We collect and retain core personal information necessary for the operation of the L2P appraisal and revalidation system according to the legal obligations in relation to revalidation. This guidance is published under section 29G of the Medical Act 1983 (as amended) and the General Medical Council (Licence to Practise and Revalidation) Regulations 2012, as amended in 2014 and 2015.
The rules of the new General Data Protection Regulation (GDPR) from 25 May 2018 and the Data Protection Act 2018 (DPA 2018) better protect the personal data that businesses hold, as well as empower users to know what is happening with their data.
Use of collected information
L2P Enterprise Ltd processes two types of personal information from users:
- Standard personal information - for example, information we use to contact you, identify you or manage our relationship with you.
Information appropriate to our legitimate interests. 'Legitimate interest' is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
- To manage our relationship with you, our business and third parties who provide essential services necessary to the operations of the L2P system;
- To make sure that support tickets are handled efficiently and to investigate issues;
- To keep our records up to date and to provide you with relevant updates as allowed by law;
- For statistical analysis, so that we can monitor and improve products, services, websites and apps, or develop new ones;
- To monitor how well we are meeting our performance expectations;
- To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with.
Specific information from uploaded files may be extracted by the system to enable the automatic operation of the L2P system according to its functionality.
We do not sell any information for marketing, 3rd party or otherwise. L2P Enterprise Ltd personnel do not access any files uploaded unless on request.
User’s access to collected information
Registered users information is available to view by authorised institutions at any time subject to the L2P system being online. Updated personal information is available within the portfolio of individual registered users.
Information confidentiality statement
The common law duty of confidentiality applies to information whereby individuals can be identified by the use of their personal information. L2P Enterprise Ltd will protect and safeguard the confidentiality of any personal information through appropriate due care and diligence. All staff of L2P Enterprise Ltd is aware of data protection policies and security.
All regulatory bodies and organisations and institutions that contribute to and with which L2P Enterprise Ltd disseminates registered users’ information are required to:
- Disclose information only to relevant employees for the purposes to which it was provided. Such organisations will conform to their own information, security and privacy policies;
- Maintain confidentiality of personal information; and,
- Only use the information for the purpose of which it was provided.
L2P Enterprise Ltd sees the security of registered users’ information of paramount importance. The strictest of security measures, within reason, are taken to ensure data protection. We are committed to ensuring information security through the use of state-of-the-art information security practices, controls, policies and procedures and conduct continual reviews of our systems, including regular audits of our data protection management steps.
L2P Enterprise Ltd uses and maintains strict physical, electronic and managerial procedures to protect registered user's personal information from unauthorised or inappropriate access. Personal information collected by us is stored in secure established servers. Employees and business partners who misuse a registered user's personal information are subject to disciplinary actions.
L2P Enterprise Ltd uses a defined security management programme to protect against threat to our electronic information service. These controls serve to protect data against unauthorised access, disclosure, corruption or destruction.
Any registered user and administrator will need to recognise and acknowledge the responsibility to maintain the security and confidentiality of information. All users of this site are prohibited from violating or attempting to violate the security of the L2P system; any such violation may result in liability and prosecution. Violation of security of the L2P system, but not restricted to, the following and without limitation:
- Accessing data or using services not intended for the particular user;
- Tampering, hacking, modifying or otherwise corrupting the website;
- Transmitting material that contains viruses, trojan horse or worms with the intention of damaging, destroying, disrupting or otherwise impairing the website functionality or the operation of the site;
- Altering any software or computer data or intentionally enabling others to do so;
- Interfering with, intercepting or expropriating data or information on the website.
- Altering any personal information data unless authorised to do so.
L2P Enterprise Ltd is registered with the Information Commissioner’s Office: Reg no. Z2384214.
All automated e-mailing is via SendGrid.com. To the extent that SendGrid processes (or causes to be processed) any Personal Data originating from the EEA in a country that has not been designated by the European Commission as providing an adequate level of protection for Personal Data, the Personal Data shall be deemed to have adequate protection (within the meaning of EU Data Protection Legislation) by virtue of SendGrid's self-certification to the Privacy Shield. In accordance with the Court of Justice of the European Union ruling on the US-EU Privacy Shield framework, SendGrid, as a data transfer mechanism, is covered by the Twilio Data Protection Addendum, which incorporates the Standard Contractual Clauses in section 14 (July 2020). SendGrid agrees to apply the Privacy Shield Principles when processing (or causing to be processed) any EEA or Swiss Personal Data under this Agreement. This ensures compliance with the European Union Data Protection Directives (including GDPR), directives that protect personal data by ensuring that it is only used with permission and for legitimate purposes. SendGrid may store email addresses, names, IP addresses and location data to perform both their and L2P services consistent with the current data retention policy. No email content is stored and all data is encrypted in transfer.
All documents uploaded to the L2P system are scanned with antivirus software.
Copyright and trademark notices
The material featured on this site is subject to L2P Enterprise Ltd copyright protection unless otherwise indicated. © L2P Enterprise Ltd 2012-2021. All rights reserved.
No part of this website may be republished, reproduced, downloaded, displayed, distributed, posted transmitted or sold in any form or by any means in whole or in part without prior written permission of the copyright owner. Users of this website may not reproduce or reuse, for any commercial purpose whatsoever, any aspect of the website content.
The rights owners, therefore, retain copyright in all page headers, button icons, collection material, custom graphics and all other types of graphics used on this site and these may not be copied or imitated without the rights owners' permission.
The trademarks, logos and service marks displayed on the website belong to the operators of the site. The owners of the marks on this site retain exclusive rights in and to the marks. Nothing grants users the right to use, reproduce or display any of the marks without prior authorisation from L2P Enterprise Ltd.
The site content should not be assigned, sublicensed, or used for derivative works. No part of the site content should be incorporated into any information retrieval system without the permission of L2P Enterprise Ltd.
L2P Enterprise Ltd has used its best efforts to obtain and post on this website the most accurate and reliable information available but does not guarantee the accuracy or completeness of any information on or accessed through this website. Due to the nature of electronic transmission of data over the Internet and the number of users of this website, we will not be liable for losses or claims arising from the inability to access this site or its content. L2P Enterprise Ltd is reliant on the accurate inputting of information into the website.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
A medical practitioner’s inclusion in the L2P system does not necessarily confirm that such medical practitioners are registered to practise medicine in the UK.