The General Data Protection Regulation (GDPR)
The GDPR is a new European regulation for the protection of personal data that will come into force on 25 May 2018 and will be put into UK law through the Data Protection Bill which was unveiled by the government in August 2017. Before 25 May 2018, the 1998 and 2003 Data Protection Acts apply.
GDPR Privacy Notice
What personal information does LaingBuisson hold?
Where provided, we have the names, work addresses and email addresses of post holders working for companies and organisations in the independent health and social care sectors. These include post holders working in care homes, care home groups, homecare agencies and agency groups, independent hospitals and clinics, hospital and clinic groups, mental health hospitals and clinics and dental surgery groups. We also hold this information about post holders in similar parts of the public sector, including local authority care commissioning and contracting units in all UK councils and all Clinical Commissioning Groups. In addition, we hold information relating to post holders in suppliers and advisors (e.g. lawyers, accountants, financial advisors, management consultants) to the health and social care sectors.
What do LaingBuisson do with the data?
We use the data we collect in the following ways:
- We are a leading provider of market intelligence for the health and social care sectors and conduct regular surveys in support of our range of market reports. We rely on having good, up to date data to ensure we reach the right people.
- We use the data for direct marketing purposes. Any communications that we send clearly include an ‘unsubscribe’ option.
- We license data to third parties who may use it for analysis and marketing purposes. It is important to note that we do not sell data – it is licensed to clients on a time and use restricted basis.
- We use data for the processing of sales and the delivery of orders to clients.
How we collect information
- We collect data in the following ways:
- From public websites which publish contact information.
- Through our surveys. Individuals are given the opportunity to opt out from receiving emailed surveys.
- Through our sales process during which we require client’s details to invoice them and send them the products they order.
LaingBuisson’s data is held in the following places:
- Our proprietary SQL database which can only be accessed by staff working on the company’s networks.
- Our password-protected Salesforce CRM system which is only accessible to selected staff.
- Our iLaingBuisson data portal which is password protected using AES-256 encryption and may only be accessed by employees and people who have been licensed to use the data held within it.
If you do not wish us to use your data ourselves or license your personal data to a third party for marketing purposes you can:
- Request to unsubscribe via any of the direct marketing communications that we send.
- Write to our Head of Data at email@example.com or at 29 Angel Gate, City Road, London, EC1V 2PT
- Choose to ‘Unsubscribe from all’ by visiting https://mxm.mxmfb.com/form/show/c/777/f/5ab3b54a793a5. You can also use the preference centre to tailor what you hear from us about.
What marketing channels and on what basis can LaingBuisson data be used after 25 May 2018?
Our communications are ‘business to business’ (B2B) and as a result we are processing data on the legal basis of ‘legitimate interest’.
- Postal Communication/Marketing - this will remain on an ‘opt-out’ channel (subject to the Mailing Preference Service (MPS) where appropriate).
- Telephone Communication/Marketing - all telephone numbers must be screened against the TPS and CTPS (Telephone/Corporate Telephone Preference Scheme) prior to being used for marketing purposes. Beyond which, this will remain an ‘opt-out’ channel.
- Email Communication/Marketing - the rules for e-mailing employees of Public Bodies and Companies are governed by the PECR (Privacy and Electronic Communication Regulations) which will be replaced by the forthcoming e-Privacy Regulations (tbc). This will remain an ‘opt-out’ channel. Private individuals are asked to opt-in to receive electronic communication and marketing from us.
What restrictions are there on the use of LaingBuisson data for marketing?
- All communications must be relevant and proportionate.
- All communications must contain a clear opportunity to opt-out from future correspondence.
- All requests to opt-out are honoured.
- Data used for marketing must be recently downloaded (i.e. within the past month) to ensure it is as up to date as possible.
We process data on the basis of ‘legitimate interest’ and can make legitimate interest assessments available for viewing as required. Any party who purchases a data license from us must establish their own legal basis for processing.
LaingBuisson and GDPR
LaingBuisson offers a range of data solutions among its product and services. While much of the data we gather and pass on to others is anonymous and used for analysis and benchmarking, a portion of the data we hold relates to post holders in companies and organisations as described above and may be used by us and third parties whom we license for marketing purposes. These third parties include: care homes and care home groups; independent hospitals and hospital groups; providers of other services in the health and social care services (e.g. children’s homes; providers of supported living; specialist services for adults); advisors to the sector (financial advisors, legal advisors, management consultants, business consultants); suppliers of services and goods to the sector. It is up to these third parties to decide their own legal basis for processing.
In doing this, we provide a necessary function for communication and research in the independent health and social care sectors. The interests of both the data subjects and data users are considered to the fullest possible extent and all our database content and services are made as transparent as possible.
Using LaingBuisson’s websites and your privacy
There is information about your computer hardware and software that is automatically collected by LaingBuisson. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used by LaingBuisson for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the LaingBuisson Website. LaingBuisson is not responsible for the content on websites outside of the LaingBuisson and LaingBuisson family of websites.
The LaingBuisson website use "cookies" to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise LaingBuisson pages, or register with LaingBuisson site or services, a cookie helps LaingBuisson to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same LaingBuisson website, the information you previously provided can be retrieved, so you can easily use the LaingBuisson features that you customised.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the LaingBuisson services or websites you visit.
Security of your Personal Information
LaingBuisson secures your personal information from unauthorised access, use or disclosure. LaingBuisson secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Changes to this Statement
LaingBuisson will occasionally update this Statement of Privacy to reflect company and customer feedback. LaingBuisson encourages you to periodically review this Statement to be informed of how LaingBuisson is protecting your information.
LaingBuisson welcomes your comments regarding this Statement of Privacy. If you believe that LaingBuisson has not adhered to this Statement, please contact LaingBuisson at firstname.lastname@example.org. We will use commercially reasonable efforts to promptly determine and remedy the problem.