privacy policy

PRIVACY NOTICE - HOW WE USE YOUR INFORMATION

Taurus Healthcare understand how important it is to keep your personal information safe and secure, and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way, and we review this regularly. We have robust policies and procedures in place including a Data Protection Policy. We have also adopted a ‘privacy by design’ approach and this helps to ensure that we consider the privacy implications of our systems and services

Please read this Privacy Notice carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.

The UK General Data Protection Regulation (UKGDPR) and the Data Protection Act 2018 (DPA 2018) became law on 25th May 2018 and 1^st January 2021 when the UK exited the EU. The UKGDPR is a regulation on the protection of confidential and sensitive (special) information, the DPA 2018 deals with elements of UK law that differ from the European Regulation, both came into force in the UK on the 25th May 2018, repealing the previous Data Protection Act (1998).

For the purpose of applicable data protection legislation (including but not limited to the UK General Data Protection Regulation (Regulation (EU) 2016/679) (the "UKGDPR"), and the Data Protection Act 2018 Taurus Healthcare, are responsible for your personal data.

As a result, we have published this privacy notice to make it easier for you to find out how the Training Hub uses and protects your information.

WHAT IS A PRIVACY NOTICE?

A Privacy Notice (or ‘Fair Processing Notice’) is an explanation of what information we collect, and how it is used. Being transparent and providing clear information to individuals about how an organisation uses their personal data is an essential requirement of the UK General Data Protection Regulations (UKGDPR).

Under the UKGDPR, the organisation must process personal data in a fair and lawful manner and applies to everything that is done with an individual’s personal information. In practice, this means that the organisation must:

have legitimate reasons for the use or collection of personal data
not use the data in a way that may cause adverse effects on the individuals (e.g., improper sharing of their information with 3^rd parties)
be transparent about how you the data will be used, and give appropriate privacy notices when collecting their personal data
handle personal data only as reasonably expected to do so
make no unlawful use of the collected data

WHY ARE WE PROVIDING THIS PRIVACY NOTICE?

We are required to provide you with this Privacy Notice by Law. If you are unclear about how we process or use your personal information, or you have any questions about this Privacy Notice or any other issue regarding your personal information, then please do contact our Data Protection Officer.

Taurus Healthcare are bound by the UKGDPR which includes principles that we must apply when collecting and using your data. These are:

To process your data in a manner which is lawful, fair and transparent. This means that when we collect and use your information, we must have a lawful basis for doing so, we must consider the rights and interests of the data we collect about you and provide clear information about our use of your data.

Collecting your data for a specified and legitimate purposes and not used in any ways which are incompatible with those. When we collect your data, we must be very clear about why we need it and what we will do with it. If we do collect data for one purpose, then rightly, we may not use it for an unconnected purpose.

Your data we collect must be adequate, relevant and limited to what is necessary for the purposes for which it is. This means we must make sure that we only collect and use data that is strictly necessary for our stated purpose or purposes.

Data must be accurate, and where necessary, kept up to date. We are required to take all reasonable steps to ensure that the data held is correct and kept up to date. This means that from time to time, we will review the data we hold and may contact you to make sure the data we have about you is current.

Data must be kept for no longer than is necessary for the purposes for which it is held. In some cases, it may only be necessary for us to be able to directly identify you for a short period of time.

Data must be used in a manner that ensures appropriate security of the data. This means that our policies, procedures, systems and working practices must ensure your data is always kept secure.

FAIR PROCESSING

Personal data must be processed in a fair manner – the UK GDPR says that information should be treated as being obtained fairly if it is provided by a person who is legally authorised or required to provide it. Fair Processing means that the organisation must be clear and open with people about how their information is used.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with

UK General Data Protection Regulations 2016
Data Protection Act 2018
Human Rights Act 1998
Common Law Duty of Confidentiality

In practice, this means ensuring that your personal confidential data (PCD) is handled clearly and transparently, and in a reasonably expected way.

WHO IS THE DATA CONTROLLER?

Taurus Healthcare is registered as a Data Controller under the Data Protection Act 2018. The registration number is Z3209239 and can be viewed online in the public register at https://ico.org.uk/. This means we are responsible for collecting, storing and handling your personal information.

LEGAL JUSTIFICATION FOR COLLECTING AND USING YOUR INFORMATION

The law says we need a legal basis to handle your personal information.

Consent: We rely on the fact that you give us consent to retain your personal information so that we can take care of your training needs.

Please note that you have the right to withdraw consent at any time if you no longer wish to receive services from us.

INFORMATION WE COLLECT FROM YOU

We collect basic personal data about you and location-based information.

Records held by this organisation may include the following information:

Your contact details (such as your name, address and email address including place of work and work contact details)
Your line manager
Relevant information regarding the courses you are booked on or have undertaken

WHO MAY WE PROVIDE YOUR PERSONAL INFORMATION TO AND WHY?

For some of our courses, it may be prudent to pass your personal information on to a third-party trainer or supplier because these organisations may require your information to allow for pre-course contact and/or provision of certificates and additional information following the course directly to you.

You will be informed who your data will be shared with and in some cases asked for explicit consent for this to happen when this is required.

In addition, where your employer is providing funding or authorisation for your course attendance, it may be appropriate to share information with them regarding that booking and your attendance on their request.

WHERE DO WE STORE YOUR INFORMATION ELECTRONICALLY?

All the personal data we process is usually processed by our staff in the UK and is held on our dedicated training system only.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION

We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records management code of practice for health and social care and national archives requirements.

More information on records retention can be found online at NHSX – Records Management Code of Practice 2023

HOW DO WE MAINTAIN THE CONFIDENTIALITY OF YOUR RECORDS?

Every staff member who works for Taurus Healthcare has a legal obligation to maintain the confidentiality of information.

All our staff receive appropriate and regular training to ensure they are aware of their personal responsibilities and have legal and contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff have access to the training system where it is appropriate to their role and is strictly on a need-to-know basis. We always maintain our duty of confidentiality to you.

TRAINING HUB WEBSITE

Website Visitors

Like most website operators, Taurus Healthcare collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Taurus Healthcare's purpose in collecting non-personally identifying information is to better understand how Taurus Healthcare's visitors use its website. From time to time, Taurus Healthcare may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.

Taurus Healthcare also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on https://www.primarycaretraininghub.co.uk blog posts. Taurus Healthcare only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below.

Gathering of Personally-Identifying Information

Certain visitors to Taurus Healthcare's websites choose to interact with Taurus Healthcare in ways that require Taurus Healthcare to gather personally-identifying information. The amount and type of information that Taurus Healthcare gathers depends on the nature of the interaction. For example, we ask visitors who create an account to book courses at https://www.primarycaretraininghub.co.uk to provide a username, email address, title, organisation, job role, address and telephone number.

Security

The security of your Personal Information is important to us, however no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security

Links To External Sites

Our Service may contain links to external sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy and terms and conditions of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites.

Aggregated Statistics

Taurus Healthcare may collect statistics about the behaviour of visitors to its website. Taurus Healthcare may display this information publicly or provide it to others. However, Taurus Healthcare does not disclose your personally-identifying information.

Cookies

To enrich and perfect your online experience, Taurus Healthcare uses "Cookies", similar technologies and services provided by others to display personalised content, appropriate advertising and store your preferences on your computer.

A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. Taurus Healthcare uses cookies to help Taurus Healthcare identify and track visitors, their usage of https://www.primarycaretraininghub.co.uk, and their website access preferences. Taurus Healthcare visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using Taurus Healthcare's websites, with the drawback that certain features of Taurus Healthcare's websites may not function properly without the aid of cookies.

By continuing to navigate our website without changing your cookie settings, you hereby acknowledge and agree to Taurus Healthcare's use of cookies.

OBJECTIONS AND/OR COMPLAINTS

Should you have any concerns about how your information is managed at Taurus Healthcare, please contact the Senior Information Risk Owner via thl.siro@nhs.net If you are still unhappy following a review by the organisation, you can then complain to the Information Commissioner’s Office (ICO) via their website (www.ico.org.uk) Telephone: 0303 123 1113.

The Information Commissioner’s Office is the Regulator for the General Data Processing Regulations and offer independent advice and guidance on the law and personal data, including your rights and how to access your personal information.

DATA PROTECTION OFFICER

The organisation’s Data Protection Officer is Paul Couldrey of PCIG Consulting Limited. Any queries regarding Data Protection issues should be addressed to him at:

Email: paul.couldrey@nhs.net

Postal: PCIG Consulting Limited, 7 Westacre Drive, Quarry Bank, Dudley, West Midlands DY5 2EE

WHERE TO FIND OUR PRIVACY NOTICE

You may find a copy of this Privacy Notice on our website, or a copy may be provided on request.

IF ENGLISH IS NOT YOUR FIRST LANGUAGE

If English is not your first language, you can request a translation of this Privacy Notice.

CHANGES TO OUR PRIVACY NOTICE

It is important to note that we may amend this privacy notice from time to time. If you are dissatisfied with any aspect of our privacy notice, please contact the Data Protection Officer.

This Privacy Notice was last updated on 4^th March 2025.