Data Privacy Notice
Who we are
London Medical first opened its doors to patients back in 1991 as a specialist diabetes clinic. But diabetes affects almost every part of the body, so we very quickly started to widen our focus to provide first-class clinical care across the various conditions and problems commonly associated with the disease.
Contact details of the company
Metabolic Services Limited trading as London Medical
49 Marylebone High Street
London W1U 5HJ
Contact details of Data Protection Officer
If you have any questions or concerns regarding the information we hold on you, the use of your information or would like to discuss further, please contact;
David Briggs, Chief Operating Officer
+44 (0) 207 467 5470
Why we collect information (purpose of processing)
The processing of data and this privacy notice relates to all patient information processed within London Medical:
|Purpose||Legal Basis||Processing Special Categories of Personal Data|
|To support delivery of appropriate care and treatment of all London Medical patients||6.1.b - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract||9.2.h - processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;|
|To inform our patients of our events and insight day calendar||6.1.a - the data subject has given consent to the processing of his or her personal data for one or more specific purposes|
|Referrals from/to third party healthcare professionals to provide specialist care and treatment for their patients||6.1.a - the data subject has given consent to the processing of his or her personal data for one or more specific purposes||9.2.h - processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;|
|To utilise the London Medical MyCare App to transfer information about individual patient’s treatment||6.1.a - the data subject has given consent to the processing of his or her personal data for one or more specific purposes||9.2.a the data subject has given explicit consent to the processing of those personal data for one or more specified purposes.|
How we collect information
We may ask for or hold personal confidential information about you which will be used to support delivery of appropriate care and treatment. This is to support the provision of high quality care.
These records may include:
- Basic details, such as name, address, date of birth, next of kin.
- Email address, username and to identify London Medical App users.
- Contact we have had, such as appointments and home visits.
- Details and records of treatment and care, including notes and reports about your health
- Results of lab work for blood tests, etc.
- Information from people who care for you and know you well, such as health professionals and relatives.
It may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies or health conditions. It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, deliver appropriate treatment and care plans, to meet your needs.
Information is collected in a number of ways, via your new patient registration form, your consultant, referral details from your GP or other healthcare professional or directly given by you.
How we use information
- To help inform decisions that we make about your care.
- To ensure that your treatment is safe and effective.
- To work effectively with other organisations who may be involved in your care.
- To ensure our services can meet future needs.
- To review care provided to ensure it is of the highest standard possible.
- To train healthcare professionals.
- For research and audit.
It helps you because accurate and up-to-date information assists us in providing you with the best
possible care. Where possible, when using information to inform future services and provision,
non-identifiable information will be used.
Recipients of personal data
To provide best care possible, sometimes we will need to share information about you with others. We may share your information with a range of Health and Social Care organisations and regulatory bodies. You may be contacted by any one of these organisations for a specific reason; they will have a duty to tell you why they have contacted you. Information sharing is governed by specific rules and law.
Carbon Labs on behalf of Metabolic Services Limited will receive the email address, username and UserID provided within the London Medical MyCare App. The App transfers data to the main patient care record. This information is stored to identify the user when logging into the App. The Company deletes all other data transferred via the App every 4 hours.
During your care we may also need to share information about you to third parties to process your test results. These test results are processed by our authorised and accredited laboratories that are based in the United Kingdom or the United States.
During your care we may need to share information to insurance companies where insurance plans are used to cover the costs of the care and treatment you as a patient are receiving. The data shared will be in the form of claims relating to the treatment received so that appropriate payment can be made. The insurers that receive this information will be highlighted to London Medical by the patient during registration.
During your treatment you may be referred by your GP or current healthcare professional to London Medical or London Medical may need to refer you to another healthcare professional for part of your treatment. London Medical will always gain written consent before a referral is completed.
Details of transfers to third countries
Test information from patients is sometimes sent to our authorised and accredited laboratories who are based in the US and they therefore process and store some test data of our patients on London Medicals behalf to enable test results to be produced.
This information is transferred using FedEx UK, their privacy statement may be viewed at: http://www.fedex.com/gb/privacypolicy.html
Our US partner laboratory is TruHealth Diagnostics: https://truehealthdiag.com/privacy-policy/
Retention period of your data
London Medical align their retention periods for the storage of patient information and records to the NHS Records Management code of practice.
You can request a copy of London Medicals Document Retention policy from the reception desk or download a version from our website.
All information regarding patient records transferred via the London Medical My Care App will be deleted every 4 hours. No medical information is retained within the London Medical MyCare App.
Protecting your data
We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. These protective measures include:
- Not collecting personal data that we don’t really need.
- Destroying or anonymising personal data securely when we don’t need it anymore.
- Only allowing our staff and our suppliers to process the personal data they need to carry out their duties.
- Encrypting personal data to render it useless to anyone who is not authorised to access it.
- Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities.
- Binding our suppliers to the same standards and duties of care that we hold ourselves to.
- Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware.
- Making periodic checks that all of these measures are working well and making improvements to them when we think we can do better.
- Ensuring backups are completed on a daily basis.
|Rights given under data protection||How to exercise your rights|
|The right of access||Contact our Data Protection Officer and we shall respond to you within 30 calendars days of receipt of proper identification|
|The right to rectification||Contact our Data Protection Officer with any inaccuracies or queries|
|The right to restrict processing||Contact our Data Protection Officer|
|The right to object||This is detailed when you give your consent to receive information regarding our events on the new patient registration form and on the website. Contact our Data Protection Officer with any queries|
Right to withdraw consent
You can withdraw your consent to receive information about our events and insights day calendar at any time by using the unsubscribe link contained in all relevant communications or by contacting our Data Protection Officer.
You do also have the right to refuse/withdraw consent to information sharing at any time. We will fully explain the possible consequences to you at such a time as withdrawing consent could include delays in you receiving care.
Your right to complain
We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.
You can submit a complaint to London Medical at any time by contacting;
David Briggs, Chief Operating Officer
+44 (0) 207 467 5470
You always have the right to complain to our supervisory authority. We are based in the UK and our Supervisory Authority is the UK Information Commissioner's Office, and more information can be found here: https://ico.org.uk/concerns
or you can write to the ICO by using this address:
Information Commissioner’s Office
Cheshire SK9 5AF