As the operators of London Heart Clinic, London Heart Clinic Limited registered in England and Wales (“We”, “Us”, “London Heart Clinic”) is committed to protecting and respecting your privacy. We understand the importance of your data and we will not share, sell, or distribute any of the information you provide to us without your explicit consent unless required to do so by law. We fully endorse and adhere to the principles of the General Data Protection Regulation (“GDPR”), as set out in the UK Data Protection Act 2018.
Information we collect from you
We collect and process some or all of the following types of information from you.
Details given to Us during your registration - Your name, address and contact details, including email address and home and mobile telephone numbers, date of birth, gender, general practitioner and consultant details, and contact information for your nominated next of kin.
Your previous and current assessment notes and test results as per requirement of our clinical professional standards. Assessment notes will likely contain personal information such as medical history and details of previous and current diagnostic tests.
Your financial information if you are a ‘self-pay’ patient or the financial information of the company or individual you have nominated to be responsible for the payment of your care.
If you contact us, We may keep a record of that correspondence.
London Heart Clinic may obtain this information in a variety of ways. For example, the registration and consent forms filled in by you, the client.
Information we collect from other sources
In some cases, We may collect personal data about you from third parties, such as insurer providers, referring consultants, checks permitted by law.
Uses made of your information
As a client of London Heart Clinic, We rely on legitimate interests in performing our contract with our Customer as the lawful basis on which We collect and use your personal data.
We use information held about you in the following ways:
In connection with your health assessment, treatment and/or care, including tests or assessments and medical examinations.
In connection with payment of fees, including billing, invoicing, and settlement of your account.
To contact you in advance of any diary appointments you may have with us and for correspondence regarding your health assessment, care, or treatment.
To notify you about changes to our services and provide you with information that is relevant to your use of the services.
Where there is a legal or regulatory obligation on us to do so or in connection with legal proceedings.
Disclosure of your information
We may disclose your personal information with your permission to:
Other medical professionals who may be involved in your care, this may include GPs, consultants, occupational health departments or other Health and Care professionals.
The organisation paying for your treatment such as your insurance company, embassy, employer, or NHS commissioner).
Anyone you have explicitly asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin)
Comply with any legal obligation if we are under a duty to disclose or share any personal data.
A third party providing us with information technology systems, this includes an incident management and recording system and a system for electronic prescribing as well as other clinical and non-clinical software applications (and related services) and website hosting.
In each case, we would share only such information as was relevant.
We take appropriate measures to ensure that all confidential data is kept secure including security measures to prevent data from being accidentally lost and/or used or accessed in an unauthorised way. All records are stored securely on an encrypted server and personal contact details are used solely for appointment purposes and are stored on our secure cloud-based computerised diary system. We limit access to your data to only authorised personnel. Those processing your information will do so only in an authorise manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so.
Keeping your personal data up-to-date
If your personal details change you may update them by calling us directly. We will endeavour to update your personal data within thirty (30) days of any new or updated personal data being provided to Us, in order to ensure that the personal data We hold about you is accurate and up-to-date.
How long will we keep your personal data
It is a fundamental requirement that all of our records are retained for a minimum period of time after the conclusion of treatment or death for legal, operation, research and/or safety reasons. The length of time retaining records will depend on the type of record.
Under the General Data Protection Regulation, you have a number of important rights free of charge. In summary those include the rights to (certain exceptions apply):
Access your personal data and certain other supplementary information that this Policy is already designed to address
Require the erasure of personal data concerning you in certain situations
Receive the personal data concerning you which you have provided to Us, in a structure, commonly used, and machine-readable format and have the right to transmit those data to a third party in certain situations
Object at any time to processing of personal data concerning you for direct marketing
Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
Otherwise restrict our processing of your personal data in certain circumstances
Claim compensation for damages cause by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
Contact us using our contact details below
Let Us have enough information to identify you
Let us have proof of your identity and address. Receipt of an email from this address will usually be sufficient to confirm your idea. In all other cases we may request one or more identification documents, such as a copy of your driving licence or passport and recent utility or credit card bill; and
Let Us know the information to which your request relates.
How to complain
We hope that We can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 03031231113
Address all queries to:
Data Protection Officer
London Heart Clinic
Unit 1 Manhattan Business Park,
© 2017 by London Heart Clinic.