PRIVACY POLICY
PRIVACY AND DATA SECURITY
Vitalscan Ltd is committed to ensuring that the data we collect is stored securely, and only used for the explicit purpose that it has been collected for. This privacy notice explains how we use and protect the information that you have provided to us.
What does this policy cover?
Vitalscan Ltd is committed to providing the highest quality services to our patients, our referrers and those who we collaborate with.
To comply with both EU and UK laws, we must manage your personal information fairly, lawfully, and transparently.
Our employees are trained to be responsible for maintaining patient confidentiality. Our policies and procedures are available to all staff and are reviewed regularly. We want you to feel confident that we take care of your personal data.
We have a Data Protection Officer (DPO) to guide us and oversee your personal information who can be contacted at:
care@vitalscan.health
Vitalscan, 100 Avebury Blvd, Milton Keynes MK9 1FH
01908 75556
Data Protection
Under the terms of the Data Protection Act and the General Data Protection Regulations, Vitalscan Ltd must protect any information collected from you. We use the latest technologies and encryption software to protect your data and maintain strict security standards to prevent any unauthorised access to it.
From time to time, we may need to make changes to this privacy policy. Changes will be posted here and are effective immediately. You should visit this page regularly so you know:
- What personal information we may collect
- How we use your personal information
- When (if ever) Vitalscan Ltd shares your personal information with someone else
What information do we collect?
Personal data is any information that relates to you and can be used to identify you.
We may collect and process personal data when you engage with our businesses. The typical places that personal data are collected include:
- When you use our website, including filling in forms;
- When you communicate with us about our services;
- In the course of receiving services, such as providing information to our staff or responding to requests from staff during a scan;
We do not collect any information which does not have a specific purpose or role to play in your care.
Information about your health, racial or ethnic origin, genetic and biometric data and sexual orientation is classified as ‘special category data’. We will only process this information on the basis that it is necessary for medical diagnosis, the provision of health care services and research purposes, and/or with your consent.
If you give us data on behalf of someone else, you confirm that the other person has appointed you to act on their behalf and has agreed that you can:
- give consent on their behalf to the processing of their personal data;
- receive on his/her behalf any data protection notices.
Most of the personal data we process is provided to us directly by you. However, sometimes we will receive personal data and special category personal data from third parties, such as:
- your GP
- a primary healthcare provider such as a hospital where you have been referred for other healthcare services
- a family member
How we use your information
Information collected by Vitalscan Ltd may be used for a number of reasons, including:
- Contacting patients (with their permission)
- Making appointments
- Training
- Research purposes
- Service improvements
- Improving the content and design of our website
Under data protection legislation (including the Data Protection Act 2018 and General Data Protection Regulation (GDPR), we may only process your personal data if one of the following lawful basis applies, which will be considered on an individual basis.
- We have your consent. You are able to withdraw your consent at any time. You can do this by contacting us. (Please refer to “Withrdawing your consent below)
- We have a contractual obligation with you that requires us to process your personal data
- We have a legal obligation to process your personal data
- We have to protect your vital interests
- We need it to perform a public task
- We have a legitimate interest to process your personal data
The lawful basis we will usually apply for processing your personal data is our legitimate interest to do so.
The legitimate interest is for the purpose of patient healthcare. Processing is necessary to achieve this where we are acting as a data controller of health data.
Sharing your information
We treat your personal information as private and confidential. In some instances, we may disclose it outside of Vitalscan Ltd including sharing information with partners who help us provide healthcare.
We will only disclose information to others without need for your consent when:
- It is needed by other parties connected with your patient record and where other healthcare bodies have an interest in your care.
We will also disclose information without your consent where strictly necessary to comply with our legal obligations, including where:
- NHS or other authorities require it
- the law, a regulatory body or the public interest requires it
- it is required as part of our duty to protect your patient record
- It is required by us or others to detect, investigate or prevent crime or fraud.
We will never share your information with other organisations for marketing, market research or commercial purposes.
How long will we keep your information?
We keep your information in line with the Department of Health and Social Care “Records Management Code of Practice”.
We will also need to keep your information in archived form to protect our legal rights. This may be for the period during which legal claims can be made under applicable law. In the UK this is six years for contractual claims. We have policies and procedures in place to make sure that we safely delete information no longer needed for any of these purposes.
How you can access your information?
For a copy of any information collected about you through the above, please email: care@vitalscan.health
Cookies
A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our website. We use cookies on our website.
Most cookies can be attributed to the following purposes:
Google Analytics
We use Google Analytics to collect information about visitor behaviour on our websites. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.
You can find out more about Google’s position on privacy as regards its analytics service at http://www.google.com/policies/privacy/
Third Party Cookies
These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site which allow visitors to share content onto social networks. Cookies are currently set by LinkedIn, Twitter, Facebook, Instagram and YouTube. To implement these buttons and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
Find out more about the cookies we use and why we use them
Finding out what information we have about you
You may want to look at your patient health record. You have the right to make a subject access request for information that we hold about you.
To make a subject access request (SAR), you should:
- Make the request in writing.
- Provide enough personal information to identify you. When you send us your written request, you will need to include copies of at least two official documents, which show your name, date of birth and current address. These could be a driving licence, a birth or adoption certificate, passport or a recent utility bill.
Send your completed request and copies of relevant official documents to:
Care@vitalscan.health
Vitalscan, 100 Avebury Blvd, Milton Keynes MK9 1FH
01908 755556
Your rights
You have certain rights over your personal information. These include the right to access a copy of your personal information or have some elements of it transmitted to you or another health provider in a common electronic format. In certain circumstances you can have your personal information corrected or erased, or you can restrict our use of it. You also have the right to object to the way we use your personal information as described above.
We generally won’t charge you to exercise these rights. You have the following rights:
Access
You have a right to ask us if we have your personal information. If we do, you have a right to know:
- why we have it
- what type of information we possess
- whether we have or will send it to others, especially outside the European Economic Area
- how long we will keep it
- where we got it from
- Details of any automated decision-making.
If you want, you can ask for a copy of your information.
Rectification
Where any of your information is incorrect or incomplete, you have a right to tell us to correct it promptly. Please tell us if you change your address or other contact details.
In certain circumstances, you’ll have the following extra rights:
Right to object
Depending on the legal basis on which we are using your information, you may be entitled to object. For example, where we’re using your information connected with marketing, we will stop if you object. However, if we’re using your information to meet certain legal obligations, we may continue to do so even if you object.
Erasure (right to be forgotten)
You may have a right to have some or all of the information we hold about you deleted. However you should be aware that, as a provider of healthcare, we are required to retain many records even after your treatment ends.
Portability
In certain circumstances you may be entitled to receive some of your information from us electronically. We can either pass the information to you, or to another person or organisation if you want.
Restriction
You might also be entitled to ask us to restrict our use of your information. Please bear in mind, however, that if you are only willing to share limited information, we may not be able to provide you with a full range of care and treatment (as applicable), and that could mean being unable to see you at the centre (since we may not be able to share your information in the way required in order to provide your care or treatment, or run our business (for example, billing) and comply with our legal obligations).
Withdrawing consent
Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.
You can do this by contacting:
care@vitalscan.health
Vitalscan, 100 Avebury Blvd, Milton Keynes MK9 1FH
01908 755556
Complaints
If you have a complaint about how we have handled your personal data, please contact us at:
care@vitalscan.health
Vitalscan, 100 Avebury Blvd, Milton Keynes MK9 1FH
01908 755556
We aim to work with you on any request, complaint or question you have about your personal information. However, if you believe we have not adequately resolved a matter, you have the right, at any time, to complain to the Information Commissioner’s Officer
As an independent UK authority, the ICO upholds information rights in the public interest, promotes openness by public bodies and data privacy for individuals. You can visit their website at https://ico.org.uk