PRIVACY POLICY-old

This Privacy Policy sets out details of the information that Lumen Physicians and the clinicians responsible for your diagnostics, outpatient appointments and treatment may collect from you, and how that information may be used. Please take your time to read this Privacy Policy carefully.

In this Privacy Policy we: 

Provide you with a detailed overview of how we will manage your data, from the point at which it is collected and onwards. 

Provide all the details on how we use your information, and how we will comply with the law in doing so. 

Set out your rights in respect of your personal information, and how to exercise these rights. For example, you can seek access to your medical information, object to us using your information in particular ways and request rectification of any inaccurate information. 

We are always open to improvement; if you have any feedback on this Policy please contact our Data Protection Lead (contact details shared below). 

About us 

In this Privacy Policy we use “we” or “us” or “our” or “Lumen Physicians” to refer to the Lumen Physicians company who is using your personal information, and the clinicians who provide your diagnostics, outpatient appointments and treatment. 

Lumen Physicians, 27 Harley Street, London WIG 9QP Company Registration No. 10448708. 

How to contact us 

The Data Protection Lead helps ensure that Lumen Physicians complies with data protection law. Our Data Protection Lead has responsibility for data protection compliance in respect of Lumen Physicians. 

The Data Protection Lead can be contacted by: 

Email:  info@lumenphyisicians.co.uk

Post: Data Protection Lead, Lumen Physicians, 27 Harley Street, London WIG 9QP 

If you would like further information about any of the matters in this Privacy Policy or if you have any other questions about how we collect, store or use your personal information, please contact us using the details above.

1. Your personal information

As a patient of Lumen Physicians, the personal information we hold about you may include the following:

Name

Contact details, such as postal address, email address and telephone number (including mobile number)

Financial information, such as credit card details used to pay us

Occupation

Emergency contact details, including next of kin

Background referral details

Special Categories Personal Information

As a patient of Lumen Physicians, we will hold information relating to your medical treatment. This is known as a special category of personal data under the law, meaning that it must be handled even more sensitively. The special categories of personal information we hold about you may include the following:

Details of your current or former physical and/or mental health. This may include information about any healthcare you have received (both from Lumen Physicians directly and other healthcare providers such as GPs, dentists or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered. Further details on the way in which we handle such information are included below.

Special Categories Personal Information (continued) 

Details of services you have received from us 

Details of your nationality, race and/or ethnicity 

Details of your religion 

Details of any genetic data or biometric data relating to you 

Data concerning your sex life and/or sexual orientation 

2. How we collect your information 

We may collect personal information from a number of different sources including (but not limited to): 

GPs 

Other hospitals, both NHS and private 

Clinicians (including their medical secretaries) 

Dentists 

Mental health providers 

Commissioners of healthcare services 

Directly from you: 

Personal information may be collected directly from you when: 

You enter into a contract with Lumen Physicians for the provision of healthcare services 

You use those services 

You complete enquiry forms on the Lumen Physicians website 

You submit a query to us including through our website, by email or by social media 

You correspond with us by letter, email, telephone 

You sign-up to our newsletter on our website 

You take part in our marketing activities 

From other healthcare organisations: 

Our patients usually receive healthcare from other organisations in addition to Lumen Physicians. In order to provide you with the best service possible we may need to collect personal information about you from other organisations. This may include: 

Medical records from your GP 

Medical records from your clinician (including their medical secretaries) 

Medical records from the NHS or any private healthcare organisation 

Medical records from your dentist 

From third parties: 

As detailed, it is often necessary to seek information from other healthcare organisations. We may also collect information about you from third parties when: 

You are referred to us for the provision of healthcare services 

We liaise with your private medical insurance policy provider 

We liaise with your current or former employer, health professional, embassies, solicitors, medico legal companies or other treatment or benefit provider

We deal with experts (including medical experts) and other service providers about services you have received or are receiving from us

We liaise with debt collection agencies

We liaise with Government agencies, including the Ministry of Defence, the Home Office and HMRC

3. How we communicate with you 

We are likely to communicate with you by telephone, SMS, email, post and fax. If we contact you using the telephone number(s) which you have provided (landline and/or mobile), and if our call is directed to a voicemail and/or answering service, we are likely to leave a voice message on your voicemail and/or answering service as appropriate. 

However, please note: 

To ensure that we provide you with timely updates and reminders in relation to your healthcare (including basic administration information and appointment information), we may communicate with you by SMS and/or unencrypted email (where you have provided us with your email address) in each case using the SMS number and/or email address you have provided on your patient registration form. 

To provide you with your medical information (including test results and other clinical updates) and/or invoicing information, we may communicate with you by email where you have provided us with your email address on the patient registration form. 

If we have your mobile number or your email address we may in future use this method of communication to contact you regarding patient surveys which are for the purpose of improving our service or monitoring outcomes and are not a form of marketing. 

We are not relying on your consent to process your personal data in order to correspond with you about your diagnostics, outpatient appointments or treatment. As set out further below, we process your personal data for these purposes on the basis that the personal data is necessary to provide you with healthcare services. 

4. How we use Patient Feedback Surveys 

As detailed above, we may ask you to participate in surveys regarding your appointment with Lumen Physicians. The surveys may be provided post-treatment in hardcopy at our facility Reception, sent by email or SMS, or completed online via the Lumen Physicians website. 

This is not a form of marketing and the surveys do not try to sell you any further products or services; our intention is solely to gather information relating to your experience of Harley Street Medical Centre, for the purposes of improving the quality and safety of the services we offer to future patients. It is necessary for us to process your personal data in order to contact you with these surveys, on the basis of our appropriate business needs and to improve the quality of the healthcare services we offer. 

Participation in the Patient Feedback Surveys is entirely voluntary. You may decide not to complete the surveys and, if sent by email or SMS, you will have the option to unsubscribe from receiving further survey invitations. You may also be given the opportunity to proactively opt into receiving a call back to further discuss your survey responses.

5. How your information is used 

We may ‘process’ your information for a number of different purposes, which is essentially the language used by the law to mean using your data. Each time we use your data we must have a legal justification to do so. The particular justification will depend on the purpose of the proposed use of your data. When the information that we process is classed as “special category of personal information”, we must have a specific additional legal justification in order to use it as proposed. 

Generally we will rely on the following legal justifications, or ‘grounds’: 

Taking steps at your request so that you can enter into a contract with Lumen Physicians to receive healthcare services from us. 

For the purposes of providing you with healthcare pursuant to a contract between you and Lumen Physicians. We will rely on this for activities such as supporting your medical treatment or care and other benefits, supporting your doctor, nurse, carer or other healthcare professional and providing other services to you. 

We have an appropriate business need to process your personal information and such business need does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and monitoring outcomes. 

We have a legal or regulatory obligation to use such personal information. 

We need to use such personal information to establish, exercise or defend our legal rights. 

You have provided your consent to our use of your personal information. 

Appropriate business needs 

Where we refer to use for our appropriate business needs, we are relying on this legal ground. 

Special categories of personal information include information about you as a patient of Lumen Physicians are: 

Health 

Sex life 

Sexual orientation 

Ethnicity 

Political opinions 

Religious or philosophical beliefs 

Genetic or biometric information 

The right to object to other uses of your personal data 

As a patient of Lumen Physicians, you have a range of rights in respect of your personal data, as set out in detail in the section entitled “Your rights”. This includes the right to object to Lumen Physicians using your personal information in a particular way (such as sharing that information with third parties), and we must stop using it in that way unless specific exceptions apply.

Legal grounds for our processing purposes 

1. To set you up as a patient on Lumen Physicians’s systems including carrying out fraud, credit, anti-money laundering and other regulatory checks 

Legal ground: 

Taking the necessary steps so that you can enter into a contract with us for the delivery of healthcare. 

2. To provide you with healthcare and related services 

Legal grounds: 

Providing you with healthcare services 

Fulfilling our contract with you for the delivery of healthcare 

Additional legal grounds for special categories of personal information: 

We need to use your data in order to provide healthcare services to you as appropriate 

The use is necessary to protect your vital interests where you are physically or legally incapable of giving consent 

3. For account settlement purposes 

We will use your personal information in order to ensure that your account and billing is fully accurate and up-to-date 

Legal grounds: 

We are providing you healthcare and other related services 

Fulfilling our contract with you for the delivery of healthcare 

We have an appropriate business need to use your information which does not overly prejudice you 

Additional legal grounds for special categories of personal information: 

We need to use the data in order to provide healthcare services to you 

The use is necessary in order for us to establish, exercise or defend our legal rights 

4. Communicating with you and resolving any queries or complaints that you might have. 

Patients may raise queries, or even complaints, with Lumen Physicians. We take these communications very seriously. Our approach is to resolve such matters fully and properly, and we will need to use your personal information in order to do so. 

Legal grounds: 

We are providing you with healthcare and other related services 

We have an appropriate business need to use your information which does not overly prejudice you 

Additional legal grounds for special categories of personal information: 

The use is necessary for the provision of healthcare or treatment pursuant to a contract with a health professional 

The use is necessary in order for us to establish, exercise or defend our legal rights 

5. Communicating with any other individual that you ask us to update about your care and updating other healthcare professionals about your care. 

Other healthcare professionals or organisations may also need to know about your treatment in order for them to provide you with safe and effective care, and so we may need to share your personal information with them. 

Legal grounds: 

We are providing you with healthcare and other related services 

We have a legitimate interest in ensuring that other healthcare professionals who are routinely involved in your care have a full picture of your treatment 

Additional legal ground for special categories of personal information: 

We need to use the data in order to provide healthcare services to you 

The use is necessary for reasons of substantial public interest under UK law 

The use is necessary in order for us to establish, exercise or defend our legal rights 

6. Complying with our legal or regulatory obligations, and defending or exercising our legal rights 

As a healthcare provider, we are subject to a wide range of legal and regulatory responsibilities which we cannot list fully here. We may be required by law or by regulators to provide personal information; in which case we will have a legal responsibility to do so. From time to time, Lumen Physicians and its clinicians are also the subject of legal actions or complaints. In order to fully investigate and respond to those actions, it is necessary to access your personal information as relevant. 

Legal grounds: 

The use is necessary in order for us to comply with our legal obligations 

Additional legal ground for special categories of personal information: 

We need to use the data in order for others to provide informed healthcare services to you 

The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems 

The use is necessary for establishing, exercising or defending legal claims 

6. Who we share your information with 

From time to time, we may share your personal information within Harley Street Medical Centre or with the third parties included below for the purposes described in this Privacy Policy: 

Your clinician (including their medical secretaries) 

A doctor, nurse, carer or any other healthcare professional involved in your treatment 

Other members of support staff involved in the delivery of your care, like receptionists and porters 

Anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or carer 

NHS organisations, including NHS Resolution, NHS England, Department of Health 

Other private sector healthcare providers 

Your GP 

Your dentist 

Third parties who assist in the administration of your healthcare, such as private medical insurance companies, embassies, solicitors, medico legal companies or other treatment or benefit providers 

Private Healthcare Information Network 

National and other professional research/audit programmes and registries, as detailed under Purpose 6 above 

Government bodies, including the Ministry of Defence, the Home Office and HMRC 

Our regulators, like the Care Quality Commission, Health Inspectorate Wales and Healthcare Improvement Scotland 

The police and other third parties where reasonably necessary for the prevention or detection of crime 

Our insurers 

Debt collection agencies 

Credit referencing agencies 

Our third party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers 

We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax and telephone.

7. What marketing activities we carry out 

We may also use your personal information to provide you with information about products or services which may be of interest to you where you have provided your consent for us to do so. 

If you no longer wish to receive marketing emails sent by us, you can click on the “unsubscribe” link that appears in all of our emails, otherwise you can always contact us using the details set out at the top of the page to update your contact preferences. 

If you no longer wish to receive non-website based marketing information or for us to provide your information to market research agencies, please contact our Data Protection Lead. 

8. How long we keep personal information for 

The GDPR requires that personal data should not be held for longer than is necessary for the purpose for which it is being processed. We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. 

It is a fundamental requirement that all of Lumen Physicians’ records are retained for a minimum period of time for legal, operational and / or safety reasons. The length of time for retaining records will depend on the type of record. Please find below a summary of the various types of data we may hold about you and how long each will be kept.

Medical Records
Type of record Start of retention period Minimum retention period Comments
Records relating to human fertilisation where the individual has undergone fertility treatment and the Registered Manager is unable to confirm whether or not that patient has given birth to a child as a result of the treatment Conclusion of treatment 50 years In line with the Human Fertilisation and Embryology Act 1990 (HFEA)
All other medical records Conclusion of treatment 30 years Standard in healthcare and has been determined with patient safety in mind
Non-Medical Records
Type of record Start of retention period Minimum retention period Comments
Act, Outlook and Midexpro records (our patient management systems)  Date of last visit 30 years In line with medical records detention
Credit card details where there is no outstanding debt on patient’s account Receipt of credit card details 6 years For instance when credit card details are taken at registration
Credit card details where there is outstanding debt on patient’s account Discharge of debt 6 years
Debtor records cleared Close of financial year in which debt is cleared 6 years
Debtor records not cleared Retain until cleared
Invoices to patients regarding their treatment Close of financial year to which the invoice relates 6 years
Booking tool for managing patients Creation 6 years
Patient enquiries via email Receipt  6 years
Complaints case file Closure of incident 30 years In line with medical records retention
Fraud case files Case closure 6 years
Litigation case files Case closure 30 years In line with medical records retention
Subject Access Requests (SAR) and disclosure correspondence Closure of SAR  3 years
Subject Access Requests (SAR) where there has been a subsequent appeal Closure of Appeal 6 years
Accident Forms Creation 10 years
Serious Untoward Incidents Creation 30 years
Outpatient clinic lists Creation 2 years

9. How we use and protect your personal information provided when using our website 

Lumen Physicians is committed to ensuring that your privacy is protected when you provide personal information on our website  https://www.lumenphysicians.co.uk.

Should we ask you to provide certain information by which you can be identified when using our website, you can be assured that it will only be used in accordance with the below statements. 

What we may collect on our website 

We may collect the following information: 

name and job title 

contact information including email address 

demographic information such as postcode, preferences and interests 

other information relevant to customer surveys and/or offers 

What we do with the information we gather 

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons: 

Internal record keeping 

We may use the information to improve our products and services 

We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided. 

From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests. 

Security 

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. 

How we use cookies 

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. 

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. 

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. 

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites 

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. 

Controlling your personal information 

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by clicking on the “unsubscribe” link that appears in all of our marketing emails, or by contacting us using the details set out at the top of the page. 

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about our services or third parties which we think you may find interesting if you tell us that you wish this to happen.

10. Your rights 

Under data protection law you have certain rights in relation to the personal information that Lumen Physicians holds. These include rights to know what information we hold about you and how it is used. You may exercise these rights at any time by contacting us using the details at the beginning of this Privacy Policy. 

There will not usually be a charge for handling a request to exercise your rights. 

If we cannot comply with your request to exercise your rights we will usually tell you why. 

There are some special rules about how these rights apply to health information as set out in legislation including the Data Protection Act (current and future), the General Data Protection Regulation as well as any secondary legislation which regulates the use of personal information. 

If you make a large number of requests or it is clear that it is not reasonable for us to comply with a request then we do not have to respond. Alternatively, we can charge for responding. 

Your rights include: 

The right to access your personal information 

You are usually entitled to a copy of the personal information we hold about you and details about how we use it. Your information will usually be provided to you in writing, unless otherwise requested. If you have made the request electronically (e.g. by email) the information will be provided to you encrypted by electronic means where possible. 

Please note that in some cases we may not be able to fully comply with your request, for example if your request involves the personal data of another person.

You are entitled to the following under data protection law. 

Under Article 15(1) of the GDPR we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you the following, as outlined in this Privacy Policy: 

The purposes for which we use your personal information 

The types of personal information we hold about you 

Who your personal information has been or will be shared with, including in particular organisations based outside the EEA. 

If your personal information leaves the EU, how we make sure that it is protected 

Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for. 

If the personal data we hold about you was not provided by you, details of the source of the information 

Your right to ask us to amend or delete your personal information 

Your right to ask us to restrict how your personal information is used or to object to our use of your personal information 

Your right to complain to the Information Commissioner’s Office 

We also need to provide you with a copy of your personal data.

The right to rectification 

We take reasonable steps to ensure that the information we hold about you is accurate and complete. If at any point you do not believe this is the case, you can ask us to update or amend your personal information. 

The right to erasure (also known as the right to be forgotten) 

We may update this Privacy Policy from time to time to ensure that it remains accurate and the most up-to-date version can always be found at: https://harleystreet-medicalcentre.com/privacy-policy/. In the event that there are any material changes to the manner in which your personal information is to be used then we will provide you with an updated copy of this Privacy Policy. 

In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims. 

The right to restriction of processing 

In some circumstances, we must “pause” our use of your personal data if you ask us to. We do not have to comply with all requests to restrict our use of your personal information. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims. 

The right to data portability 

In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.

The right to object to marketing 

You can ask us to stop sending you marketing messages at any time and we must comply with your request. 

The right to withdraw consent 

In some cases we need your consent in order for our use of your personal information to comply with data protection legislation. 

We have explained in the section entitled “What are the purposes for which your information is used?” where we rely on your consent in this way. Where we do this, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting Lumen Physicians’ Data Protection Lead.

Email: info@lumenphysicians.co.uk 

Post: Data Protection Lead, Lumen Physicians, 27 Harley Street, London WIG 9QP

The right to complain to the Information Commissioner’s Office 

You can complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations. 

More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/ 

Making a complaint will not affect any other legal rights or remedies that you have. 

12. Updates to this Privacy Policy 

We may update this Privacy Policy from time to time to ensure that it remains accurate. In the event that these changes result in any material difference to the way in which we process your personal data then we will provide you with an updated copy of the Policy. 

This Privacy Policy was last updated on 24th May 2018.

Lumen Physicians Limited T: 020 7580 3145

27 Harley Street 020 7323 9292

LondonW1G 9QP E: info@lumenphysicians.co.uk

Registered Office: Lumen Physicians Limited, 7 Grey Close, London NW11 6QG. Registered in England No. 10448708