The site “PHBChoices” is an e-Marketplace which has been provided as a vehicle for you to spend your personal health budget (PHB) funds allocated for your care. This document relates to your personal data processed within this site.
Your Clinical Commissioning Groups (“CCG”, "We") and are committed to protecting and respecting your privacy and maintaining the confidentiality, integrity and security of the information we hold about you.
The types of personal data that we may be required to handle include information about current, previous and prospective suppliers and customers and others that we communicate with. The personal data, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in Data Protection legislation and other regulations.
As part of our compliance with legislation, this policy and any other documents referred to in it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will manage it. By visiting www.phbchoices.co.uk you are accepting and consenting to the practices described in this policy.
For the purpose of legislation, the data controller is your clinical commissioning group. NHS Shared Business Services Limited are acting as a data processor on our behalf.
We may collect and process the following data about you:
The information detailed above is collected for a number of reasons as outlined below:
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with our Data Protection Policy.
All information you provide to us is stored securely in accordance with the Data legislation and ISO 27001. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will use all fair and reasonable endeavours to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will use information held about you in the following ways:
We will only contact you by electronic means (e-mail) on matters related to your personal health budget and purchases made within the site.
Some of the information held about you will also be used by:
Your allocated personal health budget will not be visible to the suppliers. However, if you choose to register a credit or debit card on the system to make purchases from a supplier outside your personal health budget for your own personal use the supplier will have access to partial card details.
Information provided will be shared as appropriate by us, NHS SBS, cloudBuy and suppliers within the PHBChoices e-Marketplace for the following purposes:
We may share your expenditure via the PHBChoices e-Marketplace for health care purposes and for your benefit with other organisations such as NHS Trusts, General Practitioners, etc. We may also need to share information with other non-NHS organisations, from which you are receiving care, such as your local authority (council) and other providers from which they commission services. No health information will be disclosed without your explicit consent unless there are exceptional circumstances such as when the health or safety of others is at risk or where the law requires it or to carry out a statutory function.
We may be asked to share basic information about you, such as your name and address but which does not include sensitive information. This would normally be to assist us to carry out their statutory duties. In these circumstances, where it is not practical to obtain your explicit consent, this Fair Processing Notice provides notification that this may happen.
Data Sharing Agreement - This more detailed document which spells out how the organisations involved will operate the approach to data sharing. Agreements will be produced where organisations specifically identify a purpose to share data across organisational boundaries. The agreement should state whether partners are obliged to, or are merely enabled to, share data.
We may also disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by contacting us at email@example.com.
Our site may, from time to time, contain links to and from the websites of our own or partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Data Protection legislation gives you the right to access information held about you. Your right of access can be exercised in accordance with the legislation. Any access request may be subject to timescales as listed in the legislation, and to which we shall abide in providing you with details of the information we hold about you. Please see contact details below.
Any changes we may make to our fair process notification in the future will be posted on this page.