confidentially; we don’t share this information with 3rd parties and it’s OK if you don’t want to provide this information. It will not affect the service you get from us if you don’t share this information. You can withdraw your Consent at any time.

We may record telephone calls you make to our customer contact centre to:

• check for mistakes
• train staff
• prevent, detect, investigate, and prosecute fraud
• help plan and make improvements to services

We do this in the interests of offering a good service to our customers.

If you object to this, you will need to end the call when you are told that calls may be recorded. Alternative methods of communication are available.

We will delete call recordings up to 6 months after the call was made. This ensures that any subsequent investigations can be completed.

Omni channel call management

We us various functions to allow our customer to interact with us in the best possible way. We do this by using automation and virtual assistance to:

• quickly answer common questions
• providing a virtual voice enabled assistant instead of a fixed options menu
• capturing information from you in advance and presenting this to our staff when they speak to you, reducing call times and confirming information needed to answer your query.
• providing us with call analysis information to help improve the service we provide

If you object to this, you can ask to speak to staff or use an alternative means of contacting us.

As part of our dedication to providing exceptional customer service, we utilise a live chat feature on our website. This feature allows us to offer real-time assistance and support to our customers.

How We Use Live Chat

• Our live chat feature is designed to provide you with immediate assistance, answer your questions, and address any concerns you may have regarding our products or services.
• During a live chat session, we may collect and store information that you voluntarily provide, such as your name, contact information or other personal details relevant to your inquiry. This information is used solely for the purpose of assisting you and improving our customer service.
• We may use data from live chat interactions to analyse trends, identify common customer issues, and enhance our website's usability and content.
• Any information you share during a live chat session is treated with the utmost confidentiality and is subject to the same stringent privacy and data protection policies outlined in this Privacy Notice

When you consent, we will send you marketing communications and news concerning Great Bear Healthcare products, services, events, and other promotions. You can opt-out at any time after you have given your consent.

If you are an existing customer of Nightingale (for example, if you are a service user), we may use the contact details you provided to send you marketing communications about similar Nightingale products or services, where permitted by applicable law (unless you have opted out).

We use various communication channels, including email, SMS text messages, phone calls, and postal mail, to contact you. You have the right to object at any time, and we will always provide a simple way for you to inform us if you prefer not to be contacted.

You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external website privacy notice. These are regularly reviewed and updated to ensure these are accurate and reflect our data processing activities.

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.

If you would like to exercise this right, please contact us as set out below.

If any of the personal information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.

If you would like to exercise this right, please contact us as set out below.

You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.

You can ask us to restrict processing your data, for example where:

• you’re contesting the accuracy of your personal data
• we no longer need to process your personal data, but you want us to keep it for use in legal claims
• you’ve objected to the processing by asking us to stop using your data, but you’re waiting for us to tell you if we have overriding grounds which mean we’re allowed to keep on using it

If you would like to exercise this right, please contact us as set out below.

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Where the right doesn’t apply, we’ll let you know why we can’t action your request.

This right may be applied where:

• personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
• the processing was based on your consent which you withdraw (and there are no other legal grounds for processing that data)
• you exercise your right to object and there are no overriding legitimate grounds for the processing
• there is no lawful reason to retain personal data or if the personal data must be erased to comply with a legal obligation

If you would like to exercise this right, please contact us as set out below.

The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format. It also gives them you the right to request that a controller transmits this data directly to another controller.

If you would like to exercise this right, please contact us as set out below.

We use plugins on our website from social media networks such as Facebook, LinkedIn, and Twitter. You can recognise these plugins by their logos. Our plugins will not collect personal data about you unless you click on these logos. If you click on them, these plugins are activated and automatically transmit data to the plugin provider.

We do not have any influence over which data these providers collect from you. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these providers.

The personal data that we hold about you will be stored in the UK. In limited circumstances may also be transferred to or stored at a destination outside the UK or European Economic Area (EEA).

If we transfer your data to third party service providers based outside the UK or EEA, we ensure a similar degree of protection is provided to the transfer by ensuring at least one of the following safeguards is implemented:

• we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK and/or the European Commission.
• where we use certain service providers, we may use specific contracts (known as Standard Data Protection Clauses) approved by the UK and/or European Commission which give personal data the same protection it has in UK and Europe, as well as any additional security measures as required.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA.

We protect your information in the following ways:

Training

Staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of patient information both on our premises and when out in the community. Staff must undertake annual mandatory training in information governance and data security awareness.

DSP Toolkit

We are required to complete an annual assessment of compliance with Data Protection and Security. Details of the assessments can be found here. https://www.dsptoolkit.nhs.uk/organisationsearch

Access controls

Any member of staff being given access to national systems holding patient information will need a special access card called a smartcard, along with a username and password. Many of our local systems also require smartcard access.

Audit trails

We keep an audit trail in our electronic record systems of anyone who has accessed a health record or added notes to it.

Records Management

All healthcare records are stored confidentially in a secure location.

Caldicott Guardian

There is a designated person named the ‘Caldicott Guardian’ whose responsibility it is to ensure that these laws are upheld.

Our Data Protection Officer is:

The DPO Centre Ltd
50 Liverpool Street
London
EC2M 7PY

Email: DPO@clinisupplies.co.uk

Phone: 0203 797 1289

Website: www.dpocentre.com

ICO

The Information Commissioner's Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as {{ Config::get('app.name', 'Nightingale') }} are available publicly.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

We welcome questions, comments and requests regarding this privacy policy and our processing of personal information. Please send them to the Compliance Manager, Clinisupplies Ltd, 3C Robins Drive, Bridgwater, Somerset, TA6 4DL or email us on privacy@clinisupplies.co.uk.

You can also contact our Data Protection Officer by email: DPO@clinisupplies.co.uk