01661 598 234
XILIUM LTD PRIVACY STATEMENT
WHAT YOU CAN EXPECT TO SEE FROM READING THIS PRIVACY POLICY
Xilium Ltd provides administration and account support for medical consultants. We strive to provide an excellent, efficient and confidential service for our clients.
We respect the privacy of every individual who visits us via all platforms. This Privacy Policy explains how we use personal data received and informs you of your data protection rights.
We will also help you to know when there is new information available in this Policy. We will tell you when this Privacy Policy was last updated, so you can take time to read it if it has changed since your last visit. Privacy Policy Last Updated: 24th May 2018
By accepting this Privacy Policy, you agree that you understand and accept the use of your personal information as set out in this policy. If you do not agree with the terms of this Privacy Policy, please do not use the services provided by Xilium Ltd.
DATA PROTECTION – WHAT YOU SHOULD KNOW WHEN USING OUR SERVICES
Who We Are: When we refer to ‘Xilium Ltd’, ‘Xilium Ltd we’ ‘our’ or ‘us’ in this Privacy Policy, we refer to: Xilium Ltd incorporated in England and Wales (company number 11137976). Registered office address: Dobson House, Regent Centre, Gosforth NE3 3PF.
Contacting us: If you want to find out more about the Xilium Ltd, please contact us at info@xilium.co.uk
What this Privacy Policy covers: This Privacy Policy covers all services provided by Xilium Ltd via all platforms (via email, post or telephone and our website).
How we are regulated: For UK data protection legislation purposes, Xilium Ltd is registered with the Information Commissioner’s Office under registration number ZA319710.
Protecting Your Personal Data: Your Personal Data isn’t just protected by the quality, commitment and high standards of Xilium Ltd, it’s also protected by law. The law states that Xilium Ltd can only process your Personal Data when there is a genuine reason to do so and it must be one of the following:
• To fulfil any contract that we have with you
• We have a legal obligation
• Where you have consented to the processing
• When it is in our legitimate interest
• When it is in the public interest
• When it is in your vital interests
Legitimate Interests: When Xilium Ltd have a business or commercial reason to process your Personal Data this is referred to as a legitimate interest. Your Personal Data is still protected and Xilium Ltd must not process it in a way that would be unfair to you or your interests.
If Xilium Ltd do use legitimate interests as a reason to process your Personal Data Xilium Ltd will tell you that we are doing so, what the legitimate interests are and provide you with a method to raise any questions or objections you may have. However, compelling grounds for processing such information may over-ride your right to object.
The main ways we collect information from our services: When you visit, or use and interact with any of our services via all platforms (through a consultant at clinic or hospital, via email, post or telephone and our website)
Information may also be received from other sources for example, your: GP, Optometrist or NHS or private hospital
How we receive information you provide to us in your use of our services, for example;
· when you complete forms in clinic and/or hospital
· when you contact us via phone or email
· complete patient satisfaction surveys
· contact us through our website
The information we collect to provide you with services; Name, address, date of birth, telephone and email, GP and/or Optometrist details, diagnostic and/or surgical records, insurance and/or payment details.
Why we process your Personal Data: We use personal data to manage and deliver our services, to understand, audit and improve our services and to receive payments for our services and those of the consultants we work for. We provide administration and accounts services to you. We create and manage patient records (including financial). We respond to complaints and comply with any laws and regulations that apply to Xilium Ltd. We are justified by your consent, our legitimate interest and our legal obligations. Our legitimate interests are for maintaining our records, being efficient and about fulfilling our legal duties and obligations whilst complying with the laws and regulations that apply to us.
We may share your personal data with: Third parties who need to handle it so we can provide to you the services you have consented to or requested, for example;
to provide surgical procedures,
to liaise with private insurance companies,
to liaise with Hospitals, GPs or Optometrists
If we are under a duty to disclose or share your personal data to comply with any legal or regulatory obligation or requests, or to enforce these terms or to investigate actual or suspected breaches.
We have safeguards in place with our service providers to ensure that your data is kept securely and used in accordance with the purposes set out in this Privacy Policy.
Data Transfer Outside the EEA: We will only transfer your Personal Data outside of the EEA where:
• You have given your explicit consent, or
• It is necessary for us to set up or fulfil a contract you have entered into with us; or
• To comply with a legal duty or obligation
If we do transfer your Personal Data outside of the EEA, we will take measures to ensure it is protected to the same standards as it would be within the EEA by relying on one of the following:
• The country that is receiving your Personal Data has been found by the European Commission to offer the same level of protection as the EEA. More information can be found on the European Commission Justice website.
• We will use contracts that require the recipient to protect your Personal Data to the same standards as it would be within the EEA
• Where the transfer is to the USA and the recipient is registered with Privacy Shield. Privacy Shield is a framework that ensures Personal Data is protected to a level approved by the EU. Read more about Privacy Shield on the European Commission Justice website.
How long we keep your Personal Data: Whenever your data is kept by Xilium Ltd we will ensure that it is appropriately protected and only used for acceptable purposes.
Xilium Ltd will keep your data for the period that you are a customer of Xilium Ltd.
If you are no longer a customer of Xilium Ltd we will keep your data for the minimum length of time required to comply with the purposes set out in this policy and relevant legal or regulatory obligations. Your Personal Data may be kept longer if we cannot delete it for technical reasons.
Patient records will be kept for the period required under relevant legislation.
Records will be destroyed by secure shredding to render them illegible. Where computer records are used all data will be backed-up regularly and records will be secured by password entry and restricted access requirements.
Your rights over your Personal Data: Xilium Ltd will assist you if you choose to exercise any of your rights over your Personal Data, including:
• Access to your Personal Data that we hold or process
• Correction of any Personal Data that is incorrect or out of date
• Erasure of any Personal Data that we process
• Restrict processing of your Personal Data in certain circumstances
• Lodging a complaint with any relevant Data Protection Authority
• Asking us to provide you or another company you nominate with certain aspects of your Personal Data, often referred to as ‘the right to portability’
• The ability to object to any processing data where we are doing it for our legitimate interests
For more information on these rights you can contact Penny@Xilium.co.uk
Suppliers: Xilium Ltd require a small amount of information from our suppliers to ensure that services remain efficient. Xilium Ltd require relevant contact details to communicate. Xilium Ltd also require other information such as your bank details to pay for the services provided (if this is part of the contractual arrangements between us).
Staff: Xilium Ltd are required to collect and maintain information for all our staff to ensure that Xilium Ltd remains compliant with all legal and regulatory obligations (this forms part of the contractual arrangements between us).
Keeping your information secure: We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.