fbpx Skip to main content

 

PURPOSE

This policy describes and sets out the essential details relating to your personal data relationship with Saint James Hospital. This policy highlights the types of personal data collected when you use our *sites and how your personal data is used, shared and protected. It also explains the choices you have relating to your personally identifiable information and how you can contact us regarding your personal data.

*Sites – Saint James ‘Capua’ Hospital, Sliema – Saint James Hospital, Zejtun – Saint James Clinic, Burmarrad – Saint James Eye Clinic, Birkirkara – Planet Physio – Medical Laboratory Services.

SCOPE

Saint James Hospital is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy policy and for the purpose you specifically requested.

From time to time, we may offer new services which we will update in this policy accordingly and we will notify you prior to these changes.

ROLES AND RESPONSIBILITIES

This website is operated by the Saint James Hospital group of companies, comprising various companies providing healthcare, cosmetic and hospitality services. These include amongst others Saint James (Capua) Hospital Limited (C14713), Saint James Hospital Limited (C17292), and Medical Laboratory Services Limited (C17197). All these companies are registered in Malta.

You can contact us by email on [email protected] or by telephone on +356 2329 1000. Our group correspondence address is Saint James Hospital Group, George Borg Olivier Street, Sliema SLM 1807, Malta.

You may also contact our Data Protection Officer on [email protected].

POLICY

 

What Personally Identifiable Information Do We Collect and When?

We ask you for certain personally identifiable information to provide you with the services you request. For example, when you request to receive communications, book an appointment, or interact with our sites. We will never share your information with a 3rd party without your explicit permission to provide you with access to that service. We may also collect sensitive personal data.

We may receive or ask you for multiple categories of data for which, in some cases, we require your unambiguous consent.

Should you be under the age of 16 years, a parent or a guardian must give consent on your behalf.

Data collected

Contact details: including name and surname, email, telephone number and physical address

Personal details: including gender, date of birth and ID number

Medical data: Specific medical history

Other health data: General health conditions and allergies

Personal preferences: including your marketing and cookie preferences, IP addresses, referrer headers, data identifying your web browser and version, and web beacons and tags.

Payment card details:  including card or account number and expiry date

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us on [email protected] if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose / Activity

Type of Data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

a)     Identity

b)     Contact

Performance of a contract with you

To process and deliver your order including:

a)     Manage payments, fees and charges

b)     Collect and recover money owed to us

a)     Identity

b)     Contact

c)     Financial

d)     Transaction

e)     Marketing and communications

a)     Performance of a contract with you

b)     Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

a)     Notifying you about changes to our terms or privacy policy

b)     To resolve any issues or disputes

c)     Asking you to provide feedback and /or take part in a survey

a)     Identity

b)     Contact

c)     Profile

d)     Marketing and communications

a)     Performance of a contract with you

b)     Necessary to comply with a legal obligation

c)     Necessary for our legitimate interests (to keep our records updated and to study how customers use the site as well as our services)

To administer and protect our business and this Site (including troubleshooting, data analysis, testing system, maintenance, support, reporting and hosting data)

a)     Identity

b)     Contact

c)     Technical

 

a)     Necessary for our legitimate interests (running our business, provision of administration and IT services, network security to prevent fraud and int the context of a business reorganisation or group restructuring exercise

b)     Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and to measure or understand the effectiveness of the advertising we serve to you

a)     Identity

b)     Contact

c)     Profile

d)     Usage

e)     Marketing and communications

f)      Technical

 

Necessary for our legitimate interests (to study how customers use the Site and our services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, services, marketing, customer relationships and experiences

a)     Technical

b)     Usage

 

Necessary for our legitimate interests (to define types of customers for our services, to keep the Site updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about our services that we feel may be of interest to you

a)     Identity

b)     Contact

c)     Technical

d)     Usage

e)     Profile

 

Necessary for our legitimate interests (to develop our services and grow our business)

 

When interacting with our sites, data is automatically collected and shared with us by the technology platforms providing the experience. For example, your web browser or mobile device may share certain data with Saint James Hospital as those devices interact with our sites. More information about these practices is included in the Cookies and Pixel Tags section below.

We may also ask you to complete surveys that we use for quality purposes.

Identification and Contact Information

When you request services or make enquiries from us through this website’s chat function or other forms of communication, we ask you for identification and contact details such as your name, contact telephone number, email address, depending on the nature of your enquiry and the type of response required.

You may provide contact information if subscribing to newsletters or if you wish to be contacted with service reminders or other periodical informative correspondence.

Sensitive (e.g. Medical) Information

When we provide our services to you at one of our premises, or in preparation for providing you with a medical or hospitality service, we would require from you other information, such as personal medical information and next-of-kin personal medical information. We do not collect such information through our website, therefore at the supply occasion of such data, further detailed privacy information depending on the instance will be supplied.

Medical information provided to any entity forming part of the group will be processed for the reason it would have been collected, as well as to comply will all relevant laws and regulations that that entity would be subject to. More information is available at the point of collection due to specific needs and obligations related to medical and hospitality services.

Personal qualifications, experience and related information

If you have an interest in applying for a vacancy, you will be asked to send us an application letter via email or post, including your Curriculum Vitae and potentially other documentation depending on the vacancy.

If you apply for a vacancy, the information submitted will be considered by the group, or a group entity’s specific recruiters depending on the vacancy, to consider your application.

We document all forms of communication between the data subject and Saint James Hospital on the data subject’s record held internally. We may make notes on relevant patient files enabling us to provide better care for medical, customer-service, legal, compliance, and regulatory purposes. Such data is only viewed by those employees whose role is relevant

Why And How We Use Your Personally Identifiable Information?

We process the personal data we collect from you in the following ways:

To provide the features of the sites and services you request – When you use our sites, we will use your data to provide the service you have selected. For example, if you request more information, we will use the contact details you give us to communicate with you.

To protect our or others’ rights, property or safety – We may also use data about how you use our sites to prevent or detect fraud, abuse, illegal uses and violations of our Terms of Use and to comply with court orders, governmental request or applicable law.

For general research and analysis purposes – We use data about how our visitors use our sites and services to understand customer behaviour or preferences.

Other purposes – We may also use your personal data in other ways and will provide specific notice prior to the time of collection and obtain your consent where necessary.

Tools To Manage the Data We Collect

In many cases, your web browser or mobile device platform will provide additional tools to allow you to control when your device collects or shares particular categories of information. For example, your mobile device or web browser may offer tools to allow you to manage cookie usage or location sharing. We encourage you to familiarise yourself with and use the tools available on your devices.

Data Minimisation

We aim to never collect or store any information that is not required for the delivery of the services to which you subscribe. Any information that we do collect is and will always be explicitly accounted for in this Privacy Policy.

We will take reasonable steps to destroy or de-identify personal information we hold if it is no longer needed for the purposes set out above or required for us to maintain a high level of care, in accordance with EU General Data Protection regulation (GDPR).

Sharing Of Personally Identifiable Information

We may share your personal data with:

Company affiliates for the purposes outlined above

Third party service providers who, on behalf of Saint James Hospital:

  • Process credit cards, payments, and deliveries
  • Manage and service our data
  • Distribute emails
  • Conduct research
  • Analyse our data
  • Administer certain services and features

*Company Affiliates: Saint James ‘Capua’ Hospital, Sliema – Saint James Hospital, Zejtun – Saint James Eye Clinic, Burmarrad – Planet Physio  – Medical Laboratory Services

We are not responsible for the privacy policies of the third-party service providers but do check from time to time that our partners and suppliers are compliant with local privacy and data protection law. Similarly, upon engagement of our third-party suppliers we ensure that they practice adequate data protection.

We may also transfer personal data we have about you if we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, spin-off, dissolution or liquidation)

Protection And Management of Personally Identifiable Information

The confidentiality of your personal information is of paramount concern to us and we comply with EU data protection law and all the applicable medical confidentiality guidelines issued by professional bodies such as the Malta Medical Council.

Your confidential medical information will be disclosed to the healthcare professionals, as justified by providing you the treatment or care. Additionally, such information might be disclosed to other entities, such as courts or medical professional bodies, only in the circumstance and following the communication modalities required under the Maltese law.

If you receive services from us and that service transfers to a new provider, we may share your personal and confidential medical information with the new provider, however you will be informed accordingly.

We invest appropriate resources to protect your personal information from loss, misuse, unauthorised access, modification or disclosure.

Encryption and security

We use a variety of security measures, including authentication tools to maintain the safety of your personal data. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems. Saint James Hospital has continuous IT support.

Appropriate, industry-standard, security measures are in place to protect your data (details are available upon request). This includes the encryption of all data held within our Electronic Medical Records and Hospital Information System and a secure physical firewall for the server.

Where is the data stored?

The personal data we collect or generate (process) will be stored in Malta. Your data is stored on site with a select amount being backed up in a secure data centre.

We will never sell your data, but we may share your data with data recipients for processing purposes only. We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.

Some of the data recipients with whom Saint James Hospital shares your personal data may be located in countries other than the country in which your personal data originally was collected i.e. foreign insurance companies.

Nevertheless, when we transfer your personal data to recipients in other countries, we will ensure your data is protected as described in this Policy and in compliance with EU General Data Protection (GDPR) regulation.

Retention of your Data

We retain your personal data for as long as we hold legitimate interests to fulfil the purposes for which we collect it, unless otherwise required by law.

We will retain personal data related to general communications or enquiries received for up to one year after the communication’s scope if exhausted to safeguard our legitimate interests for tracking enquiries.

Medical information or Hospitality preferences may be retained for several years which cannot be broadly specified, as this will be relevant to the category of data provided and the legal obligations for which group companies may be exposed to.  This will be communicated to you within the privacy information during the initial communications related to the service.

Human Resources

If you are not selected for a vacancy you applied for, the relevant group company will retain the submitted vacancy application and submitted documentation, including Curriculum Vitae, for up to 6 months for consideration should a related vacancy arise within our group companies. Should you wish to have your data erased before such date, you can notify us, and we will promptly delete your details from our system save any other legal obligations to retain the data.

Should you have been selected, your personal data would be processed in line with the Data Processing Agreement that would be presented to you prior to employment.

Personal data will not be retained beyond the above stated timelines.

Your rights related to your personal data

The General Data Protection Regulation (GDPR) gives certain rights to data subjects regarding their personal data. Data subjects of St James can take advantage their rights via:

Right of access – the right to be informed of, and to request access to the data we process about you. Saint James Hospital will at latest provide all documentation within 1 month and will not charge a fee unless deemed manifestly unfounded or excessive.

Right to rectification – the right to request that we update / rectify your personal data if inaccurate.

Right to restriction – the right to request that we temporarily / permanently stop processing your personal data.

Right to erasure – the right to request that we delete your personal data.  Please note that medical records cannot be deleted but can be hidden.

 

Right to object:

The right to object marketing using your personal data e.g. communication via email

  • The right, at any time, to object to us processing your personal data given your situation

Right to data portability – the right to request a copy of all personal data, in electronic format, we hold about you and the right to transmit this data to another party’s service.

Right to not be subjected to automated processing – the right to not be profiled where the decision would have a legal effect upon you.

Right to withdraw consent – Saint James Hospital will endeavour to continue to provide the services however; by withdrawing your consent, the efficiency of these services may be affected.  In such a case, someone from the Hospital will contact you.

If you are a European resident and you have a concern about our use of your information, you can contact your local data protection regulator. A list of European data protection regulators can be found here. This is a third-party website, over which we have no control.

You can contact us to exercise your rights by sending an email to our Data Protection Officer at: [email protected].

Cookies and Pixel Tags

Saint James Hospital receives and records information, which may include personal data, from your browser when you use our sites. We use a variety of methods, such as cookies and pixel tags to collect this information, which may include your:

  • IP-address
  • Unique cookie identifier, cookie information and information on whether your device has software to access certain features
  • Unique device identifier and device type
  • Domain, browser type and language
  • Operating system and system settings
  • Country and time zone
  • Previously visited websites
  • Information about your interaction with our sites such as click behaviour, purchases and indicated preferences
  • Access times and referring URLs

Third parties may also collect information via sites through cookies, third party plug-ins and widgets. These third parties collect data directly from your web browser and the processing of this data is subject to their own privacy policies. More information on the identity of these third parties and their privacy policies is provided below.

We use cookies and pixel tags to track our customer’s usage of the sites. This enables us to provide services to our customers and improve their online experience. We also use cookies and pixel tags to obtain aggregate data about site traffic and site interaction, to identify trends and obtain statistics so that we can improve our sites.

There are generally four categories of cookies used on our sites:

  • Strictly Necessary: These cookies are required for basic site functionality and are therefore always enabled. These include cookies that allow you to be remembered as you explore our sites within a single session or, if enabled, from session to session.
  • Functionality: These cookies allow us to improve our sites’ functionality by tracking usage. In some cases, these cookies improve the speed with which we can process your request, allowing us to remember site preferences you have selected. De-selecting these cookies may result in poorly tailored recommendations and slow site performance.
  • Performance: These cookies are used to measure how our website users navigate throughout our site, how long the users are on our site and what exactly are our website users looking at.
  • Targeting and Advertising: Social media cookies offer the possibility to connect you to your social networks and share content from our sites through social media. Advertising cookies (of third parties) collect information to help better tailor advertising to your interests, both within and beyond our sites. In some cases, these cookies involve the processing of your personal data. De-selecting these cookies may result in seeing advertising that is not as relevant to you or you not being able to link effectively with Facebook, or other social networks and/or not allowing you to share content on social media.

For a comprehensive and up-to-date summary of every third-party accessing your web browser, we recommend installing a web browser plugin built for this purpose. You can also choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through your browser settings on each browser and device that you use.

Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to many features that make our sites more efficient and some of our services will not function properly.

Compliance with Regulators

We will obey a valid court order or subpoena if these require us to provide the information that we store to law enforcement authorities or a court of law. We will only do so upon legal scrutiny and confirmation of the validity of such requirements in the country where we are deemed to provide operate.

Changes to our Privacy Policy

Applicable law and our practices change over time. If we decide to update our Policy, we will post the changes on our sites. We strongly encourage you to read our Policy and regularly check for any changes. 

IMPLEMENTATION AND DISSEMINATION

This policy shall be made available on the Hospital Intranet System for all Staff and on the Saint James Hospital Website for the public.