Scottish Hajj and Umrah Trust,(“SHUT”), is committed to protecting the privacy and security of its clients, partners and associates and therefore operates under a set of strict privacy principles.
SHUT adheres to the Data Protection Act 1998 and Freedom of Information (Scotland) Act 2002 and to Information Governance Standards published by NHS Quality Improvement Scotland concerning the storing and transfer of personal data. Accordingly, these Privacy Guidelines apply to all personal data received from individuals by SHUT whether in electronic or paper format.
With approval via electronic non-disclaimer or on paper format all data will be securely stored. No personal information is collected by SHUT for any purpose except as listed below:
(a) IP Addresses (Server Log Information)
- In some cases we may collect IP addresses in order to detect unauthorized access attempts and control system access security. An IP address is a number automatically assigned to your computer whenever you access the Internet. All computer identification on the Internet is conducted with IP addresses, which allow computers and servers to recognize and communicate with each other.
(b) Registration (User-Supplied Information)
- Self-entered ‘Patient Record Summary; medical details with electronic confirmation or details entered for pilgrims by SHUT Medical Support Officer with telephone recorded confirmation and approval sign-off.
- Information accessible by the registered pilgrim or approved medical staff only.
- Self-entered ‘Travel Agent & Mualim’ details with electronic confirmation or details entered for Travel Agent by SHUT Medical Support Officer with telephone recorded confirmation and approval sign-off along with information on Kingdom of Saudi Arabia approved visa issuing agents, and pilgrim group leaders.
- Information accessible by the registered Travel agent or approved Medical Support Officer or System Administrator only.
- GP or Medical Staff details entered by GP with electronic confirmation or details entered for pilgrims by SHUT Medical Support Officer with telephone recorded confirmation and approval sign-off GP’s.
- Information accessible by the registered Medical Staff or approved Medical Support Officer or System Administrator only.
- Accessing customer support via our on-line contact us web page are required to give SHUT contact information such as their name and e-mail address, and demographic information such as a post code, organisation and/or role. The user’s contact information is used to contact the user when necessary. Personally identifiable information will not be disclosed.
- Information accessible by registered Medical Staff or approved Medical Support Officer or System Administrator only.
SHUT has security measures in place to protect the loss, misuse and alteration of the information under SHUT’s control. SHUT employs strict security measures to safeguard online transactions. All personal information is stored in a secured database at a secured Safe Harbor compliant hosting facility within the United Kingdom.
All data stored on the servers is encrypted using high levels of security.
Your data is physically stored in high security data centres, as used by banks and government services. Only very limited numbers of authorised staff from SHUT Medical Management Systems can access these servers and each visit is logged ensuring complete audit trails. Data is replicated continuously between security centres to ensure immediate failover.
Registered users can access your data over the internet at any time. As long as your have access to the internet, you will have access to your data.
When your data is accessed via the internet the SHUT server will negotiate a secure link with the end user. This is called SSL. Many common web-based applications use this technology to secure their data. Organisations such as banks use SSL for online banking; online shops use it for credit card purchases. SSL is a proven method of internet security and one which is recognised as the best.
Role Based Access
The SHUT software system has inbuilt security allowing patient information to be viewed by patients or only by authorised users who will be time stamped each time they login to access your data, and from which locations.
The User’s Personal Data may be used for legal purposes by SHUT, in Court or in the stages leading to possible legal action arising from improper use of the iMbrace medical wristband or the related services. The User declares to be aware that SHUT may be required to reveal personal data upon request of public authorities.
The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that SHUT suspend or remove the data.
Additional information about User’s Personal Data
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from SHUT at any time. Please see the contact information at the bottom of this page.
The rights of Users
Users have the right, at any time, to know whether their Personal Data has been stored and can consult with SHUT to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to SHUT at the contact information set out in this policy.
If you have any further queries you can contact us on the following:
Scottish Hajj and Umrah Trust
152 Bath Street
0141 280 8111
Scottish Hajj and Umrah Trust reserves the right to change the terms, conditions, and notices under which Scottish Hajj and Umrah Trust web site and software access is offered, including but not limited to changes associated with the use of the site now or in the future. You are responsible for regularly reviewing these terms and conditions.