This Policy explains how Atos Medical UK, Company Registration Number: 04206141 processes your personal data, and what we do to protect your data and respect your right to privacy in the best possible way.
We get your personal information through communications and interactions with you, from healthcare professionals and healthcare organizations, employees, and from other sources.
We continuously assess whether your rights risk being impacted negatively by our data processing activities. We pay particular attention to the risk of discrimination, identity theft or fraud, financial loss, damage to reputation, or to the confidentiality of your data. When we need to process your sensitive personal data, we always carry out a thorough data protection impact assessment to uncover high risks for your rights and freedoms. We conduct the impact assessment prior to processing your personal data.
Atos Medical AB serves as the data controller and complies with legal regulations on personal data protection. If you need information about the data processing in Atos Medical you are welcome to contact us:
Address: Atos Medical UK, att.: Data Protection Officer, Cartwright House Tottle Road, Riverside Business Park, Nottingham NG2 1RT
Phone number: +44 (0) 1157 841 899
We inform you about the processing of your data and the purposes of the processing at the time you provide the data to us. If data comes from third parties, including suppliers, public authorities, healthcare professionals, or business partners, we will inform you within 10 days after receiving your personal data. We will also inform you about the purpose of the processing for which the data is collected, as well as the legal basis for collecting your data.
The types of data we process include:
In some cases, we may need to combine your personal data with data obtained from other parties, for example from hospitals and health care professionals.
We collect and store your personal data for legitimate business purposes or other specific, lawful purposes when we need to:
We only process data that are relevant, adequate and necessary to fulfill the specific purposes defined above. Prior to processing your personal data, we assess whether we can limit the amount of data collected and whether certain types of data can be anonymized or pseudonymized.
We monitor and update your data continuously to ensure accuracy of the data. Our services depend upon the accuracy of your data and we therefore ask you to inform us about relevant changes in your personal data. To inform us about changes in your data, please refer to the contact information above or contact your local Atos Medical representative. To ensure data quality, we have internal procedures on how we monitor and store your personal data.
We comply with legislation setting up minimum or maximum requirements to storage of data. Where statutory requirements do not apply, we delete your personal data when it is no longer necessary for the purposes, for which we originally collected, processed and stored your data. We thus delete all data about you eight years after your last engagement with us.
We obtain your informed consent prior to processing personal data for the purposes described above or inform you about the legal basis for, and our legitimate interest in, processing your data.
Consent is voluntary, and you have the right to withdraw your consent at any time. To receive further information, or to withdraw your consent, please use the above-mentioned contact information or contact your local Atos Medical representative. If we wish to process your data for a purpose other than the one for which data was obtained, we will provide you with information on the new purpose and ask for your consent prior to any further processing. When our products or services demand the processing of personal data of a child, we will request informed consent from the child’s parents or legal guardian. We will make an effort to verify that a parent with custody of the child gave consent.
The processing of your data for specific purposes may have been determined by law. In that case legislation serves as the legal basis for processing your data. The type and amount of processed personal data may also be necessary to fulfill a contract or another legal obligation. In other situations our legitimate business interest in processing your data serves as the legal basis for our processing activities.
If the legal basis for processing changes, we will inform you.
We may share your data with third parties, including business partners, distributors, health care professionals, hospitals and national healthcare services, if it is necessary for providing you with our product and services, and fulfill legal requirements in your country.
In some situations we have a legal obligation to disclose your personal data to public authorities or insurance companies.
We will only share your personal data with third parties for marketing purposes , if we have your consent and have provided you with information on the planned use of your data. You may, at any time, object to this type of data sharing or withdraw your consent.
Atos Medical provides products and services to customers in many countries across the world. As part of our digitized communication within the Atos Medical Group, and with our suppliers and business partners, your personal data are transferred to third countries, including countries outside the EU. When transferring data to partners in third countries outside the EU, we will ensure an adequate level of data protection with the recipients in line with the standards of this policy and in compliance with legal regulation. We require our business partners to set up safeguards concerning data processing, data security and the responsibility to respect your rights.
We have data security processes in place, including guidance and measures to protect your data from destruction, loss or alteration, as well as from unauthorized disclosure or unauthorized access. We maintain procedures on access rights to data for our authorized personnel, who process personal data. We monitor their actual access through logging and controls. We continuously backup our data to prevent data loss and apply encryption technologies to protect the confidentiality and authenticity of your data.
In case of a security breach, which is likely to expose you to a high risk of discrimination, identity theft, financial loss, damage to reputation, or any other significant disadvantage, we will notify you about the data breach without undue delay.
You have the right to obtain information regarding the type of data that we process about you, the data source, and the purposes of the processing. The right to access includes information about the envisaged period for which we plan to store your data as well as to whom your data will be transferred to in Europe and abroad. If you believe that the data we process about you is inaccurate, you have the right to rectification. You should contact us and inform us about the inaccuracies and how to rectify them. You also have the right to object to the processing of your personal data and may object to the sharing and processing of your data for marketing purposes. To object, please use the before-mentioned contact information. If your objection is legitimate, we will no longer process your personal data. If you wish to claim your right to data portability, you will receive your personal data in a standard and commonly used format. The data covered by the right to data portability are data you have made available to us, and data we have obtained from other sources with your consent. Upon your request for access to data, rectification or erasure of data, or objection to the processing of your personal data, we will examine whether it is possible to comply with your request. Subsequently, we will respond to your request, without undue delay, and at the latest within one month after receiving your request. Please refer to the before-mentioned contact information if you want to use your data rights.
If you experience incorrect or unlawful data processing with Atos, you may contact us using the contact details above. You always have the right to complain to the UK ICO, e.g. if you are not happy with the result of your complaint or if you are not happy with the way we handle your complaint. You contact the ICO by visiting https://ico.org.uk/global/contact-us/.