Who are we?

McCollum Consultants Ltd (incorporating Cardiovascular Advisors Ltd.) are a network of medico-legal experts offering medico-legal advice to the legal and insurance sectors.

Why do we need to process personal data and what is the lawful basis for doing so?

We need to process instructions we receive, which contain personal data, as part of entering into a contractual relationship to offer medico-legal advice; the lawful basis therefore being contractual.

We also collect personal data such as contact details from individuals and organisations who contact us with enquiries or requests for medico-legal advice or services. From time to time we may want to send information about our services and events to those that have contacted/instructed us; in particular updates with respect to additional experts that have joined our network and corporate/educational events that we are hosting. The lawful basis for processing such personal data is therefore a legitimate interest. You can ‘opt out’ of receiving any further information from us by following the ‘opt out’ instructions particularised at the foot of any information sent to you.

We may be required to process your personal data in order to comply with our legal duties/obligations and to bring or defend a legal action.

What data do we collect?

1. Personal data (including names, email addresses and other contact details) of people making enquiries through the website or by email or phone.
We need this data to respond to the individuals and organisations that make enquiries of us.

2. Personal data (including names, contact details, qualifications and CVs) of our experts and people interested in joining our network as experts.
We need this data to carry out our business.

3. IP addresses of people visiting the website for the purpose of website analytics.
IP addresses may be captured by cookies purely for the purpose of website analytics using Squarespace Analytics and/or Google Analytics. The McCollum Consultants website uses tracking software provided by Google Analytics and Squarespace Analytics to help us understand details of your visit to this website & the pages/resources that you access; including, but not limited to: traffic data, location data, hardware and software being used and other communication data. None of this information allows us to identify you specifically as an individual.

For further information, you can read Google's privacy policy at https://policies.google.com/privacy and Squarespace's privacy policy at https://www.squarespace.com/privacy.

By accepting the Cookie Notification message, website users consent to the use of such cookies from Squarespace and Google Analytics.

4. Electronic instructions with medical records / diagnostic imaging
The instructions we receive will always be accompanied by medical records and diagnostic imaging as these are requisite in order to offer medico-legal advice. Our terms and conditions of business, in particular section 11, makes it clear that medical records and diagnostic imaging should be provided electronically and encrypted using 256 bit AES-strength so that the data can only be extracted by the intended recipient upon receipt and uploaded onto our GDPR compliant file sharing and content governance system, minimising any risk of the data being compromised.

5. Paper instructions with medical records / diagnostic imaging
Some instructing parties choose to send instructions accompanied by paper medical records / diagnostic imaging. Again, our terms and conditions of business, in particular section 11, makes it clear that paper medical records / diagnostic imaging should be packaged appropriately and trackable (preferably forwarded to our DX mailbox). Once received in our offices, they are converted to an electronic format, encrypted and uploaded to our GDPR compliant file sharing and content governance system minimising any risk of the data being compromised. All papers records are then confidentially destroyed immediately. WE DO NOT return any paper records only encrypted (256 bit AES-strength) media at the request of our instructing party.
 

How do we Process Personal Data?

All data is stored on our GDPR compliant file sharing and content governance system within the European Economic Area. The content is only accessible to authorised persons via encrypted computers. Once the data has been used, i.e. for the purposes of providing medico-legal advice, the data is removed from our GDPR compliant file sharing and content governance system and stored on encrypted (256 bit AES-strength) external hard drives that are accessible to authorised persons only.

Personal data is stored in accordance with the obligations conferred upon us by the General Data Protection Regulation, the Data Protection Act and the Information Commissioner’s Office; our ICO registration number is ZA429032. You can view a PDF of our ICO certificate of registration here.
 

How long do we retain personal data for?

All electronic data collected in connection with medico-legal advice is retained for a period of six years, from the date that consent to destroy the records is received, on an encrypted (256 bit AES-strength) external hard drive only accessible to authorised persons.
 

What are your rights?

The Data Protection Act affords you with the following rights where your personal data is concerned:

Access and updating personal information
You have the right to access a copy of your personal data and you can request to have this information updated at any time if for whatever you believe it to be inaccurate.

Removing personal data from our systems
Should you want us to remove your personal data from our systems then we will do so at your request, however we may need to keep certain information in order to comply with our legal duties and obligations.

Restricting/objecting to the use of your personal data
Should you want your personal data to be restricted or your object to your personal data being processed by us then please notify us immediately.
 

Changes to our Privacy Policy

From time to time we will review our Privacy Notice and make updates where we consider necessary. This policy was last updated on 29 May 2018.
 

Consent/Complaints

Should you wish to contact us with respect to withdrawing consent for us to process your personal data or you wish to raise a complaint with respect to the way in which we have processed your data then please contact Professor Charles McCollum either by email: cnmcc@McCollumConsultants.com or post: McCollum Consultants, 3000 Aviator Way, Wythenshawe, Manchester, M22 5TG.

If you are concerned about the way in which we process or have processed your personal data, then you are entitled to complain to contact the Information Commissioners Office who will offer information.