Privacy Notice
Lymphoedema Specialist Services Ltd (LSS) is classified as a small company, with a single clinical practitioner (Jane Board), and two company directors who support Jane with the management of LSS, from a financial and I.T perspective.
Lymphoedema Specialist Services Ltd (LSS) views the security of clients` personal and sensitive data seriously. A client is regarded as a person accessing treatment from LSS. The company believes it has systems and processes in place that enhances the security of all clients` data in accordance with the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). LSS is registered with the Information Commissioner Office (ICO) who provide organisations` with guidance to uphold compliance.
This privacy notice provides an overview of how clients data is processed, stored and used by LSS. Data retrieved from clients is personal (recognises the individual) and sensitive because it contains information about their health.
Controller
Jane Board is the controller of all personal and sensitive data that is obtained from all clients. Information is collected and stored in paper or electronic format. Paper documentation is stored methodically in a filing cabinet in LSS`s registered office that is locked when not in use. Information stored electronically in an ICloud system.
Processor
Data is processed by the two other company directors (only) under the instruction of Jane Board:
1. Data security
The provision and maintenance of ICloud holding your information that is stored and secured through password protection, with nightly back up to a secure and ISO/IEC compliant server with compliance to the following ISO/IEC 27000 family of standards:
-
27001 - Information Security Management
-
27017 - Cloud Security
-
27018 - Cloud Privacy
Technology allows us to protect information with encryption and provides access to files 24 hour, 7 days a week to LSS`s Information Technology Company.
2. Finances
Password protected bookkeeping, invoicing and accounting systems are in place for the recording of all financial transactions.
How LSS uses your information
-
To help inform decisions that LSS makes about your care.
-
To ensure that your treatment is safe and effective
-
To review care provided to ensure it is of the highest standard possible
-
For purposes of audit
Data Retention
Unless required for other purposes (and consent would be obtained), a client`s data will be destroyed 6 months following discharge from LSS. Paper records are shredded, and all electronic entries are deleted from the laptop and server.
Data sharing
A client`s data will only be shared with a third party following their explicit, written consent. The rationale more likely than not for the benefit of the client concerned
Marketing
Clients data is never shared for the purposes of marketing.
Access
Clients have a right to access their information, and for amendments to their personal information
Your right to refuse
You have the right to refuse or withdraw consent to information holding by LSS at any time. LSS will explain the possible consequences to you, which could include delays in you receiving care.
Jane Board, MSc, RN, Director and Lymphoedema Consultant Nurse Practitioner
07.07.2020.