top of page

Radiant Science UG

​

Last updated: 9th July 2025

​

TECHNICAL AND ORGANISATIONAL MEASURES

​

DATA HOSTING & LOCATION

  • Personal data is hosted in the UK and EEA using secure cloud infrastructure (Microsoft Azure).

  • Where essential services require processing outside these regions, transfers are protected by Standard Contractual Clauses (SCCs) and strong technical safeguards.​

​

ACCESS CONTROL:

  • Access to personal data is restricted to authorised personnel.

  • Access is protected by multi-factor authentication (MFA).

  • Role-based access is enforced and reviewed regularly.

  • Access logs are retained and monitored.

​

ENCRYPTION:

  • Data in transit is encrypted using TLS 1.2 or higher.

  • Data at rest is encrypted using AES-256, managed via Azure Key Vault.

  • Encryption keys are stored and managed securely within the Azure environment.

​

SUBPROCESSOR MANAGEMENT

  • All subprocessors are listed in SUBPROCESSORS LIST: www.radiantscience.io/subprocessors.

  • Each subprocessor is bound by written agreements ensuring data protection compliance.

  • Subprocessors are used only as necessary and with appropriate contractual safeguards.

​

DATA RETENTION AND DELETION:

  • Personal data is retained only for the duration of the service. All personal data is securely deleted within 120 business days of service termination unless otherwise instructed by the Data Controller.

  • Deletion follows secure wiping standards (e.g., NIST 800-88).

​

SECURITY MONITORING & INCIDENCE RESPONSE

  • Infrastructure is continuously monitored using Azure Security Center and internal tools.

  • A breach response policy is in place. Data controllers are notified within 48 hours of a confirmed personal data breach.

​

STAFF AWARENESS AND CONFIDENTIALITY:

  • Staff with access to personal data complete mandatory data protection training.

  • Confidentiality agreements are required at onboarding.

  • Access is limited to job function and business need.

​

DATA CERTIFICATIONS:

  • We are Cyber Essentials certified, demonstrating baseline IT security hygiene across infrastructure and operations.

  • We have completed the NHS Data Security and Protection Toolkit (DSPT) self-assessment, confirming compliance with NHS data protection standards.

  • Evidence of both certifications are available upon request.

  • We have ICO certification under the reference number: ZB842255 

​

BUSINESS CONTINUITY AND RECOVERY

We create encrypted backups stored in the UK. 

​

AUDIT LOGGING:

Access and system events are logged and retained for the service contract period. Logs are monitored for unusual activity and protected from tampering.

​

DATA SUBJECT RIGHTS
We support the Controller in fulfilling data subject rights under UK GDPR, including access, correction, and deletion. 

​

NO AUTOMATED DECISION MAKING

Radiant Science does not perform any automated decision-making. Our AI-assisted systems are used solely to support administrative workflows, such as processing voice input, structuring clinical notes, or assisting with communication. These tools do not make clinical decisions, offer diagnostic conclusions, or take action without human oversight. All outputs are intended to assist healthcare professionals and are always subject to review and approval by authorised users.​

​

INFORMATION GOVERNANCE CONTACT
For privacy or data protection inquiries, contact our Data Protection Officer:

Felix Geilert
Email: info@radiantscience.io

bottom of page