The General Data Protection Regulation (GDPR)
The GDPR is a new European regulation for the protection of personal data that came into force on 25 May 2018 and put into UK law through the Data Protection Act 2018.
What personal information does LaingBuisson hold?
Where provided, we have the names, work addresses and email addresses of post holders working for companies and organisations in the independent health and social care sectors. These include post holders working in care homes, care home groups, homecare agencies and agency groups, independent hospitals and clinics, hospital and clinic groups, mental health hospitals and clinics and dental surgery groups. We also hold this information about post holders in similar parts of the public sector, including local authority care commissioning and contracting units in all UK councils and all Clinical Commissioning Groups, and also on elected members (i.e. councillors and MPs). In addition, we hold information relating to post holders in suppliers and advisors (e.g. lawyers, accountants, financial advisors, management consultants) to the health and social care sectors.
Post holder data is not shared publicly and only disclosed to third parties where it meets the necessary conditions and tests of legitimate interest and relevance (further details below). Post holder data is recorded and used to ensure effective and efficient communication with the organisations, posts and responsibilities listed. No sensitive personal data, or anything relating to an individual’s preferences or personal life is held or recorded.
What does LaingBuisson do with the data?
We use the data we collect in the following ways:
- We are a leading provider of market intelligence for the health and social care sectors and conduct regular surveys in support of our range of market reports. We rely on having good, up to date data to ensure we reach the right people.
- We use the data for direct marketing purposes. Any communications that we send clearly include an ‘unsubscribe’ option.
- We license data to third parties who may use it for analysis and marketing purposes. It is important to note that we do not sell data – it is licensed to clients on a time and use restricted basis.
- We aggregate data provided to us by our Benchmarking Club and provide it for benchmarking purposes to Club members who participate in our surveys. We will never share data which identifies induvial businesses in this context. Our full privacy notice relating to the Care Home Benchmarking Club can be accessed here.
- We use data for the processing of sales and the delivery of orders to clients.
- We supply data to CACI as a partner in the CareMapper data solution.
How we collect information
We collect data in the following ways:
- From public websites which publish contact information.
- Through our surveys. Individuals are given the opportunity to opt out from receiving emailed surveys.
- Through our sales process during which we require client’s details to invoice them and send them the products they order.
- Through networking in the normal course of business, collecting details from people we meet who are likely to be interested in our products and services.
LaingBuisson’s data is held in the following places:
- Our proprietary SQL database which can only be accessed by staff working on the company’s networks.
- Our password-protected CRM systems which are only accessible to selected staff.
- Our iLaingBuisson data portal which is password protected using AES-256 encryption and may only be accessed by employees and people who have been licensed to use the data held within it.
Entry controls. Any stranger seen in entry-controlled areas will be reported. We have installed an internet camera at our premises at 24 Angel Gate as part of the security for that office when it is unoccupied. The company reserves the right to use any pictures captured as evidence should they suggest any criminal activity.
Secure lockable desks and cupboards. Desks and cupboards are kept locked if they hold confidential information of any kind. (Personal information is always considered confidential).
Equipment. Data users must ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.
Retention Period. Post holder data is on average reconfirmed, validated or changed every 6 months. The maximum period for storage without securing a reverification or update is 2 years.
If you do not wish us to use your data ourselves or license your personal data to a third party for marketing purposes you can:
- Request to unsubscribe via any of the direct marketing communications that we send.
- Write to our Chief Operating Officer at First Floor, 24 Angel Gate, City Road, London, EC1V 2PT or at [email protected]
What marketing channels and on what basis can LaingBuisson data be used for communication, including research and marketing?
Our communications are ‘business to business’ (B2B) and as a result we are processing data on the legal basis of ‘legitimate interest’.
- Postal Communication/Marketing – this will remain on an ‘opt-out’ channel (subject to the Mailing Preference Service (MPS) where appropriate).
- Telephone Communication/Marketing – all telephone numbers must be screened against the TPS and CTPS (Telephone/Corporate Telephone Preference Scheme) prior to being used for marketing purposes. Beyond which, this will remain an ‘opt-out’ channel.
- Email Communication/Marketing – the rules for e-mailing employees of Public Bodies and Companies are governed by the PECR (Privacy and Electronic Communication Regulations) which will be replaced by the forthcoming e-Privacy Regulations (tbc). This will remain an ‘opt-out’ channel. Private individuals are asked to opt-in to receive electronic communication and marketing from us.
What restrictions are there on the use of LaingBuisson data for marketing?
- All communications must be relevant and proportionate.
- All communications must contain a clear opportunity to opt-out from future correspondence.
- All requests to opt-out are honoured.
- Data used for marketing must be recently downloaded (i.e. within the past month) to ensure it is as up to date as possible.
We process data on the basis of ‘legitimate interest’ and can make legitimate interest assessments available for viewing as required. Any party who purchases a data license from us must establish their own legal basis for processing.
LaingBuisson and GDPR
LaingBuisson offers a range of data solutions among its product and services. While much of the data we gather and pass on to others is anonymous and used for analysis and benchmarking, a portion of the data we hold relates to post holders in companies and organisations as described above and may be used by us and third parties whom we license for marketing purposes. These third parties include: care homes and care home groups; independent hospitals and hospital groups; providers of other services in the health and social care services (e.g. children’s homes; providers of supported living; specialist services for adults); advisors to the sector (financial advisors, legal advisors, management consultants, business consultants); suppliers of services and goods to the sector. It is up to these third parties to decide their own legal basis for processing.
In doing this, we provide a necessary function for communication and research in the independent health and social care sectors. The interests of both the data subjects and data users are considered to the fullest possible extent and all our database content and services are made as transparent as possible.
Data Export and License
Any data shared is in compliance with the Information Commissioner’s Office Checklist published, our Terms and Conditions and this Privacy Notice.
In all cases the rights of the individual whose personal data is associated with a post listed on our database is considered and put in the context of both reasonable expectation of those fulfilling senior, important, budget holding and influential roles within Public Bodies/those providing Public Services and those rights and legitimate interests of other Public and Commercial Bodies who wish to discuss aspects and responsibilities of the roles directly or to provide details of relevant documents, events, services and publications that will be beneficial to the Post Holders.
No personal data is ever sold to third parties and where any personal data relating to a post holder is licensed for a set period or purpose for use by a LaingBuisson client (user), a consultation with the user is made available to ensure suitability, and in addition, the following conditions relating to direct communication with a post holder must be met:
- The user is a Public Body or a Supplier/Body offering or conducting relevant research, services or work
- The means, content and amount of communication is appropriate, relevant and not excessive
- The user’s contact information is always available and clear to the post holder
- A clear and unambiguous opportunity to stop any further communication is offered
- All data is screened against any necessary official preference services before use
- All data supplied can only be held and used for a prescribed period and purpose.
- All data held must be done so securely and not transferred to any third parties without consent.
- All requests to remove data is respected and a record held to prevent further use.
A copy of the full terms and conditions issued to all LaingBuisson data users can be seen at https://www.laingbuisson.com/terms-and-conditions/
Where requested by post holders, users must provide details of LaingBuisson as the source of the personal data used and provide a link to this document.
Transparency, Rights, Updates and Preferences for Post Holders
Our services are only possible with the kind cooperation of companies, not for profit organisations, public service organisations and their staff. Without which, neither our business nor the services we provide would be viable. We hope that the openness of our data to the post holders listed and the opportunities and information offered by LaingBuisson and its users are both valuable and useful to those concerned.
If you wish to access any post holder that LaingBuisson holds on you, please contact [email protected] and a copy will be supplied to you. Please use the same email address if there are changes needed to any organisational or post holder data. These will be actioned, and a confirmation email will be sent.
If a post holder would like more information about how we obtained their information or would like their name and/or email address removed from the LaingBuisson database, please email us at [email protected] including your name and the organisation you work for or make a request by post to: The Chief Operating Officer, LaingBuisson, First Floor, 24 Angel Gate, London, EC1V 2PT. We will review the data held and respond with the appropriate information and a list of preference options, including limiting access to the personal data in question or complete removal, according to the post holder’s wishes.
When receiving telephone enquiries, we will only disclose personal data we hold on our systems if the following conditions are met:
- We will check the caller’s identity to make sure that information is only given to a person who is entitled to it.
- We will suggest that the caller put their request in writing if we are not sure about the caller’s identity and where their identity cannot be checked.
Our employees will refer a request to the company Chief Operating Officer for assistance in difficult situations. Employees should not be bullied into disclosing personal information.
If an individual has engaged with the Company but is still dissatisfied, they are free at any time to raise concerns and/or complaints of any alleged breaches with the Information Commissioners Office either by phone 0303 123 1113 or by visiting their website https://ico.org.uk/concerns/.
Using LaingBuisson’s websites and your privacy
There is information about your computer hardware and software that is automatically collected by LaingBuisson. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used by LaingBuisson for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the LaingBuisson Website. LaingBuisson is not responsible for the content on websites outside of the LaingBuisson and LaingBuisson family of websites.
The LaingBuisson websites use “cookies” to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise LaingBuisson pages, or register with LaingBuisson site or services, a cookie helps LaingBuisson to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same LaingBuisson website, the information you previously provided can be retrieved, so you can easily use the LaingBuisson features that you customised.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the LaingBuisson services or websites you visit.
Security of your Personal Information
LaingBuisson secures your personal information from unauthorised access, use or disclosure. LaingBuisson secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Changes to this Statement
LaingBuisson will occasionally update this Statement of Privacy to reflect company and customer feedback. LaingBuisson encourages you to periodically review this Statement to be informed of how LaingBuisson is protecting your information.
LaingBuisson welcomes your comments regarding this Statement of Privacy. If you believe that LaingBuisson has not adhered to this Statement, please contact LaingBuisson at [email protected] We will use commercially reasonable efforts to promptly determine and remedy the problem.