PRIVACY POLICY

Dermoscopy UK Limited (company number 05213637) (“Dermoscopy”/ “we” / “our” / “us”) takes your privacy very seriously and understands the importance of protecting your privacy and confidentiality in compliance with the guidelines published by the General Medical Council (as amended from time to time).

If you wish to contact us regarding this privacy policy, please contact us using the contact details set out here Contact. Dermoscopy is the data controller and our registered office is Claremont House, 1 Market Square, Bicester, Oxfordshire, OX26 6AA.

This privacy policy (together with the terms of use, which you can find here Terms of use) sets out the basis on which any personal data we collect from you, that you provide to us through your use of our website (http://mydermatologist.co.uk/) (the “Website”), that you provide through your visits to and interactions with us at our clinics (the “Clinics”) at The Manor Hospital in Oxford, The Foscote Private Hospital in Banbury and/or the Health Centre in Chipping Norton (the “Hospitals”) or during the provision of medical treatment, will be processed by us.

This privacy policy does not apply to websites that you may be able to access via links on the Website and/or activities offered by third parties. Dermoscopy is not responsible for the collection or use of your personal data from these third party websites (except in respect of http://www.dermoscopy.co.uk/, which is provided by us) or by the Hospitals (for example, the Hospital may use CCTV). Please ensure you review any relevant policies.

TOPICS COVERED:

  • DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA
  • PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
  • DISCLOSURE OF YOUR PERSONAL DATA
  • WHERE WE STORE YOUR PERSONAL DATA
  • SECURITY
  • RETAINING PERSONAL DATA
  • YOUR LEGAL RIGHTS
  • PERSONAL DATA NOT COVERED BY THIS POLICY
  • CHANGES TO OUR PRIVACY POLICY
  • HOW TO CONTACT US

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

DATA WE COLLECT FROM YOU OR ABOUT YOU AND OUR SOURCES OF THAT DATA

We will collect the following data about you:

  • Data you give us. You may give us data about you:
    • when you contact us (by email, phone, via the Website or otherwise) to book an appointment, make a general enquiry or when you contact us for any other reason;
    • when you visit our Clinics in person for an appointment or for treatment;
    • to allow us to treat you and undertake relevant procedures (if applicable), for example, your medical record and details of any treatment or care previously received;
    • information obtained from calls we receive or make which have been recorded;
    • during the course of any treatment you may receive at any of the Clinics;
    • during the course of any procedures provided by us to you at a Hospital;
    • to provide you with our telephone consultation services;
    • to process your prescriptions (including repeat prescriptions);
    • if you provide us with information about a patient if the patient is a child or does not have mental capacity to make his / her own decision in respect of any medical treatment;
    • when you complete a form at any of the Clinics;
    • when you make a complaint or report an incident to any of the Clinics;
    • when you provide feedback on your treatment;
    • when you are referred to us by your General Practitioner, a Hospital, another hospital or dermatologist;
    • when you are referred to us by your medical insurance provider; or
    • when making a referral to us; or
    • when your the organisation you represent provide products or services to us.
  • Data we collect about you. During the course of any treatment or procedure, we will collect:
    • medical information about you relating to your condition or treatment;
    • images of moles or any skin conditions (if relevant); and
    • payment details to process payments due (if applicable).
  • Data we collect from or are provided by third parties. We may be given personal data about you:
    • when your General Practitioner, your medical insurance provider, a Hospital or another hospital, another medical professional refers you to us;
    • when another dermatologist asks for a second opinion or refers you to us,
    • when we ask our patient to provide us with their medical history, which may include asking the patient about relevant medical conditions / history of the patient’s blood relatives;
    • when our patient’s parents or legal guardians provide us with information if our patient is a child or does not have capacity to make his / her own decisions in respect of his / her medical treatment; and
    • by the patient when you refer a patient to us so we can understand who has made the referral.

PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

We will use the personal data held about you for the purposes stated below:

Purpose of Processing Type of personal data Legal basis for processing
To enable us to process an initial enquiry made by you. Your name, title, date of birth,  address, telephone number, mobile number, email address, details of the enquiry (including any medical information provided), whether you have private medical insurance and if not, how you will pay for the treatment. For the provision of medical treatment and performance of our contract to provide such medical treatment to you.
To enable us to process a referral from a third party (for example, your insurer or General Practitioner, a hospital, another dermatologist or medical professional). Your name, title, date of birth, address, telephone number, mobile phone number, email address, details of the referral (including any relevant medical information and history), details of the organisation making the referral, and details of your medical insurance provider, membership number and authorisation code (if relevant). For the provision of medical treatment and performance of our contract to provide such medical treatment to you.
To book an appointment. Your name, title, date of birth, address, telephone number, mobile phone number, email address, details of the purpose of the appointment (including any relevant medical information or history), details of your General Practitioner and details of your medical insurance provider, insurance membership number and authorisation code (if relevant) and if you do not have private medical insurance, how you will pay for the treatment. For the provision of medical treatment and performance of our contract to provide such medical treatment to you.
To email you booking confirmations and appointment reminders. Your name, title address, email address, details of purpose of appointment  and date and time of the appointment itself (these emails do not contain any other information about the appointment) Explicit consent.
To provide you with treatment or care. Your name,title, date of birth, address, telephone number, mobile phone number, email address, your medical record (including relevant treatments previously received), details of any medical conditions, images demonstrating any medical conditions, details of your General Practitioner and details of your medical insurance provider, insurance membership number and authorisation code (if relevant) and if you do not have private medical insurance, how you will pay for the treatment. For the provision of medical treatment and performance of our contract to provide such medical treatment to you.
To provide you with emergency care (if you cannot consent). Your name, medical information and any personal data relevant to provide such emergency care to you. The vital interests of the data subject (i.e. to protect your life).
To provide you with treatment and care at our Clinic at the Hospital. Your name, address, date of birth, contact number, details of the procedure, your GP’s details and details of your insurance provider (including the policy number) if relevant. For the provision of medical treatment and performance of our contract to provide such medical treatment to you.
To conduct procedures at the Hospital. Your name,title, date of birth, address, telephone number, mobile phone number, email address, your medical record (including relevant treatments previously received), details of any medical conditions, images demonstrating any medical conditions, details of your General Practitioner and details of your medical insurance provider, insurance membership number and authorisation code (if relevant) and if you do not have private medical insurance, how you will pay for the treatment. For the provision of medical treatment and performance of our contract to provide such medical treatment to you.
To send your medical records (including clinic letters) to you. Your name, title, address, email address and your medical record (including all medical information and relevant treatment history) For the provision of medical treatment and performance of our contract to provide such medical treatment to you.
To send your medical records (including clinic letters) to your General Practitioner, referring dermatologist, hospital or other medical professional. Your name, title, address, email address and your medical record (to the extent relevant). For the provision of medical treatment and performance of our contract to provide such medical treatment to you.
To provide information about your condition, treatment and any other relevant information with your insurance provider. Your name, title, address, email address and relevant medical information. Necessary for an insurance purpose.
To process payments for the provision of treatment and for cancellation fees. Bank, credit or debit card details. Explicit consent.
To deal with any complaints or concerns you have raised or to process any feedback received. Your name, title, date of birth, address, telephone number, mobile phone number, email address and details of the complaint raised or feedback received (including any relevant medical information provided). Legitimate interests – to enable us to improve our treatment and care unless you provide us with your medical information in which case it will be consent.
To enable us to process a referral made by you. Details (including contact details) of the organisation and person making the referral. Legitimate interest – to process the referral made by you.
To allow you or the organisation you represent to provide products or services to us. Your name, contact details (for example, email address, phone number or address) and information about the organisation that you represent (if applicable). Performance of our contract with you (if you are providing the products or services as an individual) or legitimate interest – to enable us and the organisation you represent to perform our contract.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with medical treatment).  In this case, we may have to stop providing such medical treatment to but we will notify you if this is the case at the time.

Where we have a legal basis to use your personal data without consent (as we have described above), this policy fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.

Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent (such as via an opt-in form), you consent to our use of that personal data for the purposes covered by the specific consent that you have given.

We would like to reassure you that sensitive personal data (including any medical information) we receive or collect about you will only be processed in connection with the provision of medical treatment and accordance with this policy unless the data has been truly anonymised.

We do not process personal data for marketing purposes and we will not provide your personal) to other businesses or third parties for marketing purposes.

DISCLOSURE OF YOUR PERSONAL DATA

We may share your personal data (including sensitive personal data, i.e. your medical information) with selected third parties in accordance with this policy, including:

  • as mentioned above, to your referring General Practitioner, dermatologist, Hospital, other hospital or medical professional who have referred you as a patient to any of the Clinics;
  • your private medical insurance provider requesting information about your treatment;
  • the Hospital in which a necessary procedure may take place;
  • government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information);
  • we or substantially all of our assets are acquired by a third party, in which case personal data held by us, including your personal data, will be one of the transferred assets (however, we will let you know before this happens);
  • our IT service providers, who may access your personal data (including sensitive personal data);
  • professional advisers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation but only if such legal obligation takes precedence over our duty of confidentiality owed to you.

WHERE WE STORE YOUR PERSONAL DATA

The personal data that we collect from you may be transferred to, processed and stored at, destinations outside the European Economic Area (EEA) such as the US.

There is no adequacy decision by the European Commission in respect of the US, which means the US is not deemed to provide an adequate level of protection to your personal data. However, to ensure that your personal data receives an adequate level of protection we have put in place the following measures to ensure that your personal data is treated by those third parties in a way that is consistent with EU and UK laws on data protection:

  • EU-US Privacy Shield; and
  • EU standard contractual clauses.

If you would like to find out more about this or obtain a copy of the relevant standard contractual clauses, please contact us using the contact details set out here. Contact

SECURITY

Where we have given you (or where you have chosen) access details and/or a password which enable you to access your medical records, you are responsible for keeping these access details and password confidential. We ask you not to share your access details and password with anyone.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

RETAINING PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In line with the General Medical Practitioner guidance, we will retain your personal data (including sensitive personal data) for 7 years after the date of the last treatment provided by us to you.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Even if you request that we erase your data, we may still need to keep it (please see below) or may keep it in a form that doesn’t identify you.

YOUR LEGAL RIGHTS

You have the following rights with regard to your personal data:

  • You have the right to access data we hold about you.  This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it;
  • Rectification or erasure. You have the right to request that we rectify or delete any personal data that we hold about you (unless we have the legal right to retain it). If you request that we erase any personal data that we require in order to provide treatment and services to you, you may no longer be able a patient of any of the Clinics. This right does not extend to non-personal data. Please note that your rights to request erasure may be limited by applicable law.
  • Restriction. You also have the right to restrict us from processing your personal data if the data is inaccurate, the processing is unlawful or we no longer need to your personal data for the purposes for which we hold it.
  • Data portability. You have the rightto obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller if the legal basis for processing such personal data is consent or performance of a contract.
  • Object /change of preferences. You have a right to request that we stop processing your personal data where we are relying on a legitimate interest (or those of a third party). Please note, if you submit a request for us to stop processing your personal data in a certain way and this type of processing is required in order to facilitate your treatment or care, you will no longer be able to be a patient of any of the Clinics following your request for us to stop the relevant processing.
  • If for any reason you are not happy with the way that we have handled your personal data, please contact us. If you are still not happy, you have the right to make a complaint to the Information Commissioner’s Office.

Please note that the rights mentioned above do not extend to non-personal data.

If you would like to exercise any of the rights mentioned above, please contact us using the contact details set out here Contact

PERSONAL DATA NOT COVERED BY THIS POLICY

We ask that you do not send us any personal data which is not requested as a result of your visit to the Website, as part of any dealings with any of the Hospitals or the provision of treatment by us. For example, we do not accept any CVs or speculative applications.

CHANGES TO OUR PRIVACY POLICY

Any changes we make to our privacy policy in the future will be posted on this page, where appropriate, or notified to you by e-mail.

Please check back frequently to see any updates or changes to our privacy policy.  Continued use of the Websitewill signify that you agree to such changes.

HOW TO CONTACT US

Questions, comments and requests regarding our privacy policy are welcomed and should be addressed to Dermoscopy UK Limited at Nuffield Manor Hospital, Beech Road, Headington, Oxford, OX3 7RP by email to info@mydermatologist.co.uk or by phone on 01865 861577.

Please also contact us if you would like to know more about our data processing activities, to update or amend any of your personal data which you have provided to us or if you believe our records relating to your personal data are incorrect.

Our privacy policy was last updated on 29th June 2020.