INTRODUCTION

Lynas Clinical Safety Limited (“we”, “our”, “us”) is committed to protecting your privacy and ensuring that your personal data is handled securely and transparently. This privacy policy outlines how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and our overarching Data Protection and Information Governance Policy.

Our commitment to patient safety and quality, as reflected in our goal to achieve CQC 'Outstanding' status, extends to the confidentiality and security of all data we hold.

1. WHAT DATA WE COLLECT

We collect only the minimum personal data necessary to deliver our services, maintain clinical governance, and operate our website. This may include:

  • Clients and Staff: Name, contact details, job title, and organisation name, collected directly for contract and employment fulfilment.

  • Prospective Clients/Website Enquirers: Name and email address, collected when you submit an enquiry via the 'Contact Us' form or schedule a consultation via our booking link.

  • Patients (via client organisations): Limited, pseudonymised or anonymised information such as a reference number, age, gender, and advice provided, strictly in line with our service agreements and data processing contracts with the client organisation.

  • Website Technical Data: IP address, browser type, and basic analytics data collected via cookies, used for site optimisation and security monitoring.

2. HOW WE USE YOUR DATA

We use personal data only for specific, legitimate, and ethical purposes:

  • To deliver high-quality remote clinical advice services.

  • To respond to your direct enquiries and manage scheduled consultation bookings.

  • To maintain comprehensive records for clinical governance, training, and robust audit purposes (as detailed in the Clinical Governance Policy).

  • To communicate effectively with clients, staff, and partners.

  • To fulfil all legal, regulatory, and professional obligations.

We only process data based on lawful grounds, such as the fulfilment of a contract, explicit consent, or legitimate interest, ensuring Lawfulness, Fairness, and Transparency.

3. SHARING YOUR DATA

We do not sell or share data for marketing purposes. We only share data when necessary for service delivery, regulatory compliance, or essential business functions:

  • Client Organisations: To integrate clinical advice into their records for seamless continuity of care.

  • Regulatory Bodies: If legally required or mandated by professional standards (e.g., CQC, ICO).

  • Trusted Third-Party Service Providers (Data Processors): Such as secure cloud storage providers, ensuring they operate under strict Data Processing Agreements and meet our high data protection standards.

4. DATA SECURITY

We employ robust technical and physical measures to protect your data, ensuring Integrity and Confidentiality:

  • Secure Storage: We operate as a paperless organisation. Patient-identifiable data is stored digitally on secure, encrypted, cloud-based platforms using UK-based servers provided by Amazon Web Services (AWS). Business data is stored securely on Google Cloud.

  • Security Frameworks: We maintain compliance with the Cyber Essentials Plus framework and are working towards ISO 27001 certification to ensure robust cybersecurity.

  • Protective Measures: This includes encryption, two-factor authentication for access, and strict access controls for authorised personnel only.

5. DATA RETENTION

In line with our Data Protection and Information Governance Policy, we retain personal data only for as long as necessary, adhering to the principle of Storage Limitation:

  • Patient-related data: Retained for one year before secure integration into client organisation records, or longer if required for specific audit purposes.

  • Incident and Audit Records: Retained for ten years to ensure comprehensive clinical safety and governance history.

  • Business and Staff Data: Retained in accordance with specific statutory and internal retention schedules.

6. YOUR RIGHTS

Under GDPR, you have the right to:

  • Access the personal data we hold about you.

  • Request corrections or deletions of inaccurate or unnecessary data.

  • Object to or restrict the processing of your data.

  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe we have not handled your data correctly.

To exercise any of these rights, please contact us using the details below.

7. CONTACT US

For any questions regarding this website privacy policy or how we handle your personal data, please contact:

Lynas Clinical Safety Limited Unit 42, Gerrard’s Park, St. Helens, WA10 1FZ Email: info@lynasclinical.co.uk

This document is owned by Lynas Clinical Safety Limited.