Privacy Notice

 

CIMAS is a subsidiary application developed on behalf of John White PM Ltd (also known as JWPM or JWPM Consulting) which is a private company limited by guarantee, registered in England & Wales under number 07977410. The registered office of the company is: Regus, Romer House, 132 Lewisham High Street, London SE13 6EE. 

JWPM is registered with the Information Commissioner's Office for England & Wales (ZA461656). We are ISO27001:2013 certified, have completed NHS Digital's Data Security & Protection Toolkit, and are working towards Cyber Essentials Plus and ISO9001 certifications. 

This notice gives a summary of how we use your personal information in accordance with the law, especially the Data Protection Act 2018 (DPA18), General Data Protection Regulation 2016 (GDPR) and Privacy & Electronic Communications Regulations 2003 (PECR). 

JWPM provides IT project management, software and support services, specialising in healthcare in the justice sector. We collect personal and anonymised information to support delivery of our services, our legal and contractual obligations and for business development. We do not sell or trade lists of personal information. 

JWPM retains the services of an independent Data Protection Officer (DPO) although there is no statutory requirement for us register a DPO. You can contact them at dpo@johnwhitepm.co.uk, or email us at info@johnwhitepm.co.uk if you would like any more information about our processing, or to exercise your rights in relation to your personal information. 

Processing of personal information: 

Processing is the collective term for any activity relating to use of personal data - creation or collection, communication/transfers, storage and eventual destruction. We process personal information as follows: 

  • Names and contact details for people working in organisations that are clients, potential clients, suppliers, partners; and names and contact details for people who register with our applications or services. These may be collected directly from you, obtained from public sources, or through introduction by mutual connections for business purposes. We use this information to communicate with you about our services, which may be required for us to meet our contractual obligations (GDPR Article 6(1)(b) as enacted into DPA18) or be in our legitimate interest in business development (GDPR Article 6(1)(f) as enacted into DPA18). All communications contain unsubscribe options where appropriate and required by PECR. Personal information collected is primarily business contact information unless an individual chooses to give us their private email address or other contact details. 

  • In addition, we may be required to process special category personal data for some individuals who are employed or directly contracted or sub-contracted to work for JWPM or JWPM partners, in accordance with relevant law, for example, to meet vetting and/or clearance requirements on some client sites, or to meet legal obligations relating to our duties as an employer. No special category personal data will be transferred to third parties except as required by law and/or with the full knowledge, and, where appropriate and necessary, consent of the individual concerned. 

  • IP addresses, device information and website tracking data through cookies and similar technologies, via our website and electronic communications. These permit us to analyse interest in specific content, locations of users and enable us to provide more focussed information. We use third party tools for some of this processing, who may be using automated profiling and using data collected for their own purposes. You may block third party cookies, or all cookies including JWPM cookies through your browser settings without affecting access to content. 

We do not collect or store any personal information relating to users of any health or social care service, or individuals held in any custody environment. Security cleared and vetted individuals who work for JWPM, or on our behalf, may have limited view only remote access to systems which contain patient or detainee data for the sole purposes of providing technical support. Access is strictly controlled, and monitored to ensure that personal information is not viewed inappropriately. 

We do not make any decisions about individuals through solely automated means. 

JWPM is located in the UK and all personal information that we solely control is held within the UK or EEA. All contracts and agreements with partners and suppliers contain strict information security and confidentiality requirements to Government Secure Marketplace standards. 

From time to time, we may use other third party services, for example, event registration websites to process personal data on our behalf. This processing will be subject to terms and conditions set by the third party which may be outside JWPM's control. 

Your rights in relation to this Privacy Notice Please contact dpo@johnwhitepm.co.uk if you would like: 

  • to know what information we are holding about you or to obtain copies, or if you have any questions or concerns about this notice. 

  • to exercise your right to restrict our processing or request deletion of your records. Please note that we may be required to retain information to meet our legal obligations and will fully inform you if this is the case.