Patient Privacy Policy

1. Purpose of This Document

As a healthcare provider, London Bridge Healthcare (“LBHC”, “we”, “us”, “our”) handle a wide range of information about you, in order to support you and your needs.

This Privacy Notice explains important information regarding how London Bridge Healthcare may collect and hold your personal data and how that will be used and handled. LBHC are the Data Controller, which means that we are responsible for deciding how we collect, hold and process personal data.

This Notice makes you aware of how and why your personal data will be used for the purposes of providing healthcare, treatments and surgery and how long it will usually be retained for. It provides you with certain information that must be provided under applicable privacy laws.

2. The Kind of Information We Hold About You

We need different types, or categories, of your personal data in order to provide our various services to you. We always keep data to minimum and only process what is needed for the required purposes and we ensure that your personal data is kept securely and confidentially. We will process information about you which you, and others involved in your care and treatment, or who are paying for your care and treatment, have supplied to us. This will include your name and contact details (e.g. address, email, telephone numbers, etc) as well as emergency contact details for your next of kin.

We are often required to collect the following data:

your name (including name prefix or title);
contact details including email or postal address, phone number(s);
details of any referrals or assessments from your Healthcare provider;
racial or ethnic origin or sex life;
medical history, diagnostic data; other health related information provided by you (such as health information, disability and disability type, health risk factors, personal exposure and surveillance data);
details of any relevant medications being taken, prescription and dosage data, why taken, and for how long;
details of any other medicinal products that are being taken, prescription and dosage data, why taken. and for how long;
financial information (bank or credit card details); and
insurance provider information.

LBHC will use your health information:

to assess your suitability for treatments, therapies and/or surgeries
to undertake and document treatments, therapies and/or surgeries
to process payments
to communicate with you
to conduct analysis and assessments to ensure compliance with legal and regulatory obligations relating to patient safety
to resolve any queries, issues or complaints
for other lawful reasons described in the Informed Consent Form

All of the information collected will remain strictly confidential to the extent prescribed by law. Only authorised LBHC staff and approved suppliers will have access to your data and are bound by professional secrecy, codes of confidentiality, as well as contractual and legal obligations to ensure that your personal information is protected.

3. How Your Personal Data Is Collected

We collect your personal data from the following sources:

from you or your authorised party when you engage with LBHC directly or via a referral from a Healthcare provider
from your GP/Consultant/Healthcare provider, who has referred you to LBHC
from your insurance provider, in relation to payment for treatments and/or surgery

4. How We Will Use Information About You

Your personal data will be processed in accordance with the UK General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and any applicable country-specific legislation. For the purposes of the services that we provide, we will use the personal data we collect about you for the following lawful reasons:

Purpose	Lawful basis (personal data)	Lawful basis (special category data)
Provision of healthcare services to patients	To fulfil a contract with you. To fulfil our legitimate interests.	Necessary for the provision of health or social care treatment or the management of health or social care systems and services.
Administration and management of healthcare services (incl. patient records and provision of medical advice)	To comply with our legal obligations.	Necessary for the provision of health or social care treatment or the management of health or social care systems and services.
Billing and Payments for services	To fulfil a contract with you.	Not applicable
Patient communications	To fulfil a contract with you. To fulfil our legitimate interests. To comply with our legal obligations. Where you have given your consent (if applicable).	Not applicable
Compliance with our legal and regulatory requirements, including complaints investigations and exercising our legal rights.	To comply with our legal obligations. To fulfil our legitimate interests,,	Not applicable Public interest in the area of public health necessary for maintaining standards relevant to healthcare and medicinal products.
Patient protection and safeguarding	To comply with our legal obligations. To protect your vital interests (or the interests of another person).	Necessary in any emergency situation to protect your vital interests (or the interests of another person).

In certain circumstances, we may seek your consent to process your personal data. Where we have sought your consent for any processing of your persona data, you have the right to withdraw this consent at any time (though this will not affect the lawfulness of processing based on consent before its withdrawal). Please note that this type of consent relates purely to processing personal data and is not to be confused with informed consent, which relates to evidencing your agreement to receive medical treatment.

If you do not provide your personal data If you do not provide information when requested, which is necessary for the provision of our services , including treatments, therapies and/or surgery, then we may not be able to treat you or provide you with safe healthcare.

5. Automated Decision-Making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

6. Who We Share Your Personal Data With

We endeavour to avoid sharing your personal data, however, there are certain circumstances and activities where this is required. Your medical records may be reviewed by individuals and/or organisations that act on our behalf, including independent healthcare professionals (e.g. consultants), suppliers, monitors, auditors, regulatory agencies and independent review boards or ethics committees, that review and monitor safety and conduct.

Where we may provide personal data to third parties including our vendors, partners and service providers (e.g., cloud service providers, laboratories, etc) who perform services on our behalf, these providers have limited access to personal data only to the extent necessary to perform these support tasks on our behalf and are subject to the same confidentiality and security safeguards as those applied by LBHC. Such relationships are subject to robust due diligence assessments and contractual obligations to ensure the protection and confidentiality of your personal data.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

7. Transfer of Personal Data Outside the EEA

LBHC is based in the UK and the majority of our data processing activities occurs in the UK. However, due to the global nature of many systems and technologies provided by our supply chain, e.g. cloud-based databases, your personal data may be disclosed outside the UK or EEA, particularly to the USA.

Where we transfer such personal data, we will ensure appropriate legal safeguards, such as the UK and European Commission approved standard contractual clauses, and that additional safeguards where required, are in place to protect the privacy and integrity of such personal data.

If you would like more information concerning such safeguards, you may contact our Data Protection Officer via DPO@richmondpharmacology.com

8. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

9. How Long Will You Use My Information For?

We will only retain personal data for as long as it is required, as per our legal and/or regulatory obligations and for our own legitimate interests, in line with our internal policies and procedures.

We may also retain aggregate information beyond this time for analysis and research purposes and to help us develop and improve our services. Please be assured that you cannot be identified from aggregate information retained or used for these purposes.

10. Your Rights in Connection with Personal Data

You have a number of rights afforded to you under data protection laws that relate to the personal data processed by us, as follows:

request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. However, in certain circumstances this right may be restricted where it is deemed that disclosure would not be in the best interests of the patient. If this is the case, we will respond to keep you informed.
request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances. You may also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below). There may be instances where we cannot delete your data due to a legal obligation to retain. If this is the case, we will respond to keep you informed.
object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. Please be advised that there may be restrictions to this right, but we will keep you informed if this is the case.
request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. Again, in certain circumstances, it may not be possible to restrict processing where that data is critical to your care or our legal obligations. If this is the case, we will respond to keep you informed.

If you would like to exercise or discuss the rights as explained above please contact us via DPO@richmondpharmacology.com

11. Complaints

We will always endeavour to respond and resolve any concerns or complaints that you may have, however, if you are not satisfied with the way that your personal data have been processed, or how we have responded to your queries or requests, you have the right to contact the UK Information Commissioners Office via www.ico.org.uk

12. Further Information

If you require any further clarification regarding this privacy notice, please contact our Group Data Protection Officer by email at DPO@richmondpharmacology.com