Limb Expert / Mr Yaser Jabbar
ICO Reg: ZA649174
We take the privacy of the data we hold about you very seriously. The information here describes what we do with the personal information you provide us, how we keep it secure, and your rights in relation to that information.
To make things easier we have provided a summary here:
Your personal information (personally identifiable or sensitive data) is not shared outside the organisation without your consent in most circumstances, however information may be shared under another legal basis- for example to prevent a crime or harm to another person.
You have a number of rights over your personal information under the GDPR. These rights are set out in this statement.
Who We Are:
Mr. Yaser Jabbar is an orthopaedic surgeon who provides medical care for patients. He operates as a limited company under the trade name Reanimis. He also trades under the name LimbExpert. This privacy notice encompasses all contact with Mr. Yaser Jabbar and is not limited to any entity where personal confidential information is shared with Mr. Yaser Jabbar. Mr. Yaser Jabbar is the Data Controller and Processor for all patient related information provided to him as part of conducting and providing direct medical or medico-legal expertise.
The company has no further employees or board members but does interact with external companies to deliver services. The company is based in and governed by the legal framework in the United Kingdom.
You can contact our Data Protection Officer at: firstname.lastname@example.org
What information do we collect?
We collect name, address, DOB and further contact information for our patients. We also generate and hold patient records that contain sensitive personal data.
Other users and interactions
We may collect and hold your contact details, as provided by you. We do not routinely request personal confidential information outside of the need to provide medical care.
How do we use personal information?
Mr. Yaser Jabbar uses your data to provide the service described to ensure we deliver these services efficiently and securely. We may also use anonymous user data about you for statistical purposes to improve our services.
Who do we share information with?
As a necessary part of providing your medical or medico-legal care we share your data with, but are not limited to the sharing of data with, the entities described below:
Administrative companies providing secretarial support for the practice; or other practices that hold your personal sensitive information and you have asked them to share it with us. Consent is either by written agreement or by assumption that you are made aware a referral is being made from one practice to another.
Billing companies that provide support for the practice to ensure services are paid for correctly.
Hospitals/ Clinics and other Clinical or Legal entities who provide part or all of the care you require e.g. the hospital you will have your operation, the clinic where you may have further imaging or the solicitor’s firm handling your case.
Other doctors where we have agreed your further care depends on this.
In order to protect the identity of our colleague data processors, and as these entities can change over time, if you require specific details of the entity involved please contact the DPO at: email@example.com
What legal basis do we have for sharing your personal data?
Whenever we use or share your personal information we always do so using a legal basis. The different legal bases we rely on are:
Consent: You have told us you are happy for us to process your personal information for a specific purpose;
Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
Public information: Where we process personal information which you have already made public;
Legal obligation: We are required to process your personal information by law.
Where do we store and process personal data?
We store and house data we process on secure servers. We take all reasonable steps to ensure all data processors are GDPR and IS27001 compliant to ensure the absolute safety of your data.
How do we secure personal data?
We take protecting your personal information seriously and are continuously reviewing our processes. Controls we have in place are:
We limit physical access to our buildings and user access to our systems to only those that have a genuine need to be there;
We use technology controls for our information systems, such as firewalls, user verification, data encryption and separation of roles, systems & data;
We enforce a “need to know” policy, for access to any data or systems.
How long do we keep your personal data for?
We store your data according to the regulations set out by the ICO.
In short all medical data for children is kept up to their 26th Birthday and Adult care records are kept for 8 years if no surgery has taken place and 10 years if there is an operative record.
Your rights in relation to personal data:
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
the right to access a copy of the personal information we hold about you;
the right to correction of inaccurate personal information we hold about you;
the right to restrict our use of your personal information;
the right to be forgotten;
the right of data portability; and
the right to object to our use of your personal information.
The right to withdraw from automated decision-making or profiling.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact the data protection officer by e-mail at: firstname.lastname@example.org
Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect your personal information.
If you would like to complain about how we have dealt with your request please contact the Information Commissioner’s Office. www.ico.org.uk