Privacy policy & cookies | C A Stone Medical & Legal Ltd

Our privacy policy

The Director of CA Stone (Medical & Legal) Ltd, Mr Christopher Stone, is the nominated data controller. Data is processed for the purposes of medico-legal expert witness reporting. CA Stone (Medical & Legal) Ltd will only process your information where it is necessary to support the legitimate interests of our business or those with whom we may have shared your information except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data. Data shall only be shared with instructing solicitors and / or medico-legal agencies who are also GDPR-compliant.

Stored data shall include those details, including health records and images, necessary for the production of a medico-legal report. Data shall be stored in an encrypted format until a request for the data to be deleted has been received from the data subject or the instructing solicitor, or in accordance with Department of Health information retention schedules. Where possible all data shall be encrypted or otherwise anonymised at the time of electronic transfer. The data subject has the right to withdraw consent for storage of their personal information at any time or to lodge a complaint to the company or any relevant supervising authority.

CA Stone (Medical & Legal) Ltd will always respect your privacy and will only use your information for specified and lawful purposes as provided for under the General Data Protection Regulations (GDPR) 2018. We will use and handle your information responsibly and will take all appropriate organisational and technical measures to safeguard your information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

A copy of the company’s information security policy is available upon request.

The privacy notices are posted on the following websites:

www.medicalandlegal.co.uk

Individuals’ rights

Cosmetic surgery images: data will be deleted at the request of the data subject unless in so doing the company’s ability to defend a clinical negligence claim becomes impaired
Medico-legal records and images: data will be deleted at the request of the instructing solicitor

Subject access requests

The company shall provide data subjects with the information held by the company free of charge within 30 days, subject to the conditions above.
The company reserves the right to refuse requests for data that are manifestly unfounded, or to charge for the same.

Lawful basis for processing personal data

The company operates a lawful practice in the provision of medico-legal reports and in the delivery of cosmetic and non-cosmetic surgical treatments.
The company collects the minimum and relevant data necessary for it to exercise that lawful business.

Consent

Consent under the terms of GDPR is defined as: ‘any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.’
Verbal consent for medical photography is sought from medico-legal clients at the time of examination.

Children

The company provides medico-legal reports on behalf of children; however, the action is always brought by a Litigation Friend, who is an adult, parent or guardian.
In such cases, the company applies GDPR principles to the Litigation Friend, from whom consent for data processing and storage is sought.

Data protection by design and data protection impact assessments

The company shall be aware of situations where data processing is likely to result in high risk to individuals and shall undertake a DPIA where necessary.
However, due to the narrow scope of the company’s activity the potential for a DPIA to be required is currently assessed at being very low.

Where a suspected or data breach occurs the company shall:

(1) assess the impact and scope of the breach;
(2) notify data subjects affected by the breach;
(3) take immediate steps to prevent further breaches;
(4) investigate the root cause of the breach;
(5) make the necessary changes to strengthen its data security systems.

Allowing us to use cookies

We may use information obtained from cookies or similar technology. Cookies are text files containing small amounts of information which we download onto your computer or device when you visit our website. We can recognise these cookies on subsequent visits and they allow us to remember you. Cookies come in many forms. We have set out below the main types and categories of cookies that are used.

If the settings on your software that you are using to view this website (your browser) are adjusted to accept cookies we take this, and your continued use of our website to mean that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work, as you would expect.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Use of Cookies

This website does not store any information that would, on its own, allow us to identify individual users of this service without their permission. Any cookies that may be used by this website are used either solely on a per session basis or to maintain user preferences. Cookies are not shared with any third parties.

Turning Cookies Off

Most modern browsers allow you to control your cookie settings. You can disable them completely by editing your browser settings, however in doing this you may be limiting the functionality that is displayed on our website and also a large population of websites on the Internet that use cookies to serve their content.

To learn how to disable cookies on browsers please click here. http://support.google.com/accounts/bin/answer.py?hl=en&answer=61416

If you are concerned about cookies tracking your movements on the Internet then you may be concerned about spyware. Spyware is the name given to a particular band of cookies that track personal information about you. There are many antispyware programs that you can use to prevent this from happening. Learn more about antispyware software – http://en.wikipedia.org/wiki/Spyware

Our Cookies

Below is a table of information which lists all cookies used on our website.

Owner Cookie	Cookie Name	Cookie Description
Google Analytics	_utma	A Google Analytics cookie, which keeps track of the number of times, a visitor has been to the site, when their first visit was, and when their last visit occurred.
Google Analytics	_utmb	A Google Analytics cookie, which creates a timestamp of the exact moment when a visitor enters a site.
Google Analytics	_utmc	A Google Analytics cookie, which creates a timestamp of the exact moment when a visitor leaves the site.
Google Analytics	_utmv	Used for reporting in Google Analytics classifying the visitor.
Google Analytics	_utmz	A Google Analytics cookie which tracks where the visitor came from, what search engine was used, what link was clicked on, what keywords used, and where in the world the site was accessed from.
Google Maps	PREF, NID	This cookie is set by Google Maps when you load a map of our location.
WordPress	wp-settings, wp-settings-time-	This is a cookie is to verify if you are logged into the website or not.
WordPress	wordpress_, wordpress_logged_in	WordPress cookie for a logged in user.
WordPress	comment_author, comment_author_email, comment_author_url	When you enter a comment on this site you will be asked to provide certain information about yourself including your name, email and website address.
Quantcast	__qca, mc, d	Used by the Quantcast service to collect anonymous information about your usage of the site. This information includes IP address, referrer, search terms and time of use.
Amazon link	vglnk.Agent.p	Tracks any links to Amazon and the books available from Amazon by authors on this site.
Cloudflare	cfduid, CF_UALE	Cloudflare is a service which helps us improve user experience by optimising page load times globally.

We recommend you allow the cookies we set by this website as they help us provide a better service and make our website easier to use.

If you do not want to receive cookies from this website, select cookie settings under the privacy settings in your browser options, then add our domain to the list of websites you do not want to accept cookies from. Under settings you can also delete individual cookies or any cookies that your browser has stored.

If you set your browser to refuse all cookies, please be aware that there may be functionality on various websites that does not work.