How digitally mature is your NHS digital frontdoor? | Take the free assessment
📢 New from Silicon Practice - Patient Digital Assistant, Referral Flow & Online Booking. Read our latest newsletter.
đź’ˇ Cancer care technology in action - join our Healthcare and Digital Transformation webinar.

Schappit Privacy Notice

Our contact details

ICO – Registration Number ZA074234

Name: Schappit Ltd

Address: Schappit Ltd, Unit 26 Oak Business Centre, 79-93 Ratcliffe Rd, Sileby, Leicester, LE12 7PU

Phone Number: 01793 710500

E-mail: gdpr@siliconpractice.co.uk

For all enquiries regarding data protection please address your correspondence to our Risk and Compliance Officer (gdpr@siliconpractice.co.uk) who will liaise with our Data Protection Officer as needed.

Important Information

This notice is provided for visitors to our website, potential customers, current customers, suppliers, and any other persons whose information is processed by Schappit as a data controller. This notice explains how and why we collect and process your personal data.

In addition, privacy information is provided to Schappit staff via an Internal Privacy Notice and to job applicants via the Job Applicant Privacy Notice which is accessed via the Schappit Website.

The provision of privacy information is primarily the responsibility of data controllers. Patients of our customers should refer to the privacy notice on their Practice’s website. They may also find the information within our Data Protection Agreement which details how we comply with data protection requirements when delivering our services to Practices.

Leaving our site

Our website may contain links to other websites of interest. We do regular audits to ensure the sites we link to meet our privacy requirements along with conducting checks to ensure security of these websites, but we cannot guarantee their content or security, as we don’t have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.

What types of information do we collect and process?

We currently collect and process the following information:

  • Personal identifiers – first name, surname, title, contact address, email address, telephone number
  • Transactional data – invoicing information, order forms and other information relating to products/services you have purchased from us and correspondence relevant to the delivery of a contract
  • Technical Data – IP address

For patients accessing using NHS Login:

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS login’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately

You can access FootFall on the NHS App using your NHS login details.

If you sign in using NHS login, we will ask your permission to share your NHS login information with our service. This allows us to fill in some personal details for you, such as your name, date of birth and contact details.

We will not use your NHS login information for any other purposes. You can only share your NHS login information if you have proved your identity to NHS login.

You can choose not to share your NHS login information with FootFall but you will need to enter your information yourself whilst using our service.

For more information, see the NHS login privacy notice and terms and conditions.

 

How do we collect the information and why do we have it?

All the information we process is provided to us directly by you for one of the following reasons:

  • So that you can make a general enquiry
  • So that you can request more information about our products/services
  • So that you can enter into a contract with us for our products/services

Under the UK General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes
  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • The processing is necessary for compliance with a legal obligation to which the controller is subject

 

 

What do we do with the information we have?

We use the information you have given us to:

  • Respond to a general enquiry that you have made
  • Respond to a request for more information about our products/services
  • Enter into a contract with you
  • Fulfil our contractual and/or legal obligations

We may share your personal data with the following third parties to support the performance of a contract or to fulfil a legal obligation:

  • Professional advisors acting a sub-processors or controllers e.g. lawyers, accountants
  • Government agencies such as HMRC
  • Service providers acting as sub-processors that provide IT and admin support e.g. Google Drive, Atlassian, Amazon Web Services

These third parties are subject to the same data protection requirements as Schappit and as part of our duty to you we regularly review our terms and conditions with third parties to ensure ongoing compliance.

 

How do we store your information?

Your information is securely stored within our CRM System, Zoho CRM, our Microsoft Email, OneDrive, and Google Drive. Customer invoices are securely stored within Zoho Books and Helpdesk correspondence is securely stored within a system called Zoho Desk and Zoho CRM.

We retain personal information only for as long as necessary to fulfil the purposes that we collected it for. Once we have entered into a contract with a customer, we will retain all information relevant to that contract, including invoicing records and identifiable data for a period of six years from the end of the year to which it relates, in line with legal requirements. Once the retention period has expired your information will be deleted from our systems and any paper records physically destroyed using confidential shredding.

We backup all our data for a period of 90 days. Backup data is encrypted and stored off site in a secure UK data centre before being automatically destroyed.

Your data protection rights

Under data protection law, you have rights including:

Your right of access– You have the right to ask for copies of your personal information

Your right to rectification– You have the right to ask to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is complete

Your right to erasure– You have the right to ask us to erase your personal information in certain circumstances

Your right to restriction of processing– You have the right to ask us to restrict the processing of your information in certain circumstances

Your right to object to processing– You have the right to object to the processing of your personal data in certain circumstances

Your right to data portability– You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. This covers data that is processed by automated means (paper documents are not included)

You are not required to pay any charge for exercising your rights. However, we can charge you a “reasonable fee” for the administrative costs of complying with your request if:

  • it is manifestly unfounded or excessive; or
  • you request further copies of your data following an initial request.

If you make a request, we have within one month to respond to you. If the request is complex or you have submitted a number of requests, we may inform you that we have extended this time period up to a maximum of a further two months.

If you wish to make a request, please contact us at:

Risk and Compliance Manager

Address: Schappit Ltd, Unit 26, Oak Business Centre, 79-93 Ratcliffe Rd, Sileby, Leicester, LE12 7PU

Phone Number: 01793 710500

E-mail: gdpr@siliconpractice.co.uk

How to complain

We encourage you to bring concerns to our attention if you think that our collection or use of information is unfair, unlawful, or misleading. If you wish to make a complaint, please contact us in the first instance using the contact details referred to above.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address is:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire,SK9 5AF

Helpline number: 0303 123 1113

Review and monitoring

We regularly review and, where necessary, update this notice. As a minimum this notice is reviewed annually.

If we plan to use personal data for a new purpose, we will update our privacy information, communicate the changes to affected individuals and where necessary identify a new legal basis for processing before the new purpose is pursued.

 v1.4