Rosenfield Health Tech - Privacy Policy

Rosenfield Health Tech Ltd (“Rosenfield”, “we”, “us”, “our”) respects your concerns about privacy. References in this Privacy Policy to “Rosenfield” are references to the entity responsible for the processing of your personal information, which generally is the entity that obtains your personal information.

 

This Privacy Policy applies to personal information we obtain through Rosenfield’s online properties, including our websites, web applications, downloadable resources, webinar pages and social media pages that reference this Privacy Policy (“Online Channels”); offline collection in connection with sales, marketing, events, partner engagement, and customer support (“Offline Channels”); and third-party sources in accordance with applicable law (collectively, the “Channels”).

 

This Privacy Policy does not apply to personal information collected through Rosenfield’s recruitment processes, employment systems, or any product-specific agreements that include separate data protection terms.

This Privacy Policy describes the types of personal information we obtain, how we may use it, with whom we may share it, and the choices available to you. It also describes the measures we take to safeguard personal information and how you can contact us about our privacy practices.

 

The Online Channels may provide links to third-party websites and features that are not owned or controlled by Rosenfield. Please review the privacy policies of those third parties to understand their practices.

Contents

• Personal Information We Obtain
• Cookies and Similar Technologies
• How We Use Personal Information
• Personal Information Sharing
• Data Transfers
• Your Choices
• How We Protect Personal Information
• Retention of Personal Information
• Children’s Personal Information
• Changes to Our Privacy Policy
• How to Contact Us

1. Personal Information We Obtain

We may obtain personal information through the Channels. The types of personal information we may obtain include:

• Contact details (including your name, professional title or role, organisation or Trust, business email address, postal location, and telephone number where voluntarily provided);
• Information submitted through our online forms, such as details entered when requesting product demonstrations, downloading materials, registering for webinars or events, or contacting us through enquiry forms, along with any messages or preferences you include;
• Professional and engagement information, such as your stated areas of interest (for example: imaging workflows, anonymisation technologies, AI tools or diagnostic review solutions), participation in Rosenfield webinars, training sessions or events, and your selected communication or subscription settings;
• Information gathered automatically through cookies or similar mechanisms (such as your IP address, browser and device characteristics, pages viewed, browsing behaviour, time spent on our site, referral sources such as LinkedIn or search engines, and interaction with our email communications, including whether emails are opened or links are clicked);
• Information obtained from third-party sources, where lawful to do so (including publicly available NHS contact directories, professional platforms such as LinkedIn, conference and event partners, and industry publications that provide business contact information). Additional business contact information supplied by GDPR-compliant and ISO-certified third-party data providers, which we process solely for relevant business-to-business marketing purposes. We only process third-party data obtained from providers that comply with GDPR and other relevant data protection laws.
• Healthcare-related processing information, noting that Rosenfield does not collect or process patient clinical data via our website or marketing channels; for our healthcare technology solutions, Rosenfield acts strictly as a data processor, handling imaging data only under written instructions from the healthcare organisations that serve as the data controllers. For personal data collected through our website and marketing activities, Rosenfield acts as the data controller. For clinical imaging data processed within our products, Rosenfield acts as a data processor under contract with healthcare providers. When providing our healthcare technology solutions, Rosenfield enters into Data Processing Agreements (DPAs) with healthcare providers to ensure that all patient data is processed securely and in accordance with applicable data protection laws.

2. Cookies and Similar Technologies

Rosenfield uses cookies and similar technologies to personalise and enhance your experience, analyse website performance, and support marketing activities.

How We Use Cookies

Cookies are small data files stored on your device that help us recognise your browser and provide functionality such as security, analytics, and personalisation.

We use the following types of cookies:

Strictly Necessary Cookies

Required for basic website operation, security, session management, and consent preferences.
These cannot be disabled through the cookie banner.

Analytics & Performance Cookies

Used to measure website performance, track visitor behaviour, and improve user experience.

Marketing & Personalisation Cookies

Used (with consent) to:

• Track website interactions for marketing attribution
• Deliver relevant content
• Support retargeting activities

 

Making Cookie Choices

You may manage your cookie preferences using our cookie banner or by adjusting your browser settings. Please note that disabling essential cookies may affect website functionality.

Third-Party Content

Our website may embed third-party content such as YouTube or LinkedIn videos. These third parties may set their own cookies and operate under their own privacy policies.

Cookie Information and Table

The types of cookies that may be deployed include, but are not limited to:

 

3. How We Use Personal Information

Rosenfield uses your personal data to operate our website and provide relevant information to you. We process customer and marketing contact data for the purpose of sending relevant product updates, educational content, event invitations and service information, in accordance with GDPR and PECR. We may process professional contact information obtained from publicly available or third-party sources for the purpose of business-to-business outreach under the lawful basis of legitimate interest, and we will always provide clear privacy information and opt-out options in all communications. All marketing communications sent by Rosenfield include an unsubscribe link or clear instructions on how recipients may opt out of further communications.

We may use the personal information we obtain to:

• Provide, manage and administer our products and services
• Communicate regarding our products, events, solutions and promotions
• Send newsletters, product updates, case studies and event invitations
• Register individuals for webinars, training sessions and demonstrations
• Respond to requests, enquiries or technical support needs
• Conduct marketing and sales activities, including lead generation
• Perform data analytics (e.g., user engagement, content performance)
• Personalise website experience and tailor communications
• Operate, evaluate and improve our website and business operations
• Maintain the security and integrity of our services
• Comply with legal obligations and industry standards

We do not sell or trade personal data.

Legal Basis for Processing (UK GDPR)

We process personal information based on:

Consent

For newsletter subscriptions, downloadable content, non-essential cookies, and marketing emails.

 

Legitimate Interest

For:

• Business-to-business communication with healthcare professionals
• Following up on product enquiries
• Security and website analytics
• Maintaining marketing suppression lists (to honour your unsubscribe requests)
• Performance of a contract or fulfilment of a request
• Compliance with legal obligations

Where required by law, we will obtain your consent before sending direct marketing communications. You may withdraw your consent at any time by clicking “unsubscribe” or contacting us.

 

4. Personal Information Sharing

For personal data collected through our website, Online Channels and marketing activities, Rosenfield acts as the data controller. We do not sell or trade your personal information.

We may share personal information with:

 

Internal Rosenfield Teams

Based in the UK and Egypt for business and operational purposes.

 

Service Providers

Trusted partners who perform functions on our behalf, such as:

• Email and marketing platforms (e.g., Mailchimp, HubSpot)
• Webinar and event platforms
• CRM and analytics providers
• Website hosting and security partners

These service providers are contractually required to protect your data and use it only for the services we request.

 

Legal, Compliance and Safety

We may disclose information:

• Where required by law or court order
• To protect against fraud, misuse or security threats
• To establish or defend legal claims

 

Business Transactions

In the event of a merger, acquisition or restructuring, we may transfer personal information to relevant parties, ensuring equivalent data protection safeguards.

 

5. Data Transfers

Rosenfield may transfer personal information to countries outside the UK, including service providers in the EEA and other jurisdictions.

Where such transfers occur, we implement appropriate safeguards such as:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions (where available)
• Additional technical and organisational measures

We do not allow these third parties to use your data for their own purposes.

Rosenfield implements these safeguards through GDPR-compliant contractual terms with our cloud vendors, the use of approved international transfer mechanisms, secure cloud hosting, encryption, access controls, and internal ISO 27001-aligned procedures. Some of our service providers operate internationally, including in locations outside the UK and EEA (such as the United States). Where this occurs, we rely on GDPR‑compliant contractual safeguards, such as Standard Contractual Clauses (SCCs) where available, along with additional technical and organisational measures to protect personal data.

 

6. Your Choices

You may:

• Update your communication preferences
• Unsubscribe from marketing emails
• Request access to your data
• Request correction or deletion
• Object to certain types of processing
• Withdraw consent at any time

To exercise these rights, contact us at:
Email: info@rosenfieldhealth.com

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your personal data has not been handled in accordance with applicable law.

7. How We Protect Personal Information

We maintain administrative, technical and physical safeguards designed to protect personal information against:

• Unauthorised access
• Loss or destruction
• Disclosure
• Misuse
• Alteration

Measures include access controls, encryption, secure hosting, and staff training.

 

7.1 Our Compliance and Certifications

Rosenfield Health Tech maintains recognised industry certifications and participates in national compliance frameworks to safeguard the personal information entrusted to us. Rosenfield delivers certain services through secure cloud-based platforms, and we process information within these environments using appropriate technical and organisational safeguards.

We are registered with the NHS Data Security and Protection Toolkit (DSPT), demonstrating alignment with NHS data protection, cyber security, and information governance standards. Our DSPT organisation profile can be viewed at: https://dsptoolkit.nhs.uk/OrganisationSearch/X7G4O

Rosenfield also maintains ISO/IEC 27001 certified management systems that support our commitment to data security, quality and operational excellence. Details of our ISO certifications are available at: https://www.rosenfieldhealth.com/iso-certification/

These frameworks help ensure that our security controls, data handling procedures, and organisational processes meet industry best practices and comply with applicable regulatory requirements. These controls apply to our cloud-based SaaS platforms and internal systems.

8. Retention of Personal Information

We retain personal information:

• Only as long as necessary to fulfil the purposes described in this Privacy Policy
• Longer where required by law or to resolve disputes
• Marketing data for up to 24 months following last interaction. Contacts who unsubscribe or withdraw consent are removed or anonymised promptly, even if under 24 months.
• Cookie data according to their individual expiry periods

After retention periods expire, information is securely deleted or anonymised.

9. Children’s Personal Information

Our Online Channels are not directed to children.
We do not knowingly collect personal information from individuals under applicable age thresholds.

If you believe a child has provided us personal information, please contact us so we can delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices.
The effective date at the top of this document indicates the most recent update.

11. How to Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Rosenfield Health Tech Ltd
Registered Address: Tramshed Tech, Pendyris Street, Cardiff, United Kingdom, CF11 6BH

Email: info@rosenfieldhealth.com
Website: www.rosenfieldhealth.com