Privacy & Data Retention Policy

Effective Date: 29 Oct 2025
Owner: Revise Radiology Ltd (Company No. 09134299)
Registered Address: 13 Durleigh Road, Bridgwater, TA6 7HU, United Kingdom
Data Protection Officer (DPO): Maria Ana Guedes – info@reviseradiology.com

Table of Contents

• 1. Background
• 2. About Us
• 3. Definitions
• 4. Scope of This Policy
• 5. Children’s Privacy
• 6. What Data We Collect
• 7. How We Use Your Data
• 8. Legal Bases for Processing
• 9. How and Where We Store Your Data
• 10. Sharing Your Data
• 11. Your Rights
• 12. Automated Decision-Making and Profiling
• 13. Cookies and Analytics
• 14. Data Access Requests
• 15. Controlling Your Preferences
• 16. Business Transfers
• 17. Contact Information
• Data Retention Policy
  • A. Overview
  • B. Retention Periods
  • C. Storage & Security
  • D. Disposal Process
  • E. Exceptions
  • F. Use of Medical Images
  • G. Originality of Content

---

1. Background

Revise Radiology Ltd ("we", "our", or "us") respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, and store your information when you visit or use our website(s)
(reviseradiology.com and reviseradiology.courses, collectively “Our Site”).

By accessing or using Our Site, you confirm that you have read and understood this Policy.
If you do not accept the terms, please stop using the Site immediately.

---

2. About Us

Website: www.reviseradiology.com
Company: Revise Radiology Ltd
Company Number: 09134299
Registered Address: 13 Durleigh Road, Bridgwater, TA6 7HU, United Kingdom
Data Protection Officer: Maria Ana Guedes – info@reviseradiology.com
ICO Registration: We are registered as a Data Controller with the Information Commissioner's Office (ICO) under Registration No. ZA364628

---

3. Definitions

• Account: a user profile for accessing certain features of Our Site.
• Cookie: a small file placed on your device by Our Site to enhance performance.
• Personal Data: any information relating to an identifiable individual.
• Our Site: refers to both reviseradiology.com and reviseradiology.courses.

---

4. Scope of This Policy

This Policy applies only to your use of Our Site.
It does not apply to any external websites linked from Our Site.
We recommend reviewing the privacy notices of any external sites before submitting personal data.

---

5. Children’s Privacy

Our services are intended for users aged 18 and over.
We do not knowingly collect data from anyone under 18.
If such information is inadvertently collected, we will delete it upon discovery.

---

6. What Data We Collect

Depending on your interactions with Our Site, we may collect:

• Full name
• Email address and telephone number
• Account login credentials
• Payment or billing data (via secure third-party processors)
• IP address and browser type
• Device and operating system information
• Usage data (pages visited, session time, etc.)
• Voluntary information shared via surveys, forms, or feedback
• Cookie and analytics data (see Section 13)

---

7. How We Use Your Data

1. All personal data is processed securely and lawfully.
2. We may use your data to:
   • Provide access to your account and services
   • Manage subscriptions and course access
   • Respond to customer support requests
   • Send email communications including newsletters, alerts, and updates (with consent)
   • Conduct internal analytics to improve features
   • Satisfy legal or regulatory obligations
3. With your opt-in consent, we may also contact you for marketing purposes regarding:
   • Learning resources and study tips
   • Global teaching sessions or new platform features
   • Special offers and promotions related to radiology education
   • Newsletters
4. You can unsubscribe from the newsletter or marketing at any time by clicking the link in emails or contacting info@reviseradiology.com.

---

8. Legal Bases for Processing

We process your personal data under one or more of the following legal bases:

• Consent (e.g. for email marketing or optional cookies)
• Contract (e.g. providing access to paid services)
• Legal obligation (e.g. tax and audit records)
• Legitimate interests (e.g. service improvement, fraud prevention)

You can withdraw your consent at any time.

---

9. How and Where We Store Your Data

1. Data is stored securely on UK or EU servers, or with third parties under legally binding safeguards such as the UK International Data Transfer Agreement or EU SCCs.
2. Security controls include encryption, firewalls, restricted access, and regular audits.
3. Usage of personal devices (BYOD) is restricted and governed under our IT and data security policies.
4. Data Breach Notification: If a breach presents a risk to your rights or freedoms, we will notify you and the ICO without undue delay.

---

10. Sharing Your Data

1. We share personal data only as necessary, including with:
   • Service providers (e.g. payment providers, email delivery, analytics services)
   • Law enforcement or regulators, when legally required
   • Associated affiliate or subsidiary companies if relevant and lawful
2. We never sell or rent user data.
3. We may share anonymised data for statistical or research purposes.

---

11. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate or incomplete data
• Erase your data (the “right to be forgotten”)
• Restrict processing
• Object to certain types of processing (e.g. marketing or profiling)
• Data portability
• Withdraw any consent provided
• Lodge a complaint with the ICO (www.ico.org.uk)

For queries or to exercise your rights, contact info@reviseradiology.com.

---

12. Automated Decision-Making and Profiling

1. We do not use automated decision-making that has legal or similarly significant effects.
2. We apply limited profiling (e.g. by location or training level) to personalise educational content. You may opt out by contacting us.

---

13. Cookies and Analytics

1. Cookies help us enhance user experience and understand how our Site is used. We use:
   • Essential cookies (e.g. session, login)
   • Analytics cookies (e.g. Google Analytics - page views, bounce rates)
   • No third-party advertising cookies
2. You can accept or reject optional cookies via our Cookie Consent Banner.
3. You may also manage cookies in your browser settings.
   Details on browser controls are explained at www.allaboutcookies.org.
4. We do not currently respond to Do Not Track (DNT) signals.

---

14. Data Access Requests

You may request a copy of any personal data we hold about you.
Contact info@reviseradiology.com with details.
We respond within one calendar month as required by law.

---

15. Controlling Your Preferences

• You can update your preferences and subscription settings in your account.
• Unsubscribe links are provided in every marketing or newsletter communication.
• You may also register with TPS, MPS, or CTPS to reduce cold contact from third parties, though this will not affect email marketing you’ve opted in to receive.

---

16. Business Transfers

If Revise Radiology Ltd is acquired or restructured, personal data may be transferred to the new owner/controller under the same privacy protections outlined in this Policy.

---

17. Contact Information

If you have any questions, complaints, or data access requests, contact:

Email: info@reviseradiology.com
Phone: +44 1278 422723
Post: Revise Radiology Ltd, 13 Durleigh Road, Bridgwater, TA6 7HU, United Kingdom

---

Data Retention Policy

A. Overview

This section outlines how long we retain your personal data and how we securely dispose of it.

---

B. Retention Periods

• General account and usage data: retained for up to six (6) years after termination of service.
• Payment and tax-related records: retained as per legal/tax obligations.
• Short-term logs: kept temporarily for technical backup and operational continuity.

---

C. Storage & Security

Data is securely stored on encrypted servers with access restricted to authorised personnel.
Personal data is not stored on unauthorised personal devices.

---

D. Disposal Process

When retention limits are reached:

• Confidential documents are securely destroyed (e.g. shredding or electronic deletion).
• Non-confidential items may be anonymised or deleted through routine cleans.
• The Records Management Officer oversees all data disposal activity.

---

E. Exceptions

Longer retention may apply if:

• You continue to use our services
• We are under a legal, tax, or contractual obligation
• Data is required for dispute resolution or regulatory audit

---

F. Use of Medical Images

All images are anonymised and used in accordance with paragraphs 10–12 of the General Medical Council’s guidance on Making and Using Visual and Audio Recordings of Patients.

---

G. Originality of Content

All cases and questions are original educational content created by our team.
While inspired by the FRCR format, we do not use actual exam materials or infringe any copyright belonging to the Royal College of Radiologists.
We comply fully with the College’s Examination Misconduct Policy.

---

Last modified: 29 Oct 2025