Data Privacy Notice

Canon Medical Systems Ltd is committed to protecting the privacy rights of anyone whose personal data is processed by Canon Medical Systems Ltd. For this reason, in the following, we would like to meet our obligation to inform you about the processing of your data as required by data protection law. Canon Medical Systems Ltd also trades under the name Medical Imaging Academy (https://imaging-academy.co.uk/) and this privacy notice applies to both entities.

The responsible data controller is
Canon Medical Systems Ltd
Boundary Court,
Gatwick Road,
Crawley, West-Sussex
RH10 9AX

Contact data of the Data Protection Official:
Please feel free to direct any questions you have about the processing of your personal data to our Local Data Protection Co-ordinator as well as any applications to rectify or erase data, to restrict its processing, or to transmit it.

By e-mail: data.protection.uk@eu.medical.canon
By mail: at the above address

Purpose of processing and legal basis:
We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR), local data protection laws, and any other relevant laws in force at the time. First and foremost, data processing serves to establish, implement and terminate the contractual relationship.
Contract:
The primary legal basis for this is Art. 6 Para. 1 b) GDPR. The processing of your data is necessary for the fulfilment of a contract which includes the delivery of the goods and the payment obligation.
Legitimate Interests:
We process your data on the basis of Art. 6 para. 1 f) GDPR to pursue our legitimate
interests. This may be necessary, for example:
 To maintain lT security and lT operations
 For communication about educational events by Canon Medical Systems Ltd we
deem relevant to you, for example through e-mail invites, newsletters (from which you can unsubscribe) or customer satisfaction surveys. We are very interested in
learning whether you were satisfied with the product or service we have provided
or what we can improve in the future. Therefore, we will contact customers
following the contract fulfilment interaction using the contact information
provided by you or your company.
Consent:
We also process your data in individual cases on the basis of your separate consents
granted to us pursuant to Art. 6 para. 1 a).
 For direct marketing
 For customer portal management
Our legal obligations:
Lastly we process your personal data if this is necessary to comply with our legal
obligations for example:
 To prevent and investigate criminal offences (e.g. fraud)
 To submit investigation data to regulatory authorities (e.g. MHRA, ICO)
 For commercial and tax storage obligations or documentation obligations.
The legal basis for this is Art. 6 Para. 1 c) GDPR.
If we process your personal data for a purpose not mentioned above, we will inform you in advance.

Data categories and data origin:
We process the following categories of data: master and address data (such as first name, surname, name extensions, address), contact and communication data (such as telephone numbers and email address), contractual data and data from the contractual relationship (such as product interest, type of contract), clinical area of interest, claim data, payment information (bank details). On occasion we may hold dietary requirement information if you registered on a course or other event with us. As a rule, we collect the data directly from you within the framework of the pre-contractual contractual relationship or during the business relationship, but in individual cases it may also have
been transmitted to us by your company. If the data processing is based on address purchases, we have checked their legality before acquisition and point out their origin. In addition, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. professional networks).

Recipients:
Within our company and the Canon Medical Systems Group, only those persons who need your personal data to fulfil our contractual and legal obligations will receive your personal data. We may also share the information you have provided to Canon Medical Systems Ltd with a very limited number of partners. However, this only happens if it is necessary to process your data for the intended purpose. We also use the services of a number of different partners (e.g. in such cases where we provide non-Canon equipment, or where we work as or for an MES provider) in order to meet our contractual and legal obligations. You can request to view a list of the contractors and
service providers we use with whom we do not merely have a temporary business relationship. What is more, we transmit your personal data to other recipients outside the company provided it is necessary in order to meet our contractual and legal obligations as an employer. These could include:
 Authorities (e.g. tax and customs authorities, courts)
 Bank of the contracting party (SEPA payment medium)
 Assignees and credit agencies
 Third party debtors and bailiffs in seizures
 Insolvency administrator
Canon Medical Systems Ltd uses external service providers to technically process your data. We may transmit or process your data outside the country in which you reside or in one of the countries in which Canon Medical Systems operates. Such entities could also be based outside the European Economic Area. ln the event that we transmit personal data to service providers or Group companies outside the European Economic Area (EEA), the transmission will only take place if the EU Commission confirmed that the third country has an adequate level of data protection or if there are other appropriate data protection guarantees in place (e.g. binding internal company data
protection provisions or standard EU contractual clauses). You can also request detailed information using the contact information provided below.

Retention period
Canon Medical Systems Ltd only saves your personal data for as long as it is required for the purposes named above. Once the contractual relationship has ended, your personal data is saved for as long as we have a legal or regulatory obligation to do so. This can usually be ascertained on the basis of the legal accountability and retention requirements that are regulated by local laws, which stipulate certain retention periods of up to ten years. Moreover, personal data may be retained for as long as claims can be made against us (e.g. statutory limitation period up to 30 years).

Rights and duties of affected persons
Provided the legal conditions are met, you have the following rights arising from Article 14 (2) (c), 15 to 22 GDPR: the right to access, the right to rectification, the right to erasure, the right to restriction of processing, and the right to data portability.

Right to object
You have the right to object without cause to the processing of your personal data for the purposes of direct advertising. If we process your data to safeguard legitimate interests, you can object to this processing by providing reasons relating to your specific situation. We will then stop processing your personal data, unless we can prove that there are compelling reasons to process it that are worthy of protection and that outweigh your interests, rights, and freedoms, or if the purpose of the processing is to assert, exercise, or defend legal claims.

Right to complain to the supervisory authority
You have the option to contact the above named Data Protection Co-ordinator or a data protection supervisory authority (e.g. the ICO) with a complaint.

Individual communication preferences
Registered users can manage their communication preferences by visiting https://portal.uk.medical.canon/app/utils/login_form/
and
https://imaging-academy.co.uk/
D. Hoogmoed
Information Security Manager / Data Protection Co-ordinator