Phoenix Private Ambulance Service is the trading name of Castlebrand Ltd, a company registered in England and Wales (referred to as “Phoenix”, “we” or “us” in this policy).
Maintaining the security of your data is a priority at Phoenix, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. Phoenix is also dedicated to being transparent about what data we collect about you and how we use it.
This policy provides you with information about:
- how we use your data;
- what personal data we collect;
- how we ensure your privacy is maintained; and
- your legal rights relating to your personal data.
2. How we use your data
For customers and for organisations which enquire about and/or commission our services, Phoenix may use supplied personal data:
- to provide non-emergency transport services to you;
- to manage any account that you hold with us;
- to verify your identity;
- for crime and fraud prevention, detection and related purposes;
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
For employees and prospective employees, Phoenix may use supplied personal data:
- for determining the suitability and right of someone to be an employee of Phoenix
- for managing an employee’s employment, including but not limited to payroll and other HR matters
- for the purposes of performing or exercising obligations or rights of the employer or employee under employment law, such as not to discriminate against an employee or dismiss them unfairly;
- for establishing, exercising or defending legal claims; or
- for the assessment of an employee’s working capacity, subject to confidentiality safeguards.
3. Sharing data with third parties
Our service providers and suppliers
In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include other medical-related service providers. Phoenix only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls, which mean they can only use your data to provide relevant services to Phoenix and to you, and for no other purposes.
Other third parties
Aside from those service providers, Phoenix will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes. We may share your data with governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:
- to comply with our legal obligations;
- to exercise our legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders; and
- for the protection of our employees and customers.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
4. What personal data do we collect?
Phoenix may collect the following information about you:
- your name, age/date of birth and gender;
- your contact details: postal address, telephone numbers (including mobile number) and e-mail address;
- your medical issues that are relevant to the service which we are requested to provide
- services enquired about and contracted by you;
- when you make a purchase, your payment card details (if payment is made this way) but only for the purposes of that single transaction after which those details are securely destroyed;
- (for employees of Phoenix only) bank account details, national insurance number, driving licence record, information to enable a DBS check to be carried out
- your communication and marketing preferences;
- your correspondence and communications with Phoenix; and
- other publicly available personal data.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you send us an email. Other personal data is collected indirectly, for example from third parties who have your consent to pass your details to us, or from publicly available sources.
Phoenix is committed to keeping your personal data safe and secure. Our security measures include access strictly limited to relevant staff, password protection where necessary, secure destruction of data as soon as it is no longer required, internal policies setting out our data security approach, and training for employees.
5. Your rights
You have the following rights:
- the right to ask what personal data that we hold about you at any time, subject to a fee specified by law (currently £10);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge; and
- the right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
Phoenix collects and uses personal data because is it necessary for:
- the pursuit of our legitimate interests (as set out below);
- the purposes of complying with our duties and exercising our rights under a contract for the sale of services to a customer; or
- compliance with our legal obligations.
You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Our legitimate interests
The normal legal basis for processing your data is that it is necessary for the legitimate interests of Phoenix, including:
- selling and supplying services to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our services;
- improving existing services and developing new services;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- protecting Phoenix, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Phoenix;
- effectively handling any legal claims or regulatory enforcement actions taken against Phoenix; and
- fulfilling our duties to our customers, employees, shareholders and other stakeholders.
6. Contact information
If you have any questions about how Phoenix uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:
- telephone us on 01926 403359;
- e-mail us at firstname.lastname@example.org or
- write to us at Phoenix Private Ambulance Service, 26 Dodd Avenue, Warwick CV34 6QS
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
This policy was last updated in April 2018.