RAIQC Ltd Privacy Policy

 

  1. Introduction

    This website (www.raiqc.com) is operated by RAIQC Ltd (the “Company”, “RAIQC”, “we”, “us”), a company incorporated and registered in England and Wales with company number: 09863569 and its registered address at 1 & 3 Kings Meadow, Osney Mead, Oxford, United Kingdom, OX2 0DP.

    RAIQC is a web-based medical imaging platform that simulates real-life clinical practice to deliver training and assessment of medical image interpretation. The platform is also used for facilitating medical imaging related research studies. When a user accesses and uses the platform, RAIQC captures different types of data to improve and deliver the products and/or services it offers.

    At RAIQC, we are committed to respecting your privacy and protecting your personal data. Please read this Privacy Policy carefully as it explains:

    • How we handle your personal data when you visit and use our website (including when you sign up to our newsletter, use our products or services, or otherwise communicate with us); and
    • Your privacy rights and how you are protected by law.

    This website is not intended for children and we do not knowingly collect data relating to children. 

    Controller: RAIQC is the Data Controller and responsible for your personal data.

    Contact details: If at any point you want to contact us regarding your data or would like to exercise any of your privacy rights, please write to data@raiqc.com with the subject “Data Protection” and we will get back to you in a timely manner. Additionally, you can also express your rights as per the “Your Rights” section below, including the option to withdraw consent.

    Third-party links: This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

  2. Personal data we collect and how we collect it

    Any information about you, or an individual, from which that person can be identified is considered personal information or personal data. This, however, does not include anonymised data, which is data with all personal identifiable information removed.

    Please note that if you choose to not share your personal data with RAIQC, we might not be able to provide full access to RAIQC’s website or to products or services you have requested.

    We follow the principles of data minimisation, collecting only the minimum amount of data necessary for our operational purposes and to deliver the services to our users. The table below explains all the types of data we may collect from you:

    Type of Data Details How is this data collected?

    Identity Data

    - Name, username or similar identifier number

    - when you register to use the RAIQC tool.

    - If someone, such as your employer, has given us your details and has asked us to set up a RAIQC account on your behalf.

    - when you interact with us either directly or through social media, we may be given access to this information.

    Profile Data

    - password in encrypted format

    - organisation, job title

    - General Medical Council (GMC) number, country, region

    - when you register to use the RAIQC tool.

    - If someone, such as your employer, has given us your details and has asked us to set up a RAIQC account on your behalf.

    - when updating your user profile.

    Device Data

    - web browser, device type, IP address, time zone, Cookies, Log Files, Web beacons or similar tracking technologies (please see below more details on this)

    - when accessing and using our website (or third-party sites employing our Cookies or similar technologies).

    Usage Data

    - website preferences

    - usage of our website, products or services; this includes inputs, answers to questions, click points and other interactions that the RAIQC product or service requires

    - feedback you provide to us either directly or through surveys

    - when accessing and using our website.

    - when you give us feedback or when you fill out surveys we have asked you to via e-mail or through our website, or interact with us by any other means.

    Marketing Data

    - your preferences in receiving marketing from us and our third parties and your communication preferences (e.g. whether we can contact you with promotions, news, etc. by e-mail)

    - when registering to use the RAIQC tool if you opt into marketing & communications.

    - when updating your profile.

    Contact Details

    - e-mail address and phone number(s)

    - when purchasing a product and/or service from RAIQC.

    - when updating you user profile.

    - when you interact with us either directly or through social media, we may be given access to this information.

    Transaction Data

    - products and/or services you purchased from RAIQC

    - when purchasing products and services from RAIQC (such data is typically provided to us by Stripe – stripe.com, which is our third-party payment processor for individual subscribers).

    Billing Data

    - billing address for from corporate subscribers to whom we issue invoices

    - when purchasing products and services from RAIQC (please note: if you are an individual subscriber, we use third party payment systems currently Stripe - stripe.com) to take payments from you and we will not store, nor do we have access to any of your payment information (i.e. card details) ourselves.

    Additionally, we may collect video, images, testimonials, comments or any other form of written or spoken contribution if you decide to participate in any of RAIQC’s webinars or conferences through our website or other third-party providers. We will request your consent before using any such contribution containing personal data about you in our marketing and/or sales materials.

    We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific site feature. Aggregated Data may be used for our internal purposes (e.g to improve our services and users’ experience) or shared with corporate subscribers that purchase user licences from us for their business purposes (e.g to provide training to their employees and evaluate their performance throughout use of the services). If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

    For the avoidance of doubt, we do not collect any information that is classed as “Special Categories of Personal Data”. This includes details of ethnicity or race, sexual orientation or sex life, religious or philosophical beliefs, political opinions, or any other information about your health, genetic or biometric data.

  3. How and why does RAIQC use personal data (lawful basis for processing)?

    We use personal data listed at “2. Personal Data we collect and how we collect it” to:

    • Grant you access to our website and the products/ services available therein (in order to fulfil a contract we have entered into with you (or your organisation) (for example, if your organisation purchases user licences with us to enable you and other staff members to have access to our products and services);
    • Improve and optimise our website (for example, by generating analytics about how users browse and interact with the website, and to assess the success of our marketing and advertising campaigns);
    • Develop new products or services we can offer to you and our users;
    • Associate your name with completion certificates for modules you undertake;
    • Communicate with you;
    • When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services;
    • To keep our records updated to comply with legal or regulatory obligations (e.g. accounting and tax compliance); and
    • When necessary for network security and to prevent risks and fraud.
  4. Communications, marketing and advertising

    Depending on your preferences, we may e-mail you newsletters with existing or upcoming products and services, or remind you of products or services you may be interested in. Our aim is not to spam your inbox, and you can unsubscribe from these newsletters using the link in any of the previous marketing emails you have received from us, or by changing this setting in your User Profile page.

    Please note we may send you emails:

    • When there is a change to one or more products or services you have already purchased and/or subscribed to, such as an approaching expiry date. These emails are not sent for marketing purposes, but rather to keep you informed of updates in relation to products or services you have purchased and/or subscribed to.
    • When we change our Terms & Conditions and Privacy Policy so you are aware of any updates.
  5. Device Data & Cookies

    At point 2. "Personal data we collect and how we collect it" above, we mentioned Device Data. These may include:

    • “Log files” track actions occurring on our website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
    • “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse a website, in this case www.raiqc.com.
    • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

    Different cookies may be used every time a user visits our website. Generally, cookies:

    • Help the user navigate through the website (for example keeping users logged in or storing their basket for an order before its completion), remember username or other preferences the user may have set, or a personalised experience (e.g. font size, or webpage framing/zoom) that the user has set
    • Analyse the user’s experience while navigating the website and record details of any errors
    • Help to display content pertaining to the location and device the user is accessing the website from

    Third-party cookies

    We currently work with Stripe to process payments of individual subscribers. Stripe may use cookies when someone visits our website. Please visit Stripe’s Cookie Policy for more information.

    You can set your browser to disable parts of or all cookies. However, should you decide to do so, please note that our website may not work properly or even become inaccessible.

  6. Change of purpose

    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

  7. Sharing Personal Data

    We may share your personal data with the parties set out below for the purposes set out above. We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

    • Service providers who provide IT, system administration and payment processing services, including:
      • Google Workplace – we use Google Workplace for our general business operations and, if we communicate with you, your Personal Data may be saved in RAIQC’s Google Workplace contacts list
      • Mailchimp/Sender: we use Mailchimp/Sender for our communications, advertising and marketing campaigns for potential and/or current users and/or customers. Please remember you can always opt in or opt out (withdraw consent) of any sales and marketing communication
      • Amazon Web Services and Data Centre: which provide us with data storage services 
      • Stripe: we use Stripe to process payments from individual subscribers via www.raiqc.com
    • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
    • Regulators and other authorities who require reporting of processing activities in certain circumstances.
    • Your employer or supervisor for the specific project on the RAIQC platform you have been instructed to take part of. However, we will not share any of your data for other unconnected projects you have been part of or products or services you have accessed.
    • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy.
  8. Data Security and International Transfers

    We are committed to protecting your personal data and we handle data in line with best practices for encryption to minimise the risk of interception. All data, whether stored or in transit, is in fully encrypted format and we use Amazon Web Services located in Ireland for storing data in the cloud. The stored data is accessible only by specific RAIQC staff or service providers who have been specifically granted these permissions. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

    Please note that your information may be transferred outside of the UK, including to Europe, Canada and the United States.

    Whenever we transfer your personal data to outside of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
    • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK. 
    • Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
  9. Data Retention

    How long will you use my personal data for?

    We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

    To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

    By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes. In some circumstances you can ask us to delete your data. Please see the section below on your rights for further information.

    In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

    We continuously thin out personal data that is no longer necessary.

  10. Your legal rights

    Under certain circumstances, you have rights under data protection laws in relation to your Personal Data as set out below:

    1. Your right to be informed

      This means you have the right to be informed about how we collect and use personal data. We hope this Privacy Policy has provided all in the information needed, but if you would like more information, please write us an email at data@raiqc.com with the subject line “More information” and please state the specific query you have. 

    2. Your right to request access to your data

      At any time, you can ask us to provide you with a copy of all the data RAIQC holds about you, and we’ll supply a copy of your data. To request access to your data, please email us at data@raiqc.com with the subject line “Right to access data”. 

    3. Your right to rectification

      At any time, you can ask us to correct/change any data we hold about you. If you have a RAIQC account, most of the data can be edited by you in your User Profile page. However, if you prefer, you can write us an email at data@raiqc.com with the subject line “Correct my data” and please state the specific corrections you’d like to be made. 

    4. Your right to erasure

      You can exercise this right at any time to request RAIQC to delete your data. To request that RAIQC securely deletes your data, please email us at data@raiqc.com with the subject line “Delete my data” and we’ll remove all identifiable data we have about you. Please note that, in some cases, we may not be able to completely fulfil a request for data deletion (for example – to delete all logs and usage data). However, where applicable, we will ensure this data is anonymised with no possible connection to you, without being able to be retrieved.

    5. Your right to request restriction of processing your data

      At any time, you can request for RAIQC to limit the amount of processing it can do over your data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

      To request this restriction, please email us at data@raiqc.com with the subject line “Restrict Processing” and list, if possible, the limits you want to put over your data processing. We will endeavour to satisfy your request, but please note that some data may still require processing for us to be able to deliver services to you.

      • If you want us to establish the data's accuracy.
      • Where our use of the data is unlawful but you do not want us to erase it.
      • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
      • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
    6. Your right to data portability

      We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. To request for your data to be shared or transferred to another system, please email us at data@raiqc.com with the subject line “Share my data”. We will then work with you to see what parts of your data can be shared with the third-party system.

    7. Your right to object to the processing of your data 

      At any time, you can object to how RAIQC process your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. To request your data is not processed, please email us at data@raiqc.com with the subject line “Objecting to the processing of my data”. However, please note this can limit the access to the services and products we offer, and, in some instances, services or products may become unavailable.

    8. Your right to not be subjected to automated individualised decisions and profiling

      You have the right to not be subjected to any form of automatic decision without any human involvement. You also have the right to not be subjected to any form of profiling, which means the processing of your personal data to create an individual or group profile. Whilst RAIQC does use Usage Data to be able to offer other services/products to users, or to show user statistics based on aggregated data, RAIQC does not use any form of personal data to perform any automated individual decision or profiling of a user or group. If you have any concerns this is not the case, please email us at data@raiqc.com with the subject line “Automated decisions/Profiling”.

    Please remember you always have the right to withdraw consent, whether it is to the processing of your personal data or email marketing campaigns. For example, if you want to withdraw consent for marketing emails directly from the link in any of the previous marketing emails you have received from us. Alternatively, please email us at data@raiqc.com with the subject line “My Consent” and we will work with you to withdraw your consent as per your request. Please note that, if you withdraw consent to this Privacy Policy, in some instances access to the full RAIQC platform or to its products or services may become unavailable.

    Time limit to respond. Our aim is to respond to any request in up to a month (30 days). This would only be delayed if you have made multiple different requests or if a request is particularly complex in its nature.

    No fee usually required. We will not charge you any costs for reasonable requests; However, we may do so or reject your request if your request is clearly unfounded or unlawful.

    You also have the right to file a formal complaint with the Information Commissioner's Office (ICO), the UK’s authority for data protection issues:

    We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

  11. Changes to RAIQC’s Privacy Policy

    We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We will notify you of any major changes affecting your personal data.

  12. Contact Details

    If at any point you want to contact us regarding your data, or would like to exercise your privacy rights, please contact us at the below details and we will get back to you in a timely manner.

    RAIQC Ltd
    Address: 1&3 Kings Meadow, Osney Mead, Oxford, United Kingdom, OX2 0DP
    Email: data@raiqc.com .

    Thank you for reading the RAIQC Privacy Policy.