How do we manage and protect information about you?

Skintell collects information for the mole mapping service to give you the best possible care. We aim to maintain full and accurate records of the care provided for you and keep this information confidential and secure.

What information do we collect?

We collect information about you such as your name, address, and contact details (including your email address and mobile number where you have provided these) alongside any health-related information required for the delivery of healthcare services, for example:

• Details and records of treatment and care, including notes and reports about your physical or mental health.

• Results of blood tests and relevant previous diagnoses.

• Information on medication or any allergies.

• Emergency contact details (e.g., a family member).

• Clinical photographs: These are classified as Special Category Data. Dedicated consent will be obtained via our portal or clinic. We use high-level encryption for the storage and transmission of these images to ensure they remain confidential.

• Sensitive Information: We may collect your ethnicity and skin classification (Fitzpatrick Scale) to build a complete clinical picture, enabling our staff to provide the most accurate assessment of your skin health.

We may also receive information from other health providers to support your care. We might also collect information to monitor compliance with legal obligations relating to equality and diversity.

Who processes your information?

We process your information to facilitate the provision of healthcare services. Skintell may act as a Data Controller or a Data Processor depending on whether you are a private patient or referred via a commissioning organization (such as the NHS).

How do we use the information we collect to help you?

• Clinical Care: Doctors, imaging technicians, and healthcare professionals involved in your care use your information to assess your health.

• Referrals: To ensure information is available if you are referred to another professional or move to a different area.

• Assisted Clinical Decision Making: We may use specialized dermatological software to assist our clinicians in analyzing your skin images. Please note that all final clinical assessments are made by qualified healthcare professionals; we do not use "solely automated" decision-making for your diagnosis.

• Quality Improvement: To assess the quality of care you receive and investigate any concerns or complaints.

On what basis are we entitled to process your information?

To process your personal data lawfully, we rely on specific legal bases under the UK GDPR:

1. Personal Data (Article 6)

• Article 6(1)(b): Necessary for the performance of a contract (to provide your mole mapping services).

• Article 6(1)(c): Necessary for compliance with a legal obligation.

• Article 6(1)(e): Necessary for the performance of a task carried out in the public interest (where commissioned by public health bodies).

2. Special Category Data (Article 9)

• Article 9(2)(h): Necessary for the purposes of medical diagnosis and the provision of health or social care treatment.

• Article 9(2)(a): Explicit consent (specifically for clinical photography or elective research).

• Article 9(2)(j): Necessary for archiving, scientific research, or statistical purposes.

Note on Ethnicity Data: We process ethnicity and skin classification under the Data Protection Act 2018, Schedule 1, Part 2, to ensure clinical accuracy in dermatological assessments across all skin types.

Do we share information about you with anyone?

We may lawfully share your information with:

• Other healthcare providers involved in your treatment.

• Non-healthcare organisations where required by law (e.g., social services, court orders, or reporting infectious diseases).

• Insurance providers, only where you have given express agreement.

We will only share the minimum amount of information required. We never share your personal information for marketing purposes.

How else could your information be used?

Your data may be used for auditing, preparing statistics on care quality, investigating incidents, or training healthcare professionals.

International Transfers: Your data is stored securely within the United Kingdom or the European Economic Area (EEA). We do not transfer your personal data to "Third Countries" outside of these jurisdictions without ensuring adequate protection measures (such as Standard Contractual Clauses) are in place.

How long do we keep your information?

Skintell adheres to the NHS Records Management Code of Practice:

• Adult Clinical Records: Retained for 8 to 10 years after the last entry.

• Minor Records: Retained until the patient's 25th birthday (or 26th if they were 17 at conclusion of treatment).

• Administrative Data: Retained for 6 years for tax and company law compliance.

Your Rights and Objections

You have the right to object to processing, though this may impact our ability to provide care.

• National Data Opt-Out: You may choose to opt-out of your confidential information being used for research and planning. Skintell will respect these choices once confirmed by your healthcare provider.

• Access to Records: You have the right to request access to your data free of charge. Requests must be in writing with proof of identity.

• Right to Rectification: If you believe information is inaccurate, we will take steps to correct it within one month.

How do we keep your information safe?

• Training: Staff undergo annual data security and confidentiality training.

• Access Controls: Information is only accessible to staff for whom it is necessary.

• Audit Trails: We record all access to health records.

• Legislation: We comply with the UK GDPR, Data Protection Act (2018), and Human Rights Act (1998).

Contact Information

Data Protection Officer (DPO): dpo@skintell.co.uk

ICO Registration Number: ZC046435

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO).