Privacy & Data Governance Notice

Last Updated: February 2026

At Lynas Clinical Safety Limited, we treat data protection as a core component of patient safety. This policy explains how we handle personal data in compliance with the UK GDPR and the Data Protection Act 2018.

1. Data We Collect & Why

We only collect the minimum data necessary to provide expert clinical oversight and consultancy services.

Professional Clients:

Name, work email, job title.

Contract management and service delivery.

Enquirers:

Name, email, phone number.

Responding to consultancy requests.

Expert Clinicians:

Professional registration (GMC/HCPC), CVs.

Quality assurance and credentialing.

Clinical Advice:

Pseudonymised patient details (Age, Gender, Presentation).

Providing 24/7 expert decision support.

Website Users:

IP address, browser type (via cookies).

Security monitoring and site performance.

2. Lawful Basis for Processing

We process data under the following legal frameworks:

  • Contract: To fulfil our service agreements with healthcare providers.

  • Legal Obligation: To meet statutory clinical record-keeping standards.

  • Legitimate Interests: To maintain a robust clinical audit trail that protects patients and clinicians.

3. Data Sharing

We do not sell data or use it for marketing. We only share information with:

  • Commissioning Organisations: Returning clinical advice logs to the client for their permanent patient records.

  • Regulators: Providing evidence to the CQC or ICO when legally required.

  • Secure Processors: Our UK-based infrastructure partners (AWS/Google Cloud) who are bound by strict Data Processing Agreements.

4. Security Standards

We operate a 'Security by Design' approach to protect your information:

  • Encryption: All data is encrypted at rest and in transit.

  • Cyber Essentials Plus: We are working towards certified cybersecurity standards.

  • Access Control: Data is restricted to authorised advanced clinicians via Multi-Factor Authentication (MFA).

  • Paperless Operations: All clinical data is handled within secure, encrypted digital environments.

5. Data Retention

We retain data only as long as required for clinical safety and legal defensibility:

  • Clinical Advice Logs: One year (prior to master record integration).

  • Investigation Records: Ten years (to support long-term governance and safety history).

  • Business Records: Six years (statutory limitation period).

6. Your Rights

Under UK law, you have the right to access, correct, or request the deletion of your data. You may also object to or restrict certain processing.

To exercise these rights, please contact our Governance Lead at info@lynasclinical.co.uk.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

7. Contact Information

Governance Lead Lynas Clinical Safety Limited

Unit 42, Gerrard’s Park, St. Helens, WA10 1FZ

ICO Registration: ZB840872