St Luke’s Radiology Oxford Ltd is under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We are committed to protecting and respecting your privacy. The following information is to let you know how we look after and process your personal information including what you tell us about yourself and what we learn about you as a patient, a visitor to our website, a referring practitioner, a delegate or tutor on our courses or as a reader of our published information.
For the purposes of the General Data Protection Regulation (GDPR) (EU)2016/679 and any associated UK domestic laws the data controller is St Luke’s Radiology Oxford Ltd. Company No: 10663628
What kinds of personal information do we collect and how do we use it?
The following are the main reasons on which we base our processing.
- To fulfil a contractual agreement with you to provide services including education.
- When you give us consent to process your data for one more specific purpose, for example to send you marketing materials.
- Processing is necessary to protect the vital interests of the data subject or another person.
- Processing is necessary for the performance of tasks carried out in the public interest on the exercise of official authority vested in the controller.
- Processing is necessary for the purposes of legitimate interest pursued by the controller or third party, except where such interests are overridden by the interest, rights or freedoms of the data subject.
Where we are processing any special categories of personal information, i.e. information revealing racial or ethnic origin, political, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning sex life or sexual orientation we also need a further lawful reason upon which to base our processing. The following are the main reasons:
- Processing is necessary to protect the vital interests of the data subject to another individual where the data subject is physically or legally incapable of giving consent.
- Processing is necessary for the purposes of preventative or occupational medicine, for assessing the work capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with the health profession.
We will take care to ensure the privacy and integrity of the data that we hold on your behalf. All members of staff are trained in the management and security of personal data and are disclosure and barring service checked.
Personal data will be held in Information Systems protected by encryption and passwords.
Documents containing personal data will be held in a secure environment with a monitored burglar alarm.
Providers of information technology and imaging equipment are required to comply with the same standards of security and privacy.
- We will keep your medical data whilst we are treating or investigating you. You will be provided with a CD of your images which will be your permanent record. We will send you a copy of the report.
- We will keep data relating to medical negligence cases until the closure of the case.
- We will keep data relating to educational events or publications for a period of 3 years.
- We will keep personnel records for 6 years after you have left the company.
- We will keep job interview notes and associated paperwork for 6 months after a position has been filled.
Sending Data outside the European Economic Area (EEA)
We will only send your data outside of the EEA if:
- You request us to do
- We have to comply with a legal duty
If we do transfer your information to a third party outside the EEA, we will make sure it is protected in the same way as if it was being used in the EEA.
Under the GDPR you have several important rights, although they will not apply in all circumstances. In summary these include rights to:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of personal information concerning you in certain situations
- Object to processing of your personal data
- Request restriction of processing of your personal data
- Request transfer of your personal data to you or a third party
- Withdraw consent at any time where we are relying on consent to process your personal data
We may need to request specific information from you to help us to confirm your identity to ensure personal data is not disclosed to a person who has no right to receive it.
For further information on each of these rights, including the circumstances in which they apply please see the guidance from the UK information Commissioner’s Office (ICO) on individual’s rights under the GDPR https://ico.org.uk
How to contact us
If you would like to exercise any of your rights, please write, telephone or email us and we will respond within the applicable statutory timeframe.
St. Luke’s Radiology
Latimer Road Headington
Oxford, OX3 7PF
Information Commissioner’s Office
For information, advice or to make a complaint you can contact the ICO at https://ico.org.uk or telephone 0303 123113 or write to