St Luke’s Radiology is under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason and we also have to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it.
But whatever we do with your information, we need a legal basis for doing it. We generally rely on one of three grounds (reasons) for our business processing. Firstly, if you have ordered or take a service from us, we are entitled to process your information so that we can provide that service to you and bill you for it if you are a private customer.
Secondly, if we want to collect and use your information for other purposes, we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time. We tend to need permission when what is proposed is more intrusive (for example, sharing your contact details with other organisations so they can market their own products and services to you).
But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within the third ground – our ‘legitimate interests’ to use the information in a particular way without your permission (for example, to protect our website against cyber-attacks). But when we do this, we must tell you as you may have a right to object. And if you object specifically to us sending you marketing material, or to ‘profiling you’ for marketing purposes, we must then stop.
This is all set out in detail in this policy, which focuses more on those items that we think are likely to be of most interest to you. As well as covering processing for business purposes, we give you information on circumstances in which we may have to, or can choose to, share your information.
Please read the policy carefully as it applies to the products and services we provide you (such as X-RAY, Ultrasound, Research, Medicolegal Reporting, Magnetic Resonance Imaging (MRI), CT Scanning, Back Pain Therapy and Audit Service, passing your details on to the relevant insurance providers and facilitating a payment for our services.
It also applies if you are not one of our customers and you interact with us, such as by:
- using one of our products or services – paid for by someone else
- calling our helpdesk
- generally enquiring about our services
You should review their privacy policies before giving them your personal information.
We will update it again between now and 25 May 2018 when further changes come into effect.
We want to make sure that any personal information we hold about you is up to date. So if you think your personal information is inaccurate, you can ask us to correct or remove it at no charge to you. Please contact our main office on the numbers below to do this.
Under the Data Protection Act 1998, you have a right to know what personal information we hold about you. If you’d like a copy of the information you are entitled to please write to St Luke’s Radiology, Latimer Road, Headington, Oxford, OX3 7PF, United Kingdom, clearly identifying yourself and the information you require. We will ask you to provide identification to ensure we do not disclose your information to the wrong people.
Please call our main office on 01865 742949 or 01865 765426.
Please note that it may take up to 96 hours to process your request for information we hold about you.
What kinds of personal information do we collect and how do we use it?
The personal information we collect depends on the products and services you have and how you use them. We’ve explained the different ways we use your personal information below.
We will use your personal information to provide you with services. This applies when you register for service from us. Or if you register for an online account.
This means we’ll:
- record details about the services you have from us
- send you service-information messages (we’ll send you messages to confirm your booking and tell you about any changes that might affect your service
- update you on when we provide appointments
- let you create and log in to the online accounts we run for information or referrals
- charge you and make sure your payment reaches us
- filter any content you ask us to
- give information to someone else
We use the following to provide services and manage your account:
- Your contact details and other information to confirm your identity and your communications with us. This includes your name, gender, address, phone number, date of birth, email address, passwords and credentials (such as the security questions and answers we have on your account)
- Your payment and financial information if required.
- Your communications with us, including emails, phone calls.
- Information from cookies placed on your connected devices that we need so we can provide a service.
We use this information to provide services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the service you ordered from us.
If you tell us you have a disability or otherwise need support, we’ll note that you are a vulnerable customer, but only if you give your permission or if we have to for legal or regulatory reasons. For example, if you told us about a disability we need to be aware of when we deliver our services to you, we have to record that information so we don’t repeatedly ask you about it. We will also record the details of a Power of Attorney we have been asked to log against your account.
We’ll use your personal information if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to:
- identify, and let you know about, services that interest you
- share with medical partners and insurers
- create aggregated and anonymised information for further use
- detect and prevent fraud; and
- secure and protect our services
We will use your personal information to send you direct marketing and to better identify services that interest you. We do that if you’re one of our customers or if you’ve been in touch with us to request services information.
This means we will:
- create a profile about you to better understand you as a customer and tailor services to your needs;
- tell you about other services you might be interested in;
- recommend better ways to manage what you spend with us, like suggesting a more suitable service based on your needs;
- try to identify services you’re interested in; and
- show you more relevant services we can provide
We use the following for marketing and to identify the services you’re interested in:
- Your contact details. This includes your name, gender, address, phone number, date of birth and email address
- Your payment and financial information
- Information from other organisations such as insurance companies and medical referral bodies
- Details of the services you have had
We will send you information (services we provide) by phone, post, email. We also use the information we have about you to personalise email messages wherever we can as we believe it is important to make them relevant to you. We do this because we have a legitimate business interest in keeping you up to date with our services, making them relevant to you and making sure you manage your spending with us if you are a private patient.
We will only market other organisations’ services if you have said it is OK for us to do so.
You can ask us to stop sending you marketing information or withdraw your permission at any time, as set out in the ‘How to contact us and further details’ section below.
We might have to release personal information about you to meet our legal and regulatory obligations.
We have strict security measures to protect your personal information. We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures, such as encryption, to protect your information.
- your contact details on file while you’re one of our customers, and for six years after; and
- details relating to any dispute for six years after it was closed
In other cases we’ll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed. And sometimes we’ll keep it for longer if we need to by law. Otherwise we delete it.
You can get in touch with our office by email email@example.com or write to the address below.
St. Luke’s Radiology
Latimer Road Headington
Oxford, OX3 7PF
If you want to make a complaint on how we have handled your personal information, please contact our office who will investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner – https://ico.org.uk/.