Privacy Policy

Introduction

This privacy notice explains how Proton International London Limited (PIL) collects, manages, and uses your personal data.

 

 ‘Personal data’ means any information relating to an identified or identifiable natural person (the data subject).

 

This privacy notice adheres to the UK General Data Protection Regulation (UK GDPR) principle of transparency. This means it gives information about:

 

  • how and why your data will be used.
  • what your rights are under the UK GDPR.
  • how to contact the company in relation to questions, concerns or exercising your rights regarding the use of your personal data.

Where the term ‘we’ or ‘us’ is used, this relates to PIL. Our nominated representative, for the purpose of data protection legislation, is our PBT Service Lead Manager whose contact details can be found at the end of this notice.

About Us

Proton International London Limited is a company registered in England and Wales (company number 10492378). We provide proton beam therapy (PBT) services, under a contractual arrangement with The University College London Hospitals NHS Foundation Trust (UCLH).

 

To provide this service, PIL will process your personal data in line with data protection legislation as follows:

 

  • we will process personal data lawfully and fairly and in a transparent manner.
  • we will ensure this privacy notice is available to you in an accessible format.
  • we will only process personal data as described in this privacy notice.
  • personal data that we collect will be adequate, relevant, and not excessive in relation to the purpose for which it is being processed.
  • we will ensure information processed is accurate, and kept up to date where possible.
  • we will ensure that your personal data is kept in a form that allows us to identify you for our purposes but is not kept in an identifiable format for longer than necessary.
  • where we need to keep your identifiable data longer, we will ensure that the appropriate technical and organisational measures are applied to protect the confidentiality of the information i.e., anonymisation.
  • we will ensure that the processing of your personal data is carried out securely and confidentially.

How are we processing your personal data and what is the legal basis?

We process your personal information for the following purposes:

 

  • enquiries: when you contact us, we will only collect personal data that is necessary to enable us to respond to your enquiry. The types of information we will routinely collect include your name, address, contact details, and health information such as diagnosis, current health condition, and information on current treatments. If you provide personal information about another individual, we will process this information on the condition that you have informed the individual of this privacy notice.
  • consultation: to enable a consultation, we may obtain copies of your medical records. This may include your records pertaining to your medical history, diagnosis, and conditions. We may also request and receive scans and images from other health care providers. Failure to provide this information may affect our ability to provide you with our services. The sources of this information may include, but is not limited to:
  • your GP
  • clinicians, including Medical Secretaries.
  • hospitals and healthcare provider establishments
  • agencies
  • embassies
  • Insurance Providers

Consultations may also be recorded for transcribing purposes, this may include recording in person, or recording via applications such as [e.g., Microsoft teams or dictation software].

Further processing for the delivery of treatment

Following consultation, if a referral for PBT is made, your personal data will be sent to the clinical team at UCLH who will perform the full clinical pathway under contractual arrangements.  This includes the physical environment, equipment and the clinical staff who will deliver this service to you.

 

To understand how your personal data will be processed by the UCLH (which includes the use of CCTV when you attend the location in person) please refer to the privacy notice available at:

 

Cookies & privacy : University College London Hospitals NHS Foundation Trust (uclh.nhs.uk) This privacy notice and the UCLH privacy notice should be read consecutively to understand how your data is processed throughout your treatment pathway, including the storage and use of your personal information.

The legal basis

To process your personal data for the purposes described above, we will rely on the following legal basis:

 

  • personal data: Article 6 of the UK GDPR; processing is necessary for a contract you have with the individual, or because you have asked to take specific steps before entering into a contract.
  • special category data: Article 9 (h) of the UK GDPR; Health or social care (with a basis in law), and Schedule 1 of the Data Protection Act 2018 (2)(d); the provision of health care treatment.

How we communicate with you

We may communicate with you by letter, telephone, email, text, or SMS. We will ask you which method of communication you prefer.  It is important that you provide us with accurate information so that we can ensure the information we relay to you is done so in a confidential manner.

 

Where you request to receive all your information by email, we may not be able to guarantee the security of information sent over the internet but will discuss with you the options for password protecting and encryption of confidential health information that are sent by email.

Who do we share your data with?

Your personal data will be conditionally shared with:

 

  • insurers (for claims purposes).
  • consultants acting under Practising Privileges.
  • The University College London Hospitals NHS Foundation Trust as described in this notice.

Personal data will not be shared outside of the UK.

How do we keep your data secure?

We take a robust approach to protecting your information with secure electronic and physical storage areas for data with controlled access. Access to your personal data is strictly controlled on a need-to-know basis and data is stored and transmitted securely using methods such as encryption and access controls for physical records where appropriate. By default, staff are only granted access to the information they require to perform their duties.

How long do we keep your data for?

Under data protection legislation personal data must only be processed for as long as it is necessary and not kept for an excessive period. For further information relating to PIL data retention schedule please refer to the ‘contact us’ section below.

Your rights and how to exercise them

Under Data Protection Legislation, you have the following rights:

 

  • the right to be informed: you have the right to be informed of how we process your personal data. We inform you of how we process your data through the provision of this privacy notice.
  • the right to access your personal data: you may contact us to request details of the type of processing we carry out on your personal data and a copy of the personal information which we hold about you. This is known as a Subject Access Request and must be submitted in writing to the PBT Service Lead Manager at the address shown below.
  • the right to rectification if the information is inaccurate or incomplete:  you have the right to have incorrect personal information amended or completed if it is incomplete.
  • the right to restrict processing and/or erasure of your personal data: you have the right to request that we delete the personal information we hold about you, subject to any relevant exemptions.
  • the right to data portability: where we are processing personal data purely in electronic format, there may be circumstances where you can request to have your data transferred (if technically possible) to another individual or organisation of your choice in an electronic format.
  • the right to object to processing: you have the right to object to the processing of your personal data in certain circumstances:

You also have the following rights regarding the type of processing activity that may take place:

 

  • direct marketing: you can ask us to stop processing your personal data for direct marketing at any time. When we receive an objection to processing for direct marketing, we must stop processing your data for this purpose.
  • legitimate interests: you have the right to object to us processing your personal data for our legitimate interests (i.e., our business reasons) however you must give specific reasons to why you are objecting. We may not be able to meet your request depending on the reasons stated.
  • the right to withdraw consent: where we rely on the Consent Basis or the Explicit Consent Basis to process your personal data you have the right to withdraw your consent to the processing at any time. Any withdrawal of consent will not affect the lawfulness of any processing which has already taken place before the consent was withdrawn.

Automated Decision Making

We do not use automated decision-making tools or profiling when you provide us with personal information.

Contact us

We will always respond to concerns or queries you may have. If you wish to exercise your rights or have any other general data protection queries, please contact Laura Geer at lgeer@protonintl.com or address your query to:

 

Proton International London

 

Level B4

 

 1Grafton Way

 

London

 

WC1E 6DX

How to complain

If you believe that your information has been unfairly or unlawfully used, you have the right to contact the Information Commissioner’s Office at the address below:

 

Information

 

Commissioner’s Office

 

Wycliffe House

 

Water Lane

 

Wilmslow

 

Cheshire

 

SK9 5AF

 

Tel: 0303 123 1113 (local rate) or 01625 545 745

 

Make a complaint | ICO

 

This privacy notice was created on 11/10/2022