Privacy Policy

Overview

UK NEQAS Cardiac Markers is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified – either by using this website or by other means, we aim to respect any personal data, keep it safe and only use it in accordance with this privacy statement.

The provision of your personal data to us is voluntary. However, without providing us with your personal data, you will be unable to (as appropriate) register for participation in our External Quality Assessment (EQA) Programme or make a general enquiry we can respond to.

UK NEQAS Cardiac Markers may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from Friday, July 20, 2018.

  1. We collect information about you:

(1) When you give it to us DIRECTLY

You may give us your personal data in order to register for an EQA Programme or provide general participant feedback.

(2) When you give it to us INDIRECTLY

Your information may be shared with us by other UK NEQAS centers (when managing your unique UK NEQAS Laboratory Identifier Code).

(3) When you give permission to OTHER ORGANISATIONS to share it or it is AVAILABLE PUBLICLY

We may combine information you provide to us with information available from external publicly available sources.

  1. What information do we collect?

We may collect, store and use the following kinds of personal data:

We will typically hold your name and contact details, including physical address, telephone number and email address.

Do we process sensitive personal data?

Applicable law recognises certain categories of personal data as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions.

 We DO NOT collect this type of personal data.

  1. How and why will we use your personal data?

Personal data, however provided to us, will be used for the purposes specified in this Policy, in relevant parts of the website and generally at the point of collection.

We may use your personal data to:

  • Enable you to register as a participant in our EQA Programmes;
  • Maintain participation details and various statistical processing configuration parameters [for said EQA Programmes];
  • Send you EQA specimens;
  • Enable us to contact you with respect to the publication of EQA Reports;
  • Provide you with the services, products or information you have signed up to/requested;
  • Deal with enquiries and complaints made by or about you relating to the website, the delivery of our service or us in general;
  • Provide you with quotations for EQA Programme subscriptions;
  • Audit and/or administer our accounts
  1. Data Controller

UK NEQAS Cardiac Markers is the Data Controller for all other data obtained via this website or by other means unless otherwise explicitly stated. We may be contacted via email at info@ukneqas-cm.org.uk. Further information on how to contact UK NEQAS Cardiac Markers may be found on the contact us page of our website.

  1. Lawful basis for processing

We are required to have one or more lawful grounds to process your personal information. Only 2 of these are relevant to us:

  • Personal data is processed on the basis of a contractual relationship
  • Personal data is processed on the basis of legitimate interests

 (1) Contractual relationships

Where a [new or existing] EQA Programme participant requires a UK NEQAS Laboratory Identifier Code; as part of the process to allocate that code – we may store the participant’s personal data within a secure, proprietary computer system along with their newly allocated code so that the same code may be used when/if registering for EQA Programmes conducted by any of the centres that are affiliated with UK NEQAS.

Additionally, where appropriate – we are obliged to share information with National Quality Assurance Advisory Panels (NQAAP) regarding consistently poor performing EQA Programme participant laboratories or when requested by any other regulatory authority.

The lawful basis for processing your personal data under these circumstances would be that of a contractual relationship.

(1) Legitimate interests

Applicable law allows personal data to be collected and used if it is reasonably necessary for our legitimate activities (provided its use is fair, balanced and does not unduly impact individuals’ rights).

We will rely on this lawful basis to process your personal data when it is not practical or appropriate to ask for consent.

Achieving our purposes

These include (but are not limited to) our overall aim of delivering confidence in laboratory results through the expert delivery of proficiency testing services.

Governance

  • Internal and external audit to maintain UKAS Accreditation to ISO/IEC 17043:2010
  • Where appropriate, report consistently poor performing EQA Programme participants to NQAAP

Continuous Improvement

  • Soliciting general participant feedback
  • Liaising with equipment manufacturers to monitor performance
  • Service delivery and strategic product development
  • Automating processes to cut waste, reduce errors and drive improvements

Operational Management

  • Employee training and development
  • Health & Safety and Waste Management
  • Physical security, IT and network security

Administrative purposes

  • Responding to enquiries
  • Communications designed to administer, coordinate and execute existing services
  • Delivery of requested EQA Programme information

Financial Management and control

  • Providing fast and accurate service subscription quotations
  • Processing financial transactions and maintaining financial controls
  • Prevention of fraud and misuse of services

When we use your personal data, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal data in ways that are not unduly intrusive or unfair in other ways.

  1. Children’s data

We do not knowingly process data of any person under the age of 16.

  1. Security and access to your personal data

We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure of or access to your personal data.

Your information is accessible only by appropriately trained staff.

Please note that some countries outside of the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. We do not transfer and/or store personal data collected from you to and/or at a destination outside the UK.

Otherwise than as set out in this Privacy Policy, we will only ever share your data with your informed consent.

  1. Your rights

Where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time. You also have the following rights:

(1) Right to be informed – you have the right to be told how your personal data will be used. This Policy and other policy statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.

(2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply.

(3) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you rather than delete it.

(4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.

(5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.

(6) Right to data portability – to the extent required by the General Data Protection Regulations (GDPR) where we are processing your personal data (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.

To exercise these rights, please send a description of the personal data in question using the contact details in section 4 above. Where we consider that the information with which you have provided us does not enable us to identify the personal data in question, we reserve the right to ask for (i) personal identification and/or (ii) further information.

Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult Information Commissioner’s Office (ICO) guidance – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ – or please contact us using the details in section 4.

In addition, you are also entitled to make a complaint about us or the way we have processed your data to the ICO. For further information on how to exercise this right, please see the guidance at https://ico.org.uk/for-the-public/personal-information/. The contact details of the ICO can be found at https://ico.org.uk/global-contact-us/.

  1. Data retention

Requests to remove data will be acted upon within the agreed timescale but deleted document archives will be retained for 5 years.

  1. Policy amendments

We keep this Privacy Policy under regular review and reserve the right to update it from time-to-time by publishing an updated version on our website, not least because of changes in applicable law. Our recommendation is that you occasionally refer to this Privacy Policy to maintain awareness and to ensure you’re satisfied with it. We may also notify you of changes to our privacy policy by email.

  1. How we use cookies

Cookies are not used on this site.

  1. Third party websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

  1. Updating information

You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at info@ukneqas-cm.org.uk .

UK NEQAS Cardiac Markers Document Reference: SD-043 version 2