Privacy Policy
Brief
The General Data Protection Regulation (GDPR) has been effective from May 25th 2018. GDPR means that we at The Scanning Suite are more accountable for handling of people’s personal information than ever before.
The practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.
The data controller for our clinic will be available on request by contacting the local branch, the data controller and the information Governance Lead.
You will be asked to provide personal information when joining the Scanning Suite or requesting an imaging service. The purpose of us processing this data is to provide optimum CBCT imaging services to you and your patients.
The categories of data we process are:
- Personal data for the purposes of staff and self-employed team member management
- Personal data for the purposes of direct mail/email/text/other marketing
- Special category data including health records for the purposes of the delivery of CBCT imaging services
- Special category data including health records and details of criminal record checks for managing employees and contracted team members
We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. Any personal data is stored in the EU whether in digital or hard copy format. Personal data is stored in the US in digital format when the data storage company is certified with the EU-US Privacy Shield. Personal data is obtained when a patient joins The Scanning Suite, when a patient is referred to us and when a patient subscribes to our email correspondence list.
What Is Your Data Being Used For.
For healthcare professionals we use your data:
- to identify you, if you need to contact us, if you have a query, need help or technical support
- to enable you to use the full range of features that the Scanning Suite has on offer
- to confirm your details against the regulatory body register - to fulfil the Service Level Agreement
- to comply with the Ionising Radiations Regulation 2017 and the Ionising Radiation (Medical Exposure) Regulations 2017
- to send you and maintain records of financial transactions
- to keep you updated about our services
- to send you feedback emails and issue CPD certificates
- to notify you in case of any data breaches.
For patients we use personal data:
- to identify you when we contact your or you contact us
- to contact you to arrange, remind you and to notify you of any changes to your appointment
- to justify and take the X-ray examination on behalf of your healthcare professional
- to reformat your X-ray data into the chosen format for your healthcare professional
- to enable you to send us your feedback following your X-ray examination
- to send you an invoice confirming payment for your Xray examination (if applicable; e)
- to notify you in case of any data breaches
The lawful basis of processing personal data such as name, address, email or phone number is:
- Consent of the data subject
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Record Retention (M 215) procedure available from the practice directly.
You have the following personal data rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (clinical records must be retained for a certain time period)
- The right to restrict processing
- The right to data portability
- The right to object
Further details of these rights can be seen in our Information Governance Procedures (M 217C) or at the Information Commissioner’s website. Here are some practical examples of your rights:
- If you are a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your patient records within one month.
- If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.
We have carried out a Privacy Impact Assessment (M 217S) and you can request a copy from the details below. The details of how we ensure security of personal data is in our Security Risk Assessment (M 217M) and Information Governance Procedures (M 217C).
Comments, suggestions and complaints
Please contact the Scanning Suite Manager for comments, suggestions or a complaints about your data processing. This can be done via email, in writing or by visiting the practice. We take all complaints very seriously. If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113. The ICO can further investigate your claim and take action against anyone who’s misused personal data.
Related practice procedures
You can also use these contact details to request copies of the following practice policies or procedures:
- Data Protection and Information Security Policy (M 233-DPT), Consent Policy (M 233-CNS)
- Privacy Impact Assessment (M 217S), Information Governance Procedures (M 217C)
To exercise any of the above rights, please contact us.