Healthcare Professional
Privacy Notice

As a healthcare professional I am committed to protecting your privacy. This Privacy Notice sets out the types of personal data that I collect, how and why I process that information, who I might share it with in relation to the services I provide and certain rights and options that you have in this respect.  

Personal data is any information relating to an identified or identifiable living person.

If you would like further information about any of the matters in this Privacy Notice or have any other questions about how I collect, store or use your personal data, please contact me. 

Types of Personal Data I collect and use 

The personal data that I may collect and hold about you through the FotoConsent App may include your: 

  • Name, address, date of birth, email address, mobile number

  • Contacts we have had with you (dates of clinic visits)

  • Occupation


Types of Special Categories of Personal Data I collect and use

In addition to personal data that I will collect and use in the course of your treatment I may also collect and hold special categories of personal data which may include your:

  • Previous and current medical health records

  • Allergies and health conditions

  • Visual images for medical diagnosis and treatment

  • Details of medical diagnosis and treatment, including past medical diagnosis and treatment

  • Details of any medical referrals made

  • Your nationality, race and/or ethnicity

  • Your religion


How is your Personal Data used?

In law the term “processing” means using your personal data. Each time your personal data is processed I must have a legal justification to do so. 

I will process your personal data under Article 6(1) and 9(2) of the General Data Protection Regulations: 

  • Pursuant to your explicit consent to enter into a contract with me for the performance of medical care

  • To make a medical diagnosis

  • To provide you with healthcare and related services

  • To support the provision and management of your medical treatment 

  • To support the performance of the healthcare contract with you

  • To keep your medical records up to date

  • For compliance with legal and regulatory requirements and related disclosures

  • For the establishment, exercise or defence of my legal rights 

  • For medical educational, scientific research, scientific analysis and developing statistics

  • For the purposes of ensuring high standards of quality and safety of health care and of medicinal products or medical devices

  • For account settlement purposes


Who do I share your Personal Data with?

Subject to applicable data protection laws I may  share your personal data to the third parties listed below for the purposes described in this Privacy Notice. These parties include:

  • A doctor, nurse or any other healthcare professional involved in your medical treatment

  • A doctor or any other healthcare professional to whom a referral has been made with your consent

  • Companies and other persons providing services to you as part of your medical treatment

  • Anyone that you ask me to communicate with or provide as an emergency contact, for example your next of kin.

  • Your GP

  • Your insurance company

  • The police and other third parties where reasonably necessary for the prevention or the detection of crime

  • My legal and other professional advisors


Sharing of Personal Data for Medical Education and Scientific Research

Subject to applicable data protection laws and your explicit written consent I may share your personal data, for the purpose of medical education and scientific research. 

Where required by you I shall ensure that all personal data used for medical education and scientific research purposes is appropriately anonymised. 

You are free at any time to change your mind and to withdraw your consent. 


International Transfers of Personal Data

I will only transfer your personal data to a person or entity in a country outside of the European Economic Area (“EEA”) where it is medically necessary and where you have expressly consented to the transfer. For instance, where it is necessary to make a referral for your medical treatment or to report to your local doctor.

I may transfer your personal data when the transfer is to a country deemed to provide adequate protection of your personal data by the European Commission.

Where I transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.  The European Commission approved standard contractual clauses are available here.

I may share non-personal, anonymised and aggregated data with third parties for scientific research, medical education and medical thought leadership.


How long do I keep Personal Data for?  

I will retain your personal data for as long as necessary to fulfil the purposes I collected it, as set out above, including for the purposes of satisfying any legal or reporting requirements.

Your personal data will be kept in accordance with the retention periods outlined in the Information Governance Alliance Records Management Code of Practice for Health and Social Care 2016.

In certain circumstances your personal data may be held for longer periods. This may include where:

  • Your medical records have been VAULTED by FotoConsent. Please contact support@fotoconsent.co.uk for explanation of the VAULT feature and how it works.

  • This is necessary for the compliance with legal and regulatory obligations

  • This is necessary for the establishment, exercise or defence of legal claims

  • This is necessary by reason of public interest in the area of public health

Upon expiry of the applicable retention period I will securely destroy your personal data in accordance with applicable laws and regulations.


Your rights

Under data protection laws you have certain rights in relation to the personal data that I hold about you.  You may exercise these rights at any time by contacting me by email. 

Your rights include: 

  • The right to withdraw consent: Where I process personal data based on consent, individuals have a right to withdraw consent at any time.  Where, however, another legal basis exists which permits me to I may continue to process your personal data. 

  • The right to access your personal information: You have the right to request a copy of the personal data that I hold about you and to obtain certain other information about how and why I process your personal data (similar to the information provided in this Privacy Notice). There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if I am legally prevented from disclosing such information. I aim to respond to any requests for information promptly, and in any event within the legally required time limits.

  • The right to rectification: I aim to keep your personal data accurate, current, and complete. I encourage you to contact me to let me know if any of your personal data is not accurate or changes, so that I can keep your personal data up-to-date.

  • The right to restriction of processing: In certain circumstances, you also have the right to object to processing of your personal data and to ask me to block, erase and restrict your personal data.

  • The right to data portability: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.

  • The right to erasure: You have the right to ask me to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data has been unlawfully processed or when I have no lawful basis for processing your personal data. 

  • The right not to be subject to automatic decisions. You have the right not to be subject to automatic decisions. These are decisions that are made about you by computer alone, that have a legal or other significant effect on you.


Complaints

I hope that you won’t ever need to, but if you do want to complain about my use of your personal data, please send an email to me and I will look into and respond to any complaints I receive.

You also have the right to complain to the Information Commissioner’s Office which can be found at https://ico.org.uk/ Making a complaint will not affect any other legal rights or remedies that you have.


Updates to this Privacy Notice

I reserve the right to update and change this Privacy Notice from time to time to reflect any changes in the way in which I process your Personal Data or changing legal requirements. Any changes I make to the Privacy Notice will be posted on this page. Please check back at intervals to see any updates or changes to this Privacy Notice.