This Privacy Notice sets out important details about information (“personal data”) that LiverScan will collect and hold about you, how we use your personal data and how we protect it. It also provides information on your rights in relation to your personal data.
LiverScan Ltd is a limited company registered in Scotland (SC761832).
This Privacy Notice applies to anyone who books a consultation with LiverScan and describes how we handle your personal data regardless of the way you interact with us (for example, in person, by email, through our website, by phone and so on). Please take your time to read this Privacy Notice carefully.
In this Privacy Notice we use “we” or “us” or “our” or “LiverScan” to refer to LiverScan Ltd who is using your personal data, and the team of FibroScan operators within LiverScan.
data refers collectively to all information that you submit to LiverScan via the website or in person. This definition incorporates, where applicable, the definitions provided in the UK GDPR.
UK GDPR means Regulation (EU) 2016/679 General Data Protection Regulation as it forms part of the law of England and Wales, Scotland, and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019.
Your Personal Data
In relation to GDPR< LiverScan is the data Controller of your personal data which they hold within those records, meaning that they must also comply with the data protection legislation and relevant guidance when handling your personal data. This includes using your personal data as set out in more detail below.
We will collect the following information from all clients:
- Identity – Name, Date of Birth, Gender,
- Contact details – Address, mobile number, email address
- Essential medical background questions
- Consultation notes and results
- Any other relevant information
The confidentiality of your medical information is important to LiverScan. We make every effort to prevent unauthorised access to and use of information. In doing so, LiverScan complies with UK data protection law, including the Data Protection Act 2018.
If you change personal data which we already hold about you (for instance by changing a pre-populated form) then we will update our systems to reflect the changes.
We collect data from you in the following ways:
- Via our website – mailing list sign up or booking or paying for an appointment
- Verbally during a consultation appointment
- If you contact us via email enquiry or phone
- Take part in any marketing activities
- Appointment confirmation, reminders, cancellations and follow-up appointments
Use of Your Data
Any or all of the above data may be required by us from time to time in order to provide you with the best possible service and experience when using our Service. Specifically, data may be used by us for the following reasons:
- To provide access to our Service.
- To process your payment.
- To provide you with secure access to your account.
- To improve our Service.
- To send reports from the service purchased
We do not share your confidential data with anyone outside of LiverScan Ltd unless we have received written authorisation from you. You can revoke this permission at any time.
You have the right to object in certain circumstances (see the section headed “Your rights” below).
We are likely to communicate with you by email, telephone, SMS, and/or post. If we call the telephone number(s) which you have provided, and the call directs to a voicemail and/or answering service, we may leave a voice message on your voicemail and/or answering service.
- to provide you with timely updates and reminders about your appointments
- to provide you with your consultation information (including FibroScan results). The client portal can only be accessed by using a magic link in your email along with your date of birth
- to provide invoicing information if applicable
- we may contact you via email for marketing campaigns and patient surveys
We use organisational and technical measures to safeguard your data and protect against accidental loss and unauthorised access, use, alteration, or disclosure:
- All data is stored on secure servers
- We use two factor authentication for access to any client data
- All FibroScan operators within LiverScan will complete and online GDPR essentials and cyber security training course annually
- We have appointed the CEO as a Data Protection Officer and they will complete the appropriate qualification
If you suspect any misuse or loss or unauthorised access to your data, please let us know immediately by contacting us via this e-mail address: email@example.com
Even if we delete your data, it may persist on backup or archival media for legal, tax or regulatory purposes.
You have certain rights in relation to your personal data that we hold about you. These include rights to know what personal data we hold about you and how it is used. We will use and hold your personal data in accordance with our obligations and these rights.
You may ask to exercise these rights at any time by contacting our DPO (Bruce Anderson, CEO, firstname.lastname@example.org). You will not usually be charged for exercising your rights.
If you make a large number of requests or it is not reasonable for us to meet a request then we do not have to respond. Alternatively, we can charge for responding.
Your rights include:
- Right to access– the right to requestcopies of the information we hold about you at any time, or
that we modify, update or delete such information
- Right to rectification – the right to have your data corrected if it is inaccurate or incomplete
- Right to erasure – the right to request that we delete or remove your data from our systems
- Right to restrict processing– the right to “block” us from using your data or limit the way in which we can use it
- Right to data portability– the right to request that we move, copy or transfer your data
- Right to object– the right to ask us to stop sending you marketing messages at any time and we must comply with your request or object to us using your personal data in a particular way
To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your data (where consent is our legal basis for processing your data), please contact us via this e-mail address: email@example.com
If you are not satisfied with the way a complaint you make in relation to your data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO’s contact details can be found on their website at https://ico.org.uk/
It is important that the Data we hold about you is accurate and current. Please keep us informed if your data changes during the period for which we hold it.
This Agreement will be governed by and interpreted according to UK law.
We include links on our website to and from the websites of other organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies and notices before you submit any personal data to these websites.
Should you wish any further information, please contact us:
Chief Operations Officer
26 Howe Street
Company Registration No. SC761832