SPECIALISTINFO PRIVACY NOTICE

This Privacy Notice is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and guidance issued by the Information Commissioner's Office (ICO).

Name of Organisation:
Healthcare Knowledge Ltd, trading as SpecialistInfo.

Data Protection Officer (DPO):
Healthcare Knowledge Ltd is not required to appoint a Data Protection Officer under Article 37 of the UK GDPR as we:
• are not a public authority;
• do not carry out large-scale systematic monitoring of individuals; and
• do not carry out large-scale processing of special category data.
Responsibility for data protection compliance sits with senior management. Any privacy-related enquiries can be directed to us via our contact details.

Categories of Personal Data:
REGISTRANTS
We collect and process the following personal data for registered users:
• Name
• Organisation (where applicable)
• Occupation (self-selected from a list of professional categories)
• Email address
• Account password
Passwords are stored securely using appropriate technical safeguards.

DOCTORS LISTED IN THE DIRECTORY
For doctors included in the directory we may process:
• Name
• Qualification details
• Specialty
• Special interests
• Professional contact details
This information is either provided directly by the doctor concerned, their secretary or sourced from publicly available professional information.

CUSTOMERS
For customers we retain only the minimum personal data required for accounting, contractual and service delivery purposes. We do not intentionally collect or retain special category personal data.

Purpose of Processing:
We process personal data for the following purposes:
• To enable registrants to access a directory of doctors’ professional contact details and areas of expertise.
• To provide doctors with a platform through which their professional contact details and expertise can be made available to relevant healthcare, legal, insurance and research organisations.
• To administer accounts, manage subscriptions and provide customer support.
• To communicate relevant updates and information about our services.

Lawful Basis for Processing:
Processing is carried out on the basis of Legitimate Interests under Article 6(1)(f) UK GDPR. Our legitimate interests include:
• providing a professional directory service connecting healthcare professionals and organisations;
• enabling registrants to identify appropriate medical expertise; and
• promoting relevant services and educational opportunities within the healthcare sector.
A Legitimate Interests Assessment (LIA) has been conducted to ensure that these interests do not override the rights and freedoms of individuals.

Direct Marketing:
We may occasionally send registrants information about services, updates, or events that may be relevant to their professional interests. Such communications are limited, relevant to the healthcare sector, and recipients may opt out of receiving marketing communications at any time. Doctors who have indicated that they undertake medico-legal work may also receive information about medico-legal training courses organised by us. Third-party organisations that access information through the directory may undertake their own direct marketing activities. These organisations are responsible for ensuring their own compliance with applicable data protection and electronic communications regulations.

Recipients of the Data:
Doctors’ professional data included in the directory may be accessed by registered users and healthcare-related organisations. Registrant account information and customer accounting information are used internally and are not disclosed externally except where required for service provision or legal obligations.

International Access and Data Transfers:
The directory may be accessed by users in different jurisdictions. However, our systems and servers are located within the United Kingdom. Where personal data is accessed from outside the UK, we take reasonable steps to ensure that such access occurs in accordance with applicable data protection laws and appropriate safeguards.

Data Retention:
Personal data is retained only for as long as necessary for the purposes for which it was collected.
• Registrant data is retained while an account remains active.
• Inactive accounts may be removed after a reasonable period.
• Professional directory information relating to doctors may be retained for the duration of their professional listing and periodically reviewed for accuracy.
Where information is no longer required, it will be securely deleted or anonymised.

Data Accuracy:
Doctors listed in the directory are periodically invited to review and update the information held about them to ensure that it remains accurate and up to date.

Individual Rights:
Under UK GDPR, individuals have the right to:
• request access to their personal data
• request correction of inaccurate data
• request erasure of their personal data where appropriate
• object to processing based on legitimate interests
• request restriction of processing in certain circumstances
Registrants may request deletion of their account at any time and such requests will be actioned promptly. Requests can be made by contacting us directly.

Right to Complain:
If you have concerns about how we process personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

Automated Decision-Making:
Healthcare Knowledge Ltd does not carry out automated decision-making or profiling.