Solstice

Privacy policy.

About Us:

Tuteca Ltd, known and trading as Solstice, located at 18 Parliament Street, City of Hamilton, HM12, understands how important it is to keep your personal information safe and secure, and we take this very seriously. We have taken steps to ensure your personal information is looked after in the best possible way, and we review these steps regularly. We are required to provide you with this Privacy Notice by Law. It explains how we use the personal and healthcare information we collect, store, and hold about you. If you are unclear about how we process or use your personal and healthcare information, or you have any questions about this Privacy Notice or any other issue regarding your personal and healthcare information, please get in touch with our Privacy Officer.

Our Responsibilities

Solstice is a data controller for your information. This means we are responsible for collecting, storing, and handling your personal and healthcare information when you register with us as a client, enquire about our services, or give us verbal consent to store your basic information. There may be times when we also process your information. That means we use it for a particular purpose; therefore, we may also be Data Processors on those occasions. The purposes for which we use your information are set out in this Privacy Notice.

Your Responsibilities

Please read this Privacy Notice carefully. It contains important information about how we use the personal and healthcare information we collect on your behalf.

When and How We Collect Information

Your personal information is collected as soon as you contact us to create a profile for you on our systems. This information can be collected online, via paper form, or via phone. Information collected digitally is via a secured platform called Adobe; information collected in paper format is filled in by you or a representative at our office. The paper forms are scanned and destroyed, and your details are securely saved on our systems.

We also collect personal information about you when it is sent to us from the following:

Hospitals, consultants, or any other medical or healthcare professional, or any other person involved with your general healthcare.
Information from other authorities such as schools/school counsellors, health insurance companies, government agencies, and court orders.

What Types of Information We Collect

Contact details (such as your name and email address, including place of work and work contact details);
Details and contact numbers of your next of kin or emergency contact;
Financial details such as debit or credit card details;
Data that identifies you, such as date of birth, gender identity, ethnicity, your medical history, and health insurance policy information;
Children's information containing date of birth, gender identity, ethnicity, medical history, health insurance policy information, and parental consent;
Medical notes and details of diagnosis and consultations with our Psychologists and other mental health or medical professionals within Solstice who are involved in your direct healthcare;
Occasionally, we record information about third parties you mentioned to us during any consultation. We are under an obligation to protect that third party’s rights as an individual and ensure that references to them, which may breach their rights to confidentiality, are removed before we send any information to any other party, including yourself. Third parties can include spouses, partners, and other family members.

Why We Collect Your Information

All information we collect is the minimum necessary in order to provide you with the best care possible or to comply with local regulations and insurance purposes. Personal information and data that we collect consist of voluntarily submitted personal information that is required for the purposes of ensuring you receive the best possible mental health care and treatment. This information may be passed to other approved organisations where there is a legal basis, to help with planning services, improving care, research into developing new treatments, and preventing illness. All of this helps in providing better care to you and your family and future generations. For example: When we need to speak to, or contact other doctors, consultants, nurses, or any other medical/healthcare professional or organisation during the course of your diagnosis or treatment or ongoing healthcare.

The Law states that personal information about your health falls into a special category of information because it is very sensitive. Reasons that may entitle us to use and process your information may be as follows:

Public Interest: Where we may need to handle your personal information when it is considered to be in the public interest.
Consent: When you have given us consent.
Vital Interest: If you are incapable of giving consent, and we have to use your information to protect your vital interests (e.g. if you have had an accident and you need emergency treatment).
Defending a Claim: If we need your information to defend a legal claim against us by you, or by another party.
Providing You with Medical Care: Where we need your information to provide you with medical and healthcare services.

Your Privacy Choices and Rights

You have the right to request access to your personal information, the right to request access to your medical records, and the right to request correction, blocking, erasure, or destruction. These rights are not absolute. We have the right to refuse providing access to personal information if we consider the information may cause “serious physical or mental harm,” and we are not able to redact that information from your records. Medical records or other health-related information is sensitive personal information. Sensitive personal information is a defined term that includes information relating to place of origin, race,colour, sex, sexual life, physical and mental health, disabilities, genetic information, etc. Please see below a detailed description of how to fulfil these rights.

Access and Subject Access Requests

You have the right to see what information we hold about you and to request a copy of this information. If you would like a copy of the information we hold about you, please email our Privacy Officer to request a Subject Access Request (SARS) form. We have 45 days to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing, and it is made clear to us what and how much information you require. The SARS request has a fee schedule that will depend on the amount of information that will need to be redacted and the clinician that will redact it. Please contact our Privacy Officer to verify the fee schedule for your case.

Correction

We want to make sure that your personal information is accurate and up to date. You may ask us to correct any information you think is inaccurate. It is very important that you make sure you tell us if your contact details, or any other personal information, including your mobile phone number, has changed. Because we are obliged to protect any confidential information we hold about you, and we take this very seriously, it is imperative that you let us know immediately if you change any of your insurance (if applicable) and contact details. We may contact you using email or via your cell phone to your mobile phone in the event that we need to notify you about appointments and other services that we provide to you involving your direct care; therefore, you must ensure that we have your up-to-date details. This is to ensure we are actually contacting you and not another person.

It is also important that all other personal information that we hold about you is accurate and up to date. Please keep us informed if any of your other personal information changes while you are receiving services.

If you wish to make a change to your information, the contact at Solstice is the administration department at privacy@solstice.bm.

Removal

You have the right to ask for your information to be removed; however, if we require this information to assist us in providing you with appropriate mental health services and diagnosis for your healthcare, then removal may not be possible. Please also be aware that due to local legal and regulatory obligations, we need to keep certain information for at least 7 years according to the Bermuda Medical Council. Please contact the Privacy Officer.

Objection and Removal of Consent

We cannot share your information with anyone else for a purpose that is not directly related to your health or well-being, e.g. medical research, educational purposes, court cases, etc. We would ask you for your consent in order to do this; however, you have the right to request that your personal and healthcare information is not shared by Solstice in this way. Please contact the Privacy Officer to request for your consent to be removed.

Transfer

You have the right to request that your personal and/or healthcare information is transferred, in an electronic form (or other form), to another organisation. This is done via a SARS request; we will require your clear consent to be able to do this, and a charge may be applicable in case we need to redact any information from your records. Please contact the Privacy Officer or the administration department at privacy@solstice.bm.

How Secure Is the Information We Collect

Sometimes we may provide information about you in an anonymous format. If we do so, then none of the information we provide to any other party will identify you as an individual and cannot be traced back to you.

We do our best to always maintain your confidentiality; whenever anonymity is not possible, your information will be shared either by a secure format (such as encrypted and password-protected files or via a secure encrypted link).

All information we collect is secured as stated on our Data Security and Privacy Policy, which

includes:

A. Technology Service Providers (Ensora and Adobe)

B. Secured location in paper-based formats

C. Data hosting and storage providers

D. Encrypted emails (Google Enterprise)

We take the security of your information very seriously and we do everything we can to ensure that your information is always protected and secure. We regularly update our processes and systems, and we also ensure that our staff are properly trained. We also carry out assessments and audits of the information that we hold about you and make sure that if we provide any other services, we carry out proper assessments and security reviews.

Who Do We Share It With

Confidential information about your mental health and care is only used in this way where allowed by law and would never be used for any other purpose without your clear and explicit consent or when requested by law. For example: When we are required by Law to hand over your information to any other organisation, such as the police, by court order, solicitors, or immigration enforcement.

We will never pass on your personal information to anyone else who does not need it or has no right to it unless you give us clear consent to do so.

We may pass your personal information or your children’s information on to the following people or organisations because these organisations may require your information to assist them in the provision of your direct healthcare needs. It, therefore, may be important for them to be able to access your information in order to ensure they may properly deliver their services to you:

Hospital professionals (such as doctors, consultants, nurses, etc.);
Other GPs/Doctors;
Pharmacists other healthcare professionals;
Ambulance personnel;
Your health insurance provider;
Government agencies and local authorities such as Police and Judicial Services;
Solicitors;
Educational Services;
Community Health Services;
Fire and Rescue Services;

Any other person that is involved in providing services related to your general healthcare. Anyone you have given your consent to view or receive your record, or part of your record. Please note, if you give another person or organisation consent to access your record by writing, we will not necessarily need to contact you to verify your consent before we release that record. It is important that you are clear and understand how much and what aspects of your record you give consent to be disclosed.

Occasionally, your data may be handled by a select number of employees who are part of our Referrals Team or Child and Adolescent Programmes for support services. These employees are under strict duties of confidentiality. We may also share your data with financial recovery organisations in case of payment defaults.

We transfer data from Bermuda to the U.S. because our Electronic Medical Records System and our online Data hosting and storage providers are located in the US. This transfer is conducted to ensure the protection of your data. Additionally, we may transfer your data to organizations based in countries that have not been granted an adequacy decision. Where data is transferred to such countries, we shall ensure that appropriate safeguards are used to do that by ensuring these companies are PIPA compliant.

Third Parties Who Process Your Information

In order to deliver the best possible service, Solstice will use carefully selected third-party service providers. When we use a third-party service provider to process data on our behalf, then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions, and that they are operating appropriately. Examples of functions that are currently being carried out by third parties include:

Companies that provide IT services & support, including our core clinical systems; systems which manage client-facing services (such as our website); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services, etc.
Claims providers who submit insurance claims on our behalf to your health insurance company.

How Long Do We Keep It For

We carefully consider any personal information that we store about you, and we will not keep your information for longer than is necessary for the purposes as set out in this Privacy Notice. Please be aware that due to local legal and regulatory obligations, we need to keep certain information, such as your medical records, for at least 7 years according to the Bermuda Medical Council.

How to Contact Us

Solstice has appointed a Privacy Officer who is responsible for overseeing questions in relation to this privacy notice and other queries or issues relating to your Personal Information held by Solstice. If you have any questions related to this Privacy Notice, including access to, rectifying, blocking, erasing, or destroying your personal information, you can contact the Privacy Officer.

The Privacy Officer is the Operations Manager, who can be contacted on 441 292 3456 or privacy@solstice.bm if:

You have any questions about how your information is being held;
If you require access to your information or if you wish to make a change to your information;
If you wish to make a complaint about anything to do with the personal and healthcare information we hold about you;
Or any other query relating to this Policy and your rights as a client.

Complaints

If you have a concern about the way we handle your personal data, or you have a complaint about what we are doing, or how we have used or handled your personal and/or healthcare information, then please get in touch with our Privacy Officer. However, you have a right to raise any concern or complaint with the Bermuda Privacy Commissioner at https://www.privacy.bm/.

Website and Cookies

Our website is intended to provide you with information about our Services and Staff Members. It might collect data from you as you browse or consent to contact us. This Privacy Notice applies to Solstice’s website and forms. We take no responsibility (legal or otherwise) for the content of other websites. Our website uses cookies. For more information on which cookies we use and how we use them, please see our Cookies Policy.

Updates to This Privacy Notice

We reserve the right to update this policy whenever deemed necessary without prior notice.