This website privacy notice is in addition to, but does not override, our primary privacy notice.
1. Who ‘we’ are
When we outline to you how we take care of your data you will notice we use the words ‘the Clinic’, ‘we’, ‘us’ or ‘our’. This means we are referring to The London Clinic (also known as Trustees of the London Clinic Limited). We are a limited company and charity registered in England and Wales. Find out more information about our company and charity status.
For the purposes of you using our website we are the ‘Data Controller’ of your personal data. We are responsible for deciding how we hold and use your data, for taking care of your data and ensuring that anyone we work with, who might need to access your data, also takes care of it and follows our rules. If there is ever a situation where another organisation or person is the Data Controller of your data, we will let you know.
Before we explain what data we collect, why we collect it and what we do with your data, if you have any questions or concerns, you can reach our Data Protection Officer via firstname.lastname@example.org.
What we do with your data on our website
Special category data is personal data that needs more protection because it is sensitive. We may have this if you submit a query through the website and it is relevant to your query.
No, there are situations where it is not necessary to obtain your consent (i.e. processing of necessary cookies or handling of queries).
Yes, if you accept analytical cookies.
Yes, where you make an enquiry, we may need to share this information with the appropriate consultant to support you.
Yes, but only with your consent.
Yes, The London Clinic has an extensive Records Retention Policy to ensure we keep information only for as long as we need to. Where you withdraw or modify your consent, we will immediately stop processing your data.
Yes, alongside applying industry best practice, the Clinic are Cyber Essentials certified and compliant with the NHS’s Data Security and Protection Toolkit (‘DSPT’).
Yes, all staff receive training on a regular cycle.
Yes, we only permit access to those with a legitimate power or reason to access your information.
Yes, where your rights apply, we will process your request accordingly, and where they do not apply, we will explain this to you.
2. What data we collect from you
We will need different pieces of information from you for different purposes which will be driven by your interaction with us. We will always keep the data we need down to a minimum, and internally will ensure that only those with a legitimate need to see your data can do so.
As a summary, the sorts of data we collect from you on our website falls into the following categories:
This will include your basic contact details and ways for us to identify you. For example, your name, home address, email address, date of birth etc.
We need to process this data to verify your identity and/or respond to your query.
This will include any information you provide us as part of an enquiry which may include information relating to your physical and/or mental health.
We will only process your health and medical information at your request and only where it is relevant to your query.
This will include your IP address, and could also include your geographical location, browser type and version, operating system, referral source, length of visit and page views depending on the cookies you permit.
Our ability to process this information is dictated by the cookies you choose.
Where it forms part of an optional cookie, we will use it with your consent to tailor your website experience.
This will include details of both your general communication preferences you have outlined to us, and also any marketing preferences you have selected.
We need this information so that we are able to contact you via the right channel and/or to send out any direct marketing communications if you have consented to them.
This includes statistical or demographic data that may be derived from your personal data, but it cannot be used to directly or indirectly identify you.
We use this information to measure performance of the website and improve its functionality.
3. How we lawfully process your data
In order to operate the functionality of this website, we use your personal data for a number of reasons:
To deal with your query or request. Depending on the nature of your query, we may use your identity, contact, financial, transaction, payment, profile, or special category data to respond. We may process this information under the following legal grounds: performance of a contract, legitimate interests, (explicit) consent and/or provision of medical care.
To administer and protect our business. We may process your identity, contact and technical data for troubleshooting, data analysis, testing, systems maintenance and reporting. This is necessary for our legitimate interests and in some cases to comply with our legal obligations.
To enable you to move around our website and use its features, such as accessing secure areas of the website. We may process your identity, usage, and technical information to enable secure access. This is necessary for our legitimate interests.
To improve our website, content and user experience, deliver relevant website content to you, and understand the effectiveness of our website – With your consent, we may process your identity, usage, and technical information.
To keep a note of your preferences on how you want to engage with The London Clinic. We may process your identity, contact, usage communications and technical information. This is necessary for our legitimate interests.
4. Where we get your data from
Where you are submitting a query, we will collect data on you directly from you. Therefore, you can provide as much or as little as you prefer in order for us to handle your query. It is strongly recommended that you provide us with the appropriate amount of personal and special category data necessary for the resolution of your query.
Some technical features of the website will collect data on you through Cookies and/or related technology.
6. Where in the world your data is physically sitting
We use systems, technology and/or support vendors who may store or have access to physical or cloud storage which resides both in the UK and abroad. This includes countries both within the European Economic Area (‘EEA’) and, in limited circumstances, those further afield, for example the United States of America.
Where we store or share personal data with a third party in a country outside of the UK or EEA, we will put appropriate safeguards in place to protect that data in accordance with the applicable Data Protection Laws and the ICO’s guidance. These range from a contract with that third-party supplier through to technical measures to protect it while it gets there.
7. How long we keep your data
We only keep your website data for a short time. Any browsing or transactional data is either destroyed immediately or kept for a short period to confirm the transaction. However, we will keep your query related data for a longer term to make sure that we have properly dealt with your query.
We only keep data as long as is necessary and always ensure that personal data is securely destroyed when it is no longer required.
We retain Cookies preferences for 12 months.
8. How we protect your data
As you can appreciate, we cannot give you the full list of specific measures we have in place to prevent your data from being accidentally lost, used, accessed in an unauthorised way, altered or disclosed. However, please rest assured that we are committed to ensuring a high level of protection for your data while it is in our management.
Examples of some of the measures we have in place include:
- Agreed organisation-wide standards on security and data handling
- IT technical controls to limit access to your personal information only to those employees, agents, contractors and other third parties who have a business need-to-know
- Physical security controls on our buildings and wards
- Contractual controls with third parties (‘our house, our rules’)
- Training and awareness for all employees and Consultants
- Key roles in our organisation with specialist knowledge on Information Governance, Data Protection and Cyber Security to ensure your information is always protected.
9. What your rights are in connection with your data
Where we use your information with your consent you have a lot of control of how that data is used and shared by The London Clinic. However, where we are using your data under a legal obligation or other grounds, your rights under Data Protection Laws are more restricted. For example, where we feel we need to share or use data to save your life very few of the Data Protection rights apply.
A summary of all the Data Protection rights and how they apply to your interactions with us is below:
This is known as a data subject access request whereby you can receive a copy of the personal data that we hold about you. This right applies in all circumstances, however there might be some scenarios where we cannot provide you with some of the information requested (i.e. to protect the rights of others or due to legal privilege/confidentiality). If that is the case, we will explain this to you as part of our response to your request.
You can correct any incomplete or factually inaccurate personal data that we hold about you. It is important to understand that this right does not extend to matters of opinion, such as medical diagnoses. This right applies in all circumstances, however there might be some scenarios where we cannot retrospectively edit your record. If that is the case, we will explain this to you as part of our response to your request.
We cannot always fulfil your request if there are specific legal reasons requiring us to retain your personal data. We will explain these to you, if applicable, when responding to your request.
You can ask us to delete or remove your personal data where:
There is no good reason for us continuing to use it
You have successfully exercised your right to object to us using it or you have withdrawn your consent
We may have processed your information ‘unlawfully'
We are required to erase your personal data to comply with English law.
You can object to our processing of your personal data if:
We are relying on legitimate interests and you feel it impacts on your fundamental rights and freedoms. We may be able to demonstrate compelling overriding legitimate grounds for the processing
We are processing for direct marketing purposes.
You can ask us to suspend processing of your personal data if:
You want us to establish the data’s accuracy
Our use of your personal data is unlawful, but you do not want us to erase it
You need us to hold the data to establish, exercise or defend legal claims, even if we no longer require it
You have objected to our use of your data, but we need to verify whether we have overriding legitimate interests to use it.
You can request that we provide you or your chosen third-party with your personal data in a structured, commonly used, machine-readable format (an excel spreadsheet for example). This right only applies to electronic/digital information that you have provided to us either with your consent or where we use the information to perform a contract with you.
If you give us consent to process your personal data, you can withdraw that consent at any time by emailing email@example.com.
At any time, you can complain to either us or the ICO about any concerns you have over how your data is being handled.
To register a complaint with us please email firstname.lastname@example.org.
To register a complaint with the ICO please visit their website at www.ico.org.uk or address a letter to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call their helpline on 0303 123 1113.
How you can find out more information
If you have any questions or queries about how we handle your personal data at The London Clinic, please get in touch at email@example.com.
Version 2.0. This notice was last updated in February 2022.