Privacy Policy

Effective Date: [Insert Date]

This Privacy Policy describes how Medical Information Xchange Protocol Ltd. ("MIXP," "We," or "Our"), a UK-based company, collects, uses, and processes information in connection with the provision of the Imaging Exchange Protocol (IXP) platform and related services.

We are committed to the highest standards of data protection and compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

1. Our Role in Data Processing

Due to the nature of our Service, MIXP generally acts as a Data Processor on behalf of the healthcare providers and institutions (Our Clients) who use the IXP platform.

  • Client (Healthcare Provider): Is the Data Controller, responsible for determining the purposes and means of processing patient data.
  • MIXP (Service Provider): Is the Data Processor, processing patient data strictly according to the written instructions of the Data Controller, as set out in a binding Data Processing Agreement (DPA).

2. Types of Data Processed

We process two main categories of data:

A. Administrative and Operational Data (MIXP is the Controller)

This is information about our Clients and Users (authorised staff) necessary to administer the Service.

  • Data Collected: Name, Job Title, Institutional Affiliation, Email Address, Phone Number, Billing/Subscription Information, and User Log/Activity Data (for security and efficiency tracking).
  • Purpose: Account setup and management, invoicing, customer support, and technical administration.
  • Legal Basis (GDPR): Necessary for the performance of a contract (Article 6(1)(b)) and/or legitimate interests (Article 6(1)(f)).
B. Client/Patient Data (MIXP is the Processor)

This data is uploaded and controlled by our Clients.

  • Data Collected:
    • Personal Data: Patient identifiers, names, dates of birth, etc.
    • Special Category Data (Health Data): Medical images (CT, MRI, X-Ray, etc.), radiology reports, pathology results, and clinical notes uploaded for exchange and collaboration.
  • Purpose: To provide the core IXP Service, including secure data transfer, multi-specialty collaboration, adaptive image optimization, patient engagement solutions, and analytics/reporting as instructed by the Client.
  • Legal Basis (GDPR): The Client (Controller) is responsible for establishing a lawful basis for processing (e.g., Article 9(2)(h) for health care).

3. Data Security and Technical Measures

Security is a core value for MIXP. We implement state-of-the-art measures to ensure data protection:

  • Encryption: Industry-standard dual-layer encryption for data in transit and at rest.
  • Proactive Testing: Periodic Vulnerability Assessment and Penetration Testing (VAPT).
  • Infrastructure: Utilizing a Hybrid Cloud Infrastructure to maintain data integrity, reliability, and control.

4. Data Sharing and International Transfer

4.1. Data Sharing:

We only share Client Data as strictly required to provide the Service, at the direction of the Client (Controller).

4.2. International Transfer:

Any transfer of UK/EEA Personal Data outside of the UK/EEA is performed under appropriate safeguards as required by GDPR, such as Standard Contractual Clauses (SCCs), to ensure the data receives an equivalent level of protection.

5. Cookies and Tracking Technologies

MIXP uses cookies and similar technologies to ensure the smooth operation of the IXP platform, to authenticate users, and to gather administrative data about platform usage. Users are notified and can manage their cookie preferences upon accessing the Service.

6. Data Retention

MIXP retains Client/Patient Data according to the instructions provided by the Client (Data Controller) in the Data Processing Agreement. Administrative and Operational Data is retained as necessary to comply with legal and audit obligations.

7. Your Rights as a Data Subject (Administrative Data)

For the Administrative and Operational Data where MIXP is the Controller, individuals have the following rights under UK GDPR (e.g., Right of Access, Rectification, Erasure, etc.). To exercise these rights regarding administrative data, please contact us using the details below. For all requests concerning Client/Patient Data, you must contact the relevant healthcare provider (the Data Controller).

8. Contact Information and Supervisory Authority

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Contact:

Medical Information Xchange Protocol Ltd.
Address: London, United Kingdom
Email: info@mixp.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues.

About

Medical Information Xchange Protocol (MIXP) is a UK-based innovator in diagnostic systems and AI-enabled healthcare services. Its clinically validated, protocol-driven platform is used by 60+ super-specialty groups, diagnostic institutions, and specialists across three continents. MIXP also operates dedicated research, development, application development and support centre in India.

Company

Contact

info@mixp.co.uk
© Medical Information Xchange Protocol Ltd. All rights reserved.
© The IXP platform is a copyrighted and proprietary technology owned and authored by MedApp Dynamics Pte. Ltd.