At Innersight our mission is to provide an accessible and reliable surgery planning service to all hospitals. We are passionate about high-quality and convenient surgery planning tools. We are also passionate about privacy. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), and to be true leaders when it comes to healthcare, security and privacy.
This policy explains how we use your personal data from the point of view of patients and clinicians. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time but the latest version will always be available here. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
This policy explains how we use your personal data for our healthcare services and products, including, amongst others, our surgery planning software (Innersight3D).
This policy covers:
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer at firstname.lastname@example.org.
Our surgery planning services are delivered by Innersight Labs Limited (UK company number 09586858) and this service is called Innersight3D. When this policy talks about ‘Innersight’, ‘us’ or ‘we’, it means Innersight Labs Limited. We provide tertiary care services commissioned by public and private hospitals. For clinicians, we are the data controllers of your personal data which you provide to us in connection with using our healthcare services. For patients, we are the data processors of your personal data which your healthcare provider shares with us, under strict usage conditions, to allow us provide enhanced surgery planning tools to your surgeon and the theatre staff.
We use the following categories of personal data:
When your healthcare provider commissions us to assist with planning your operation, an anonymised copy of your surgery planning medical scan is shared with Innersight alongside your unique hospital number. This hospital number is not related to the state of your clinical health and is thus not patient confidential data. However, it is patient identifiable data and is thus treated with the utmost of care, security and protection. This number is required to allow your clinician correctly and uniquely identify your case.
When you register with us, you complete forms and provide us with basic information about yourself, such as your name, email address and telephone number (optional). You are responsible for the accuracy of the information that you provide to us. To monitor our service quality, we may retain records of when you contact our support teams via email. Please refer to the ‘Retention Periods’ section of this policy.
None for patients or clinicians.
When you use our our website, we may automatically collect the following information where this is permitted by your device or browser settings:
We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services. You can prevent the setting of cookies by adjusting the settings on your browser or your mobile phone.
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
We will, where necessary for your treatment or care, share your information with your other health and social care providers if explicitly approved by your clinician. For example, your surgeon may wish to get a second opinion from an expert outside of your healthcare provider organisation. Such a request from your surgeon must be made in writing either by letter or email.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
Except as described above, we will never share your personal information with any other party without your consent.
We retain your medical records in accordance with national best practice guidance – in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records that do not identify you for legitimate business purposes such as managing or planning our business, or records for other periods as required by law or regulation.
We do not store your personal health data on your mobile device. We store all your personal data on secure servers.
Where you have chosen a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
We do not store any credit or debit card information.
Your data is processed and stored in servers within the UK in accordance with data protection law and subject to strict safeguards. We work with third parties who help deliver our services to you and we select those servers to be located within the UK. For further information on the safeguards we take to keep your data within the UK, contact email@example.com.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by contacting us.
You also have specific rights under the GDPR and DPA to:
You may also contact the Information Commissioner’s Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate).