Patchwork Privacy Policy

In order to provide our services to you Patchwork needs to process your personal data.  

This policy explains what personal data we process, our purposes for processing, and how to contact us in order to exercise your rights relating to data use & protection.

Policy

This policy is issued by LocumTap Ltd, trading as Patchwork Health (“Patchwork”, “we, “us”, “our”). This privacy policy explains how and why we use the personal information we collect about you whether that is when you use this website, join an online event or engage with us on behalf of a customer organisation or as a clinician in order to use our products or services. It contains information about who we are, and how and, why we collect, store, use, and share your personal data.  It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

Our website and other services are not intended for use by children, and we do not knowingly collect or use personal data relating to children.

Contact Us

Email: help@patchwork.health 

Post: Patchwork Health, Canvas Building, 35 Luke Street, London, EC2A 3LH

We are committed to ensuring that your privacy is protected and you can be assured that when we process your personal data we do so in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and any other relevant legislation.   we will only use your data for the purposes included in this privacy notice.

What information do we process about you?

The personal data we process about you depends on how and why you engage with us. Different scenarios are listed below:

Website User (including attendance at online events such as Webinars)

We may collect and use the following Data about you:

  • Identity Data – full name, title, date of birth.
  • Contact Data – address, email address, and telephone number(s).
  • Technical Data – Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data – your username and password, your interests and preferences.
  • Usage Data – data about how you use our website, products and services, including feedback and survey responses.
  • Marketing and Communications Data – your preferences in receiving marketing from us and your communication preferences.

We need this personal data to provide you with products and services. If you do not provide the personal data we ask for, it may delay or prevent us from providing products and services to you.  

Our lawful basis for processing your personal data via our website will be either:

  • Where you have provided your consent;
  • The processing is necessary for the performance of a contract;
  • The processing is necessary for the purpose of a legitimate interest pursued by ourselves, or a third party (where you have consented to us sharing your data with a third party).

We do not routinely collect and process special categories of personal data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences through our website.

Where we do need to process special category data, we will make sure we are allowed to do and have a lawful basis for the processing for example:

  • We have your explicit consent;
  • The processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
  • The processing is necessary to establish, exercise, or defend legal claims.

We may also collect, use, and share Aggregated Data, for example, to analyse website usage. Aggregated Data may be derived from your personal data but is not considered to be personal data because it does not include information that can directly or indirectly identify you. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

No automated decision-making, including profiling, takes place when you use our website.

Application & Product Services User

We may collect and use the following Data about you:

  • Identity Data – full name, title, date of birth, gender, curriculum vitae, training certifications and documents, National Insurance number.
  • Employment Data – right to work information and confirmation, job title department name, manager’s name, shift start and end times, shift grade, date of shifts completed. 
  • Contact Data – address, personal email address, work email address, personal telephone number, work telephone number.
  • Financial Data – shift rate.
  • Transaction Data – details about shifts worked, time booked, application usage.
  • Technical Data – Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system types, and platform technologies.
  • Profile Data – username and password, interests and preferences, department cost centre.
  • Usage Data – data about how you use our applications, products and services, including feedback and survey responses.
  • Marketing and communications Data – your preferences in receiving marketing from us and your communication preferences.

We need this personal data to provide you with products and services. This includes to register you on a service.

Our lawful basis for processing your personal data via our Application will be either:

  • Where you have provided your consent;
  • The processing is necessary for the performance of a contract;
  • The processing is necessary for the purpose of a legitimate interest pursued by ourselves or a third party (where you have consented to us sharing your data with a third party).

Where we need to process special category data, we will make sure we are allowed to do and have a lawful basis for the processing, for example:

  • We have your explicit consent;
  • The processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment;
  • The processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent; or
  • The processing is necessary to establish, exercise, or defend legal claims.

We may also collect, use, and share Aggregated Data, for example, to analyse customer usage. Aggregated Data may be derived from your personal data but is not considered to be personal data because it does not include information that can directly or indirectly identify you. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature.

No automated decision-making, including profiling, takes place when you use our applications or other product services.

How do we collect information about you?

 

We collect information about you directly, such as when you access our website, register on services, use our services, or contact us (including via our website and in-service forms). This may include asking you to provide training certificates, identity confirmation, right to work etc., so that we can register you to your selected organisation.

We also collect information when you voluntarily complete customer surveys, submit enquires, or provide feedback.

We also collect website and services usage information automatically using cookies and other similar technologies where you have consented to the use of such cookies or similar technologies on our website. This may include technical data about your equipment, browsing actions and patterns. Please see the cookie section below for additional information.

We may also receive personal data about you from various third parties and public sources including those set out below.

How will we use the information about you?

We process your information to provide a product or service to you. Our purposes for processing your data include:

  • To register you on a service;
  • To process work bookings and shifts;
  • To manage your account, including to notify you about changes to our products and services;
  • When you leave a review or participate in a survey;
  • Trouble shooting;
  • Data analytics to improve our website, customer relationships, and experiences and make recommendations about products and services which may be of interest; and
  • To send you marketing materials, and to measure and understand the effectiveness of the marketing and information we send to you.

Who do we share your personal data with?

We routinely share personal data with third parties we use to help provide our products and services to your organisation, for example, but not limited to:

  • Our partner organisations (e.g., various NHS Trusts);
  • Our partners for customer support requests and communucations (e.g., Intercom and Vonage);
  • Our partners for data visualisation (e.g., Amazon Quicksights); and
  • Other appointed external parties (including third party technical service providers, hosting providers, IT companies, and communications agencies), as and if necessary, as data processors by Patchwork; this includes our customer relationship management tools and internal information management systems (an up-to-date list of suppliers and third parties may be requested from Patchwork).

We may occasionally share your data with other third parties, but this will only be where you have consented to this sharing, or where we have another lawful basis. We will also put your privacy first and only share the minimal amount of data necessary and ensure we have appropriate agreements and measures in place to protect your data.

We may disclose your personal data to law enforcement agencies and regulatory bodies where we need to do so according to the law or regulations.

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business and services or during a restructuring. Usually, data will be anonymised, but this may not always be possible. The recipient of the data will be bound by confidentially obligations.

For more information about the third parties that we may share your personal data with please contact us using the contact details set out below.

International Data Transfers

Some of our third-party service providers are located outside of the United Kingdom. Patchwork will neither transfer, process, or permit personal data to be transferred or processed outside the United Kingdom without the conditions provided by all relevant data protection legislation being met. This occurs when one or more of the following conditions have been satisfied:

  • The territory into which the data is to be transferred has been approved by the UK’s Information Commissioner;
  • The territory into which the data is to be transferred is within the European Economic Area;
  • The territory into which the data is to be transferred has an adequacy decision issued by the UK’s Information Commissioner;
  • The transfer is made under the unaltered terms of the standard contractual clauses issued by the UK’s Information Commissioner’s Office and was signed prior to the 21st of September 2022;
  • From 21st of September 2022 contracts use the International Data Transfer Agreement provided by the Information Commissioner’s Office;
  • The transfer is made under the provision of binding corporate rules that have been approved and certified by the UK’s Information Commissioner’s Office; and
  • The transfer is made in accordance with one of the exceptions set out in relevant data protection legislation.

How long will your data be kept?

We will not keep your personal data for longer than we need to for the purposes set out in this policy. Different retention periods apply for different types of personal data.

We will either delete or anonymise your data once it is no longer necessary for the purposes for which it was collected.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

You can request further details of our retention periods by contacting us.

Your rights

You have the following rights, which you can exercise without prejudice at any time, and free of charge:

Access The right to receive a copy of your personal data
To be forgotten The right to ask us to delete your personal data – in certain situations.
Restriction of processing The right to ask us to restrict our processing of your personal data – in certain circumstances, e.g. if you contest the accuracy of the data
Data portability The right to receive the personal data we hold about you in a structured, commonly used and machine-readable format, and/or transmit that data to a third party – in certain situations.
To object The right to object at any time to your personal data being processed for direct marketing (including profiling); and in certain other situations you may also object to our continued processing of your personal data

For further information about any of the rights set out above please contact us, or see the guidance provided by the UK Information Commissioner’s Office (ICO) on individuals’ rights.

If you would like to exercise any of your rights, please:

  • Email, call, or write to us – please see the “How to contact us” section at the end of this policy and on our website;
  • Provide us with enough information to identity you e.g., your full name, address, organisation name, GMC number;
  • Let us have proof of your identity (if requested); and
  • Let us know which data your request relates.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We have a statutory obligation to respond to all legitimate individual rights requests within one month of receipt. Occasionally it could take us longer than one month, but less than three months, if your request is particularly complex, or you have made a number of requests. In this case, we will notify you of this inside of one month and keep you updated as we fulfil your request.

Security

We are committed to ensuring that your information is secure and have suitable physical, organisational, and technical measures to protect your data against accidental loss or unlawful usage or access. 

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Marketing

We would like to send you information about services of ours which may be of interest to you.

We will only send you marketing communications if you have consented to receive them or where our activities are business-to-business marketing. You always have the right to opt out of receiving further promotional communications, and also may opt out at a later data.

You may revoke your consent for processing under the lawful bases of consent at any time. However, please note, we may have certain legal obligations to retain your data after you withdraw consent.

If you no longer wish to be contacted for marketing purposes, please:

  • Contact us at help@patchwork.health; or 
  • Use the unsubscribe function within the footer of any marketing or sales email.

We may ask you to confirm or update your marketing preferences if there are changes in legislation, regulation, or the structure of our business.

Please note that we may also send you other communications in relation to your purchase of products and services or in order to respond to queries you have raised, such communications are service communications and are not considered a form of marketing communications.

Cookies

Cookies are text files placed on your device (e.g. computer, smartphone, or other electronic device) when you use our website or applications or other services, to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity, as well as for targeted advertising purposes.

Among the types of Personal Data that Patchworks applications collect, by themselves or through third parties, there are: Cookies, Usage Data, First Name, Last Name, Phone Number, Company Name, Profession, Country, Email Address, Field of Activity, Device Information, Data communicated while using the service.

Complete details on each type of Personal Data collected by cookies are provided in the dedicated sections of this policy or by specific explanation texts displayed prior to the data collection.

Personal data may be freely provided by the user, or, in the case of Usage Data, collected automatically when using website, applications, or other services.

Unless otherwise specified, all data requested by Patchwork applications is mandatory, and failure to provide this Data may make it impossible for Patchwork applications to provide their services. In cases where it is specifically stated that some data is not mandatory, users are free not to communicate this data without consequence for the availability or functioning of the service.

Users who are uncertain about which personal data is mandatory are welcome to contact us via the email help@patchwork.health, and you will receive a response.

Users are responsible for any third-party personal data obtained, published, or shared through Patchwork applications and confirm that they have the third party’s consent to provide the data to the owner.

Strictly necessary cookies

These cookies are essential for your ability to navigate an application, or use specific secure areas of an application. Without these some services cannot be provided. Because these cookies are strictly necessary, they do not require consent

Website

Cookie Script: Cookie preferences – Remembering of User Cookie preferences

Hub-spot: User visitation Distinguishing between human and automated use of website

LinkedIn: Consent & Analytics Sync Storage of guest cookie preferences and storage of sync with linkedIn analytics cookie

Applications

Rails sessions – Authentication To authenticate users on to the application

Performance Cookies

These cookies collect information about how an application is used. This includes pages that are visited most often, storing of information between visits, to indicate where a user has come from, or if an email has been opened

Additionally, some performance cookies are analytics cookies that have been set up using third-party analytics software. We use Google Analytics and HotJar to help us do this. These cookies also provide aggregated, non-personally identifiable statistical data based on certain interest categories.

Website

Hubspot: Website Analytics – Provision of website performance analytics

Intercom: Helpdesk – Provision of helpdesk services performance monitoring

Application
HotJar analytics – Provision of application analytics

Google analytics – Provision of application analytics

Functionality cookies

Functionality cookies allow an application to remember personalisation choices and provide enhanced functionality. They may also be used to provide services you have asked for such as watching a video or asking for a live chat.

Website

Hubspot: User Authentication – To provide persistent user authentication services

LinkedIn: Language preferences – To provide language preferences

Application

Remember Hub user token & session – To provide session continuation

Intercom session identification – To provide session continuation for intercom services

Targeting or advertising cookies

Targeting or adverting cookies are used to deliver targeted services, or personalisation in advertising. They are also used to measure the effectiveness of advertising campaigns and to limit how often you see any particular advert.

Website

Doubleclick: Browser cookie support & website user – Monitoring of browser cookie support & website use by visitors

LinkedIn: Content sharing – Sharing of website content via social media

Meta: Content sharing – Sharing of website content via social media

Adsense: Advertising effectiveness – Monitoring of advertising efficiency

Third-party links and social networks

If you click on a hyperlink from within any of Patchwork’s applications to any third-party websites (for example sharing content over social networks), you may be sent cookies from these third-party websites.

Third-party websites have their own privacy and cookie policies which Patchwork cannot control. Please check the third-party websites for more information about their cookies and how to manage them.

Other websites

Our websites or applications may contain links to other websites. We do not control these third-party websites and are not responsible for their privacy statements. This privacy policy only applies to Patchwork’s website and Patchwork applications.

Changes to our privacy policy

We keep our privacy policy under regular review, and we will place any updates on this web page. This privacy policy was last updated 14.08.2023. 

How to complain

Please contact us if you have any queries or concerns about our use of your data. We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with the Information Commissioner or any relevant data protection supervisory authority. The Information Commissioner may be contacted at:https://ico.org.uk/make-a-complaint or via telephone on 0303 123 1113. 

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you using the contact details set out below: 

Email – help@patchwork.health 

Post- Patchwork Health, 35 Luke Street, London, EC2A 3LH

 

It looks like you're using an outdated browser. Please upgrade your browser for the best experience.