Privacy Policy
MAY 2018

Key points:

  • Personal data: We use personal information to determine an individual's application who request to act as a volunteer with us, or to provide patient services to individuals who request access to our dental services.
  • Sensitive data: When accessing our dental services, we collect and use information about your health and nationality.
  • Sharing data: We share volunteer data with local authorities in line with statutory requirements. We do not share any patient data outside of Health-Point Foundation.
  • Security: We apply the appropriate organisational and technological security measures in accordance with the law.
  • International transfer: Your personal data is shared within the European Economic Area and stored in the United States of America.

1. Purpose of our privacy notice

Under the data protection legislation, we are required to explain to you why we are asking for information about you, how we intend to use the information you provide and whether we will share this with anyone else.
This policy applies to all patients who access our services and all volunteers who work for us to offer dental services.
It is important that you read this statement so that you know how and why we use information about you. It is also important that you inform us of any changes to your personal information so that the information which we hold is accurate and current.


2. Who is HealthPoint Foundation?

We are Health-Point Foundation (Health-Point), a non-governmental organisation which was set up for the provision of medical, dental and educational services to displaced individuals in Greece, who are fleeing poverty and war. Our registered office is Suite 2, Ellerslie House, Queens Road, Edgerton, Huddersfield, England, HD2 2AG
Health-Point is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you.

3. Our Data Protection Officer

Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws. If you have any concerns or questions about our use of your personal data, you can contact our Data Protection Officer by writing to Data Protection, Suite 2, Ellerslie House Queens Road, Edgerton, Huddersfield, England, HD2 2AG or by emailing info@healthpointfoundation.org.


4. Why are we collecting your information?

The information that you provide to us will be used to:

  • Determine an individual application relating to a request to work for us as a volunteer.
  • Provide services to patients who have consented for us to process their information
  • Provide support services at your request. Without this information, we may not be able to enter into an agreement with you or provide the services you want.

5. Types of personal information we use

We are collecting information about you which is relevant to the above uses. This includes the following information:

  • For Volunteers: Personal and contact details (such as name, address, email, Skype, country of practice and phone number) and confirmation of your identity (such as license to practice dentistry, educational certificates and passport copies).
  • For Patients: Personal details (patient name, patient ID number, age, country of origin) and medical history (allergies and previously administered treatments and medication).

6. Special categories of personal data

Some of the information which we collect may be special categories of personal data (also called sensitive personal data). Special categories of personal data require a higher level of protection. The special categories of personal data about you which we may collect include:

  • Information about your country of origin.
  • Information about your health, including any medical conditions.

7. Source of your personal information

The above information which we collect about you will be obtained directly from you when you either apply to work as a volunteer for us, or as a patient who attends one of our clinics to request medical services. We also collect information from you directly as part of any enquiry you may make.


8. How and why we use your personal data

We use the types of personal data listed above for a number of purposes, each of which has a "lawful basis". In accordance with the data protection laws, we need a lawful basis for
collecting and using information about you. We have set out below the different purposes for which we collect and use your personal data, along with the lawful bases we rely on to do so.

- Volunteers: Performing a contract between you and us:

  • To assess your eligibility to work for us as a volunteer.
  • To enter into an agreement with you, when your application is accepted and you work for Health-Point as a volunteer, including keep you up to date by email with news and new developments via our newsletter.
  • To adequately deal with any requests you make and to provide support services to you as a Health-Point volunteer.
  • To comply with our legal obligations such as in the prevention, detection and investigation of crime.

The lawful basis on which we rely in order to use the information which we collect about you for the purposes set out above, are for us to perform and execute the contract between Health-Point and Volunteers.


- Patients: You Consent for us to process your information:

  • To assess your medical needs and treatment required.
  • To adequately deal with any requests you make and to provide support services to you as a Health-Point patient.

8.1 In limited circumstances, when carrying out the above purposes we may also rely on the following lawful bases:

  • Using your information is necessary for us to comply with legal and regulatory
    obligations to which we are subject.
  • Using your information pursuant to our legitimate interests (e.g. mailing lists) as a charity (and your interests and fundamental rights do not override those interests) or to provide medical treatment where the data subject does not have the capacity to consent.

9. How and why we use your special categories of personal data

Some of the information which we collect will be special categories of personal data, such as information about your country of origin and medical history. We will use your particularly sensitive personal information in the following ways and based on the following lawful bases:

  • We collect medical history to help us consider the most appropriate dental
    treatment for you, tailored to your medical needs.
  • We collect your country of origin to allow us to collate anonymised statistics of our patient demographic in order to help us improve the service we offer patients.


We understand our patients are fleeing war and poverty, and as such do not want to reveal their identities or sign any formal documents. We also understand that some patients cannot read or write and require support in filling out forms, and as such, cannot (or purposefully will not) explicitly consent (sign a form or formally agree) for fear of identification and persecution. As such, we rely on Article 9 (2) (for the provision of health care or treatment, or to establish a medical diagnosis) to process your special category data.


10. Complying with data protection law

The security and privacy of your personal data is paramount to Health-Point and we will always comply with data protection laws. At the heart of data protection laws are the data protection principles by which we abide and which say that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes with data collection limited only to the data we need, and
    not more.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept safely and securely.


11. Sharing your information

We share volunteers personal information with third parties where required by law (e.g. the Greek Government), where it is necessary to administer the contractual relationship with you or where we have another legitimate interest in doing so.
We do not share any patient details with any third party outside of Health-Point. Data is strictly kept within Health-Point UK and USA.

We use MailChimp, a USA based email provider to keep in touch with Volunteers to update you on the latest Health-Point and subject matter news. MailChimp are Privacy Shield certified.
Information about what treatments we provide per country demographic is used for statistical and research purposes, and shared for publication. This information contains no personal data and is completely anonymous.


11.1. When might you share my personal information with subsidiaries and other entities in the group?

We will share your personal information with subsidiaries and other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise or for system maintenance support and hosting of data.
Information from people donating money to Health-Point is managed by the third party payment provider Braintree, a division of PayPal. This information is submitted directly to Braintree and is stored by the payments provider who are the Data Controller. Should you wish to exercise any of your rights, you can contact them directly via their website at www.Braintreepayments.com or contact their Data Protection Officer by writing to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.


11.2. Who else could my information be shared with?

In exceptional circumstances, we may be required to share your details for the following reasons

  • With a regulator.
  • With the police and other law enforcement agencies for the purpose of detection and prevention of crime.
  • With safeguarding authorities.
  • With organisations with a function of auditing.
  • To otherwise comply with the law.


12. Transferring your information abroad

Your information is stored securely on servers hosted in the United States of America.


13. Security of your information

We have put in place appropriate organisational and technological security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those individuals who have a business need to know, all who are subject to a duty of confidentiality.

14. Can we use your information for any other purpose?

We typically will only use your personal information for the purposes for which we collect it. It is possible that we will use your information for other purposes as long as those other
purposes are compatible with those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.

We may use your personal information without your knowledge or consent where such use is required or permitted by law.

15. Storing your information and deleting it

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements and industry guidelines.


16. Your rights

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest or public interest as our lawful basis for processing and there is something about your particular situation which leads you to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party in certain circumstances.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us by writing to Data Protection, Suite 2, Ellerslie House Queens Road, Edgerton, Huddersfield, England, HD2 2AG or emailing
info@healthpointfoundation.org.

17. Right to withdraw consent

In the circumstances where we are relying on your consent as our lawful basis to process your data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

To withdraw your consent, please contact us in writing at Data Protection, Suite 2, Ellerslie House Queens Road, Edgerton, Huddersfield, England, HD2 2AG or emailing
info@healthpointfoundation.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

18. Automated decision making

You will not be subject to decisions that are based solely on automated decision-making. We do not engage in any customer profiling activities and do not use any cookies.

19. Right to complain to the ICO

You also have the right to complain to the Information Commissioner's Office (the "ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or via the ICO website at www.ico.org.uk.

20. Changes to this privacy policy

We reserve the right to update this privacy policy at any time, and we will provide you with a new privacy policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Contact Us
info@healthpointfoundation.org

© Health-Point Foundation All Rights Reserved.  Privacy Policy.
Health-Point Foundation is a 501 (c)(3) non-profit organisation in the USA. EIN: 81-3436231
Health Point Foundation is a Registered Charity in the United Kingom. Registered Charity Number: 1179795