Linkedin
Contact Us
Contact Us

Privacy Policy

Who We Are

Riccarton Medical Services Ltd is a registered company in the United Kingdom. Throughout the document should we use the terms “we”, “us”, “our”, “Riccarton Medical Services” and “RMSL” this will refer to Riccarton Medical Services Ltd. By “you” and its variations, we mean “you” the reader and user of our products/services. Our website address is: https://rmsl.co

“Riccarton Medical Services’s Spaces” will refer to all customer facing areas which Riccarton Medical Services has a claim to. This means the website and all RMSL Social accounts. “Spaces” in general will refer to all types of customer facing areas.

About Privacy

We handle various different types of data, and handle it proportionately to it’s sensitivity. For this reason, this privacy policy is split into your privacy as a website user, your privacy as a user of any of our other spaces, your privacy as a client, and your privacy as a patient. We are not responsible for data collected by 3rd parties in facets unrelated to us, for example LinkedIn. Especially since we are a medical organisation, your privacy and confidentiality is a top priority. All data is handled in compliance with GDPR regulations. Our Data Protection Officer (DPO) is our director and physician Dr Victor R. F. De Lima. Please note, all staff that work for us have signed a Non-Disclosure Agreement (NDA) which ensures contractually that they will treat your data with the upmost confidentiality.

Your Privacy as a Website User

Comments Spam Detection

Visitor comments may be checked through an automated spam detection service. When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Please review our Cookies Policy for information on cookies we use and for changing of preferences.

Contact Forms

When using our contact forms, your data is stored on our secure server. The data is then accessible by website administrators, customer service agents and our clinical team. If you must inform us of information which requires greater levels of confidentiality, please contact us and request a clinicians direct email. Data from our contact forms can then be emailed to individuals within our team who are best able to handle your queries or outwith our team where such a request is made in the contact form or in prior correspondence. This can involve the data being transferred to other secure servers of 3rd parties.

Live Chat

Our live chat is operated by tawk.to, and the data which is collected there is encrypted with SHA-256. The data is stored on tawk.to servers but managed by rmsl. The data is only accessible to rmsl and agents working on behalf of rmsl. Please review the tawk.to privacy policy to be fully informed on how your data is handled.

Embedded content from other websites

This site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Your Privacy as a User of Our Other Spaces and Communication Lines.

Public Domain

The information you choose to reveal in the public domain is your responsibility, no matter how it relates to any of our spaces. This includes but is not limited to on social media or when you are in a publicly accessible location on our premises.

3rd Parties

Various 3rd parties may have rights to information you provide when accessing our spaces and communication lines. For example, LinkedIn may have a right to know your email address when you view our page from your account, or your mobile phone provider may have a right to know your minutes when you make a call to us. Read the relevant companies privacy policies before using their services in order to be informed of your rights, RMSL takes no responsibility for your actions or the actions of 3rd parties whether isolated or in relation to one another. We are tasked with the protection of data that you provide to us.

Social Media Contact

We do not regularly respond on social media. When you contact us privately on social media, should we become aware of the information, we will handle it on the platform. Since you will have the ability to erase private messages at your convenience, the data will be retained there for mutual reference to our interaction unless you remove the data yourself.

Reception Communication

Communicating with our reception team is an essential part of working with RMSL or receiving care from us. The two primary ways to do this are by phone or in person. In either instance the information provided will be taken by one of our reception staff who will action it as efficiently as possible. For longer queries this may involve note taking. All notes not added to your record for retention are shredded onsite. There may also be email correspondence which results from your interaction where necessary to provide your service. For brief correspondence we use an encrypted messaging system inside our CRM, this data is deleted every time the program is turned off.

Your Privacy as a Business Client

If you are a client, please consult your RMSL correspondent for information regarding privacy relating to clients.

Your Privacy as a Patient

Consent and Confidentiality

RMSL is bound by the same rules of confidentiality as all medical professionals. For the purposes of the collection, storage, retention and sharing of data, we are a data controller in our own right but also have a data sharing agreement with your company, which enables us and them to share information about you, including your absence record and reasons for absence. RMSL and your company hold this data about you for the legal reason of “Duty of Care” which should be detailed in your companies’ Privacy Notice.


Any information provided from your company to RMSL is with your agreement, as set out in your referral form.


Any information provided about you from the RMSL to your company will be with your written consent and is for the purpose of enabling your manager, and/or relevant departments, to undertake appropriate measures to assist your working potential, in relation to any health issues.

If you do not give your agreement you will not be referred; if you do not give your consent for RMSL to provide a report to your employer following our meeting with you, it will not be sent.

GP Communication

Any communication with your GP will be with your consent, additional to the consent you have given to be referred to RMSL. If a medical report on your condition is required from your GP (or hospital consultant), this will only be sought with your written consent, under the Access to Medical Reports Act, 1988.

All information remains confidential and bound by UK Data Protection Regulations. It will not be given to anyone without your informed consent, unless it is in the public interest, following a Court Order or required by law e.g. a Notifiable Disease.

Data Storage and Retention

Procedures

The main sets of occupational health clinical records collected by Riccarton Medical Services include:

  1. Pre-employment Health Questionnaires;
  2. Case notes referring to staff seen at Occupational Health consultations;
  3. Medical surveillance records.

Records are currently held in paper form while operational, and transferred to digital storage when no longer required for immediate access.

In respect of pre-employment health questionnaires and occupational health case notes:

  1. Paper records will be held in secure storage in locked cabinets in the University Health Centre Secretarial room.
  2. Once a month, the University’s Human Resources Department will pass to the Health Centre a list of staff who have left University employment for all reasons including retirement, resignation, death in service, etc. Case notes for these staff will be extracted from the extant records, scanned to the OH computer, and the paper records will then be stored alphabetically in the archive room. Computer records will be backed up on digital media.
  3. The scanned paper records will be held for a period of three years, and shredded thereafter, unless specific medical reasons exist for longer term storage.
  4. Medical surveillance records may have statutory periods of retention. Thus for example:
    1. Medical surveillance records of ionising radiation workers, or workers exposed to asbestos will be stored for a period of 40 years.
    2. HSE diving medical records will be stored for a period of 7 years, etc.

Again records will be crossed-checked against leaver’s lists, and those records of staff who have left will be retained digitally as above. Thereafter paper records will be stored and shredded at the end of the statutory periods.

Statutory compliance

  1. Data Protection Act – RMSL is registered under the Data Protection Act, and will comply with the provisions of this Act in terms of access, storage, confidentiality, etc.
  2. Access to Medical Reports Act – medical reports in respect of patients will always be obtained with signed consent, and within the provisions of this Act. Appendix one to this section is the consent slip authorising medical reports to be sought.
  3. Access to Health Records Act – patients will be entitled to copies of their occupational health records within the provisions of this Act. A fee may be charged for such copies within the limits laid down by the approved code of practice to this Act.

Internal Compliance Procedures

  1. RMS staff will be made aware of the strict requirement for confidentiality, which will be incorporated into their contracts of employment.
  2. Occupational Health clinical records will be kept in locked cabinets, and stored in locked rooms to which only RMSL staff will have keys for access.

Queries

Please direct all concerns and queries to the DPO Dr Victor R. F. De Lima through our email info@rmsl.co.

Where Work Meets Wellbeing.

Our Mission:

We aim to promote wellbeing at work by protecting the health of employees, creating appropriate workplace health programmes, and supporting a businesses' development of the optimum balance of health at work.

Search