Privacy Notice

This privacy notice explains what information we collect about visitors to our website and individuals at hospitals/clinics with which we deal or may deal, doctors/consultants who engage us or may engage us, hospital administrative staff, patients and suppliers, when we collect it and how we use this.

During the course of our activities, we will process personal data (which may be held on paper, electronically, or otherwise) about you and we recognise the need to treat it in an appropriate and lawful manner. The purpose of this notice is to make you aware of how we will handle your information.

Who are we?

London Vascular Services, providers of specialised ultrasound services in London, take the issue of security and data protection very seriously and strictly adhere to the General Data Protection Regulation (EU) 2016/679 which is applicable from the 25th May 2018, together with any domestic laws subsequently enacted (collectively Data Protection Laws).

London Vascular Services Limited, (registered office 18 Woodcock Dell Ave, Kenton, Harrow, Middx HA3 0NS) is notified as a Data Controller with the Office of the Information Commissioner under registration number ZA271860 and we are the data controller of any personal data that you provide to us.

Our Data Protection Officers are Kate Sommerville and Nicola Milburn. Any questions relating to this notice and our privacy practices should be sent to London Vascular Services via info@londonvascularservices.london.

What information we collect and where we collect the information from

Website users: Our website is provided for information only. We do not use cookies on our website (which means that we do NOT keep a record of:

• technical information, such as the Internet protocol (IP) address used to connect your computer to the Internet, or your login information;

• information about your visit, including services you viewed or searched for or length of visits to certain pages, or

• contact information as we ask patients to book appointments via the relevant clinic or hospital

Links to Other Websites

Our websites contain links to other websites, for example those of the hospitals and clinics at which we provide ultrasound scans, that are not owned or controlled by us. We are not responsible for the privacy practices of these other websites and encourage you to read the privacy policies of these websites.

Workers at hospitals/clinics (including doctors and consultants): We hold contact details (i.e. name, work and personal  email address, work address, work  telephone number, secretary’s work telephone number, mobile number and job title which you provide to us (or are provided by the relevant hospital/clinic).

We also retain information about the ultrasound services which we are asked to undertake.

Patients: While we are providing ultrasound services we will be provided with access to patients’ names, addresses, dates of birth, details of next of kin, medical history (including previous diagnostic tests) and results of the ultrasound scan by the relevant hospital/clinic. However, LVS does not store any of this information. All patient information is stored by the relevant hospital/clinic. Patients should therefore refer any questions regarding their personal data to the hospital or clinic at which their ultrasound scan was performed.

Suppliers (i.e. insurance broker, accountants and other professional advisors): We hold contact details (i.e. name, work and personal email address, work and home address, work and home telephone number, mobile number and job title which you provide to us.

Business contacts  (i.e. other professional contacts): We hold contact details (i.e. . name, work and personal email address, mobile numbers and job title which you provide to us.

The accuracy of your information is important to us – please help us keep our records updated by informing us of any changes to your email address and other contact details.

Reasons/purposes for processing information
We process personal information in our legitimate interests to enable us to run our business of providing health services to patients, to comply with our regulatory and professional obligations, to maintain our accounts and records and to promote our services.

We only undertake extremely limited marketing to contacts with whom we have an existing business relationship such as sending Christmas cards. We rely on legitimate interests, where not outweighed by your interests or fundamental rights and freedoms. The legitimate interests we rely on for this processing are: to promote LVS services to you and to maintain positive professional relationships with our contacts. You have a right to object and to seek to restrict such processing (see below).

Who the information may be shared with

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of Data Protection Laws. What follows is a description of the types of organisations we may need to share some of the personal information we process with for the following reasons.

Where necessary or required we share information with:
Medical information

• treating healthcare professionals –  to facilitate diagnosis, treatment and care of the relevant patient
• family, associates and representatives of the person whose personal data we are processing if that person has invited the family member/associate or representative to be present during the scan and we are explaining something about the scan
• social and welfare organisations and central government – in the context of a safeguarding investigation
• referring doctor, legal team, court  in the context of a report prepared for medical legal reasons

Administrative information

• business associates – to promote our services
• suppliers and service providers – to maintain our accounts and records;

We will also disclose your personal information to third parties in the event that we sell all or part of our business or its assets, in which case we will disclose personal data relating to workers at hospitals/conics and suppliers to the prospective seller or buyer of such business or assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply or a contract we have entered into with you and other agreements; or to protect the rights, property, or safety of LVS, our customers, or others.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.

Transfers

Within the EU all businesses have to protect personal information in the same way as businesses do in the UK.  However, outside of the EU data protection laws vary from country to country, some have similar laws to the EU, others have very different laws.

We do not transfer your personal information outside of the EU.
Security

When you give us information we take steps to make sure that your personal information is kept secure and safe.

All data files on you are kept on an encrypted secure hard drive. Any hard copy paperwork is kept in a locked filing cabinet. Any emails sent to 3rd parties with your details, as per the paragraph on sharing of information, will be encrypted or marked confidential as appropriate. Where we have given you (or where you have chosen) a password which enables you to access any confidential emails you are responsible for keeping the password confidential. We ask you not to share a password with anyone.

How long we will keep your information

Workers at hospitals/clinics (including doctors and consultants): We retain your personal information for as long as it is needed for the service which we are providing to the relevant hospital/clinic.

Suppliers: We retain your personal information during our contract with you.

In addition, we will retain personal information in the following circumstances:

• to comply with our legal obligations e.g. keeping of financial records for up to 6 years plus 1 year,
• to resolve disputes e.g. if a hospital/clinic or patient has raised a dispute against us which may result in a claim then we may need to keep your data for the statutory limitation period and beyond if a claim is raised until the claim is resolved/settled
• to enforce our agreements e.g. if your agreement has been terminated for breach then we may keep your data after termination to ensure that all payments due to us are properly made.

Data Breach
If we discover that our security measures have failed and this results in personal information being lost, destroyed, corrupted or disclosed or someone accessing the information or passing it on without proper authorisation, we will assess the risk that such a breach may have on you.  If the breach will result in a high risk of a negative impact for you we will tell you and we will tell the Information Commissioner.

Your Rights

Patients should refer any questions regarding their personal data to the hospital or clinic at which their ultrasound scan was performed.

You have the right at any time to:

• ask for a copy of the information about you held by us in our records;

Usually we will not charge you a fee for providing a copy of the information which you request but we may charge an administrative fee or refuse your request f you ask for further copies of the information or if your request is manifestly unfounded or excessive, in particular if it is repetitive.

Before we provide copies of your personal information we need to be sure that the person making the request is actually you.  Therefore, we may ask for further information to confirm that you are the person making the request.

We have to protect other people’s personal information which means that we may have to remove or cover up information in a document before we can give you a copy.  We also have to protect confidential information and intellectual property and so we may remove any information for these purposes.

• require us to correct any inaccuracies in your information;
• in some circumstances make a request to us to delete what personal data of yours we hold; and
• object to us processing your personal information including for marketing purposes
•  in limited circumstances to request that the information is provided to you, or to someone else, in a commonly used electronic form.

If you would like to exercise any of your rights above please contact us at info@londonvascularservices.london

Should you wish to complain about the use of your information, we would ask that you contact us to resolve this matter in the first instance. You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information.  The Information Commissioner’s contact details are noted below:

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Email: casework@ico.org.uk

Changes in this Privacy Notice

We reserve the right to modify this Privacy Notice at any time, so please review it frequently. If we decide to change our Privacy Notice, we will post those changes to this Notice. If we make any material changes, we will notify you by email (sent to the e-mail address last notified to us) or by means of a notice on our website prior to the change becoming effective. However, it is your responsibility to check our website on a regular basis for updates to this Privacy Notice

Last updated: 25 May 2018