ISOSTOCK PRIVACY AND CONSENT STATEMENT (UK GDPR)

INTRODUCTION

We are dedicated to safeguarding your privacy and ensuring the security of your personal data. This Privacy and Consent Statement outlines our practices regarding the collection, use, and protection of your personal information in compliance with the General Data Protection Regulation (UK GDPR). We are committed to transparency and to giving you control over your personal information.

This statement refers specifically to the IsoStock service and is in addition to our general UK GDPR statement.

We provide this information to inform you about the data held within IsoStock and how we treat it.

All parties within our team are fully aware of the importance of data protection, privacy, and consent under the GDPR. The latest version of this statement is available to all at any time and may be updated periodically

SCOPE

This Privacy and Consent Statement applies to all personal data collected, processed, and stored by IsoStock through our website, mobile applications, and other services. It applies to users, including customers, potential customers, and business partners, and outlines our practices regarding data collection, usage, sharing, and protection to ensure UK GDPR compliance.

DEFINITIONS

  • Data - The Organisation's data stored within IsoStock.
  • End User - The data subject and/or people authorised by the Organisation to use IsoStock. The terms are used interchangeably.
  • UK GDPR - UK General Data Protection Reguation.
  • IsoStock - The cloud-based service and data storage system.
  • Organisation - The Organisation using the service or its representative, the Data Controller.
  • We / Us - IsoStock Service Provider - Gillett Limited, the Data Processor.
End users should read this statement in conjunction with the Organisation’s own data privacy policies.

PRIVACY INFORMATION

  • Personal information is collected and stored within IsoStock.
  • We do not share, sell, or use this information for tracking, profiling, or marketing.
  • We only process and report on data within IsoStock to provide the service requested by the Organisation.
  • Gillett Limited is the developer and service provider of IsoStock (Aizlewood's Mill, Nursery Street, Sheffield S3 8GG, UK).
  • Our service is cloud-based and hosted on the Microsoft Azure platform. Data is securely stored in the UK at ISO 27001-certified data centres.
  • Microsoft only provides the hosting platform and does not process or access the data. Neither Microsoft nor Gillett Limited has a commercial interest in the data.

DATA PROTECTION BY DESIGN

IsoStock incorporates multiple layers of data protection:

  • Neither user nor the Organisation has direct access to the underlying data - access is through IsoStock's functionality.
  • Access requires secure Microsoft accounts configured by the Organisation or by us on their behalf.
  • Passwords are required for access and are not stored by us.
  • Optional browser verification can restrict new device access.
  • Two-Factor Authentication (2FA) is enforced.

INFORMATION HELD WITHIN ISOSTOCK

IsoStock helps Organisations meet regulatory requirements related to record-keeping of radioactivity.

Information exchanged during usual communication (email, text, etc.) may be stored.

Personal data stored may include:

  • User names, email addresses, roles, Patient names and identifiers, Radionuclide administered, Investigative/therapeutic procedures (excluding clinical reason, results, or diagnosis), Login details, times, and IP addresses, Free-text notes (content uncontrolled)
Additional data types may be stored in the future as features evolve.

HOW THE DATA IS COLLECTED

  • The Organisation supplies initial data for system configuration.
  • Ongoing data is entered or amended by the Organisation and its end users.
  • We do not access or interact with data under normal circumstances.
We may access data only under specific conditions:

a) At the Organisation’s request (e.g. support, implementation)

b) To deliver improvements or added features

c) To maintain, debug, or update the system

d) If legally required

Access is not routine and must be explicitly enabled by the end-user for a fixed duration.

The Organisation is solely responsible for the accuracy of the data.

LEGAL BASIS AND CONSENT

  • The Organisation consents to storing data in IsoStock by choosing to use the service.
  • By entering data, the Organisation confirms it has the authority and consents to its storage.
  • We do not control or validate the data’s accuracy.
  • The Organisation's user security settings govern data access.
  • Consent and privacy concerns should be directed to the Organisation.
  • In the event of unresolved concerns, we will liaise with the Organisation and employee if legally required.

CHILDREN

IsoStock is not designed for use by individuals under 16 years of age. It is intended for use by working-age users within Organisations.

Data entered may refer to children, but IsoStock does not include any field to indicate a child's age.

DATA BREACH

If a data breach is discovered or reported:

  • We will investigate and coordinate with the Organisation to mitigate risk.
  • The Organisation may be required to notify affected individuals and/or report to the Information Commissioner's Office, depending on the risk level.

RETENTION OF DATA

  • Data remains accessible while the Organisation uses IsoStock.
  • Once use ceases, data will be retained in an inaccessible form for up to 2 years unless otherwise agreed.
  • Inaccessible data may persist as part of system backups.

USE OF COOKIES

IsoStock uses cookies and similar technologies strictly for delivering the service to authenticated users.

DATA PROCESSING ADDENDUM

This document should be read in conjunction with the IsoStock Data Processing Addendum (DPA).