This notice explains how personal data is handled when you use this website. It is written to meet the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who is the data controller
The data controller for this website is:
- Name: Dr Muhammad Mohsin
- Contact email: [email protected]
- Brand names used: Mohsin Haematology Academy, HaemCalc
For the purposes of UK GDPR, the controller is the individual named above acting in a personal capacity.
2. What personal data is collected
The following categories of personal data may be processed when you use this website:
- Mailing list data. If you sign up to the Academy mailing list, your email address is collected and stored by our email marketing processor, Mailchimp (see section 5).
- Contact data. Your name, email address, and the contents of any message, if you contact us directly.
- Technical data. IP address, browser type, device type, time-zone, and pages visited, processed by the hosting provider for the limited purpose of operating and securing the website.
- Cookie data. See the Cookies section below.
This website does not collect or store patient-identifiable data. HaemCalc must not be used to enter patient-identifiable data.
This website does not currently run any third-party analytics service (for example, Google Analytics, Plausible, or Cloudflare Web Analytics). If that changes, this notice will be updated and a cookie banner will be shown.
3. How and why personal data is used
| Purpose | Lawful basis under UK GDPR |
|---|---|
| Sending Academy newsletters and updates after sign-up | Consent (article 6(1)(a)) |
| Operating the website and keeping it secure | Legitimate interests (running and protecting the site) |
| Responding to messages you send us | Legitimate interests (replying to enquiries) |
| Complying with legal obligations | Legal obligation |
4. Cookies
This website uses a small number of cookies. The site does not currently set any first-party analytics cookies.
- Strictly necessary cookies. Needed for the site to work (for example, to remember your cookie consent choice). These do not require consent.
- Mailchimp cookies. When you submit the mailing list form, Mailchimp may set cookies to operate the form and detect bots. These are limited to the function of the signup form.
You can change your cookie preferences at any time by clearing cookies in your browser and reloading the site.
5. Who personal data is shared with
Personal data may be shared with the following processors, all of which act under written terms or contractual safeguards:
- Mailchimp (Intuit Inc., United States) — email marketing processor for the Academy mailing list. Mailchimp processes the email addresses of subscribers in order to deliver newsletters and updates. Mailchimp's own privacy notice and Standard Contractual Clauses cover the international transfer of data to the United States. See Mailchimp's privacy statement.
- Cloudflare, Inc. (United States) — provides website hosting via Cloudflare Pages, plus DNS and content-delivery for the site. Standard log data may be processed for security and performance.
- GitHub, Inc. (a subsidiary of Microsoft Corporation, United States) — source-code repository for the website. GitHub does not serve pages to end users; Cloudflare Pages does.
We do not sell personal data. We do not share personal data for advertising purposes.
6. International transfers
Some processors named above are based in the United States. Where this is the case, transfers are protected by the UK adequacy regulations or by Standard Contractual Clauses, as required by UK GDPR.
7. How long personal data is kept
- Mailing list data: kept for as long as you remain subscribed. You can unsubscribe at any time using the link in any newsletter, after which your address is removed within a reasonable period.
- Contact emails: retained while the matter is active and for a reasonable period afterwards for record purposes.
- Hosting / proxy logs: retained according to the providers' default policies, typically a short rolling window.
8. Your rights
Under UK GDPR you have the right to:
- access a copy of your personal data;
- have inaccurate data corrected;
- have your data deleted in certain circumstances;
- restrict or object to processing in certain circumstances;
- receive your data in a portable format in certain circumstances;
- withdraw consent where consent is the lawful basis (for example, by unsubscribing from the mailing list);
- complain to the Information Commissioner's Office (ICO).
To exercise any of these rights, email [email protected]. You can also contact the ICO at ico.org.uk.
9. Children
This website is intended for healthcare professionals and adult learners. It is not directed at children under 13. If you are under 13, please do not submit personal data via this site.
10. Changes to this notice
This notice may be updated from time to time. The current version is the one shown on this page. Material changes will be flagged on the homepage or via the cookie banner.