Privacy Notice
Introduction
This privacy notice describes how London Metabolic Laboratory (“LML”) in our capacity as controller generally collects and processes personal information collected through www.londonmetaboliclaboratory.com and other websites controlled by LML (“LML Websites”). London Metabolic Laboratory and LML are trading names of Dr Saira Hameed Ltd (registered in England, No. 13805607).
This privacy notice may be revised from time to time to reflect changes in law or changes in LML’s business operation. This privacy notice was last updated on 19th March 2022.
- Scope of this privacy notice
This privacy notice only applies to LML Websites and any other LML website where a link to this privacy notice is provided.
Websites and specific web pages linked from LML Websites may be subject to separate terms of use (including separate privacy notices). You must not use those websites (or provide Personal Information) if you do not accept such terms of use.
Where links from LML Websites are provided to non- LML websites, LML is not responsible for those websites. These third-party websites will be governed by different terms of use (including privacy notices) and you are solely responsible for viewing and using each such websites in accordance with the applicable terms of use. LML is not responsible for how your Personal Information is handled by such third-party websites.
- Information we may collect from you
“Personal Information” or “personal data” is information that identifies you as an individual or relates to an identifiable individual. The Personal Information we may collect through our websites includes:
- your name, address, occupation and other contact information;
- information regarding your dealings with us;
- any interest you have in relation to our services or our practice areas (including job openings);
- any information you may voluntarily submit to us by completing any form on our websites; and
- details of your visits to and usage of our website including the date and time of your visit, the internet address from which you visited and the resources on our website that you viewed.
We also collect information about you which is categorised as Special Categories of Personal Data. This includes:
- health data including:
- personal health and medical information, family history, previous and current prescriptions and disability information;
- historical medical images and reports and other diagnostic information; and
- historic appointment and activity records; and
- ethnic origin
We collect Personal Information in various ways:
- from any form you may complete and submit through our websites, for example information collected from the “Contact Us” page of our website;
- from the content of surveys that you may complete on our website;
- from ‘cookies’ and other similar tools deployed on our websites (for further information regarding cookies used on our websites, please see Section 7 below); and
- when you provide information as a patient of LML in connection with your treatment. Such information may be collected from third parties such as your consultant, GP, other medical facilities where you have previously been treated and from companies such as insurance companies. Such information may also be collected through LML Websites when patients access LML patient links within this website. Access will be subject to the terms of business LML has with patients and any additional terms and conditions of use attached to those sites.
- Purposes of processing
Personal data that you or your company provides to LML, or that we otherwise obtain in relation to you, will be processed for the following purposes:
- to contact you to make an appointment with a healthcare professional, either face-to-face or over the telephone;
- for our healthcare professionals to use your personal information to provide you with tailored advice and guidance;
- for direct marketing purposes, subject to any preferences you communicate to us;
- for invoicing purposes;
- for patient feedback purposes;
- to communicate with you, your GP or other healthcare provider;
- to maintain appropriate business records;
- for statistical analysis and market research;
- for internal training and management of personnel;
- to respond to or evaluate any queries or complaints in relation to your treatment;
- for internal and external audits and, where necessary, investigations; and
- to establish, exercise or defend legal claims.
3.Legal basis for processing personal information
We must have a legal basis to process your Personal Information. In most cases the legal basis will be one of the following:
- for our legitimate interests, for example to provide services to our clients, to ensure that the services we provide are appropriate for our clients’ requirements, to improve our services, to enable us to comply with regulatory and governance requirements and to manage our business in an efficient way;
- for the legitimate interests of our patients and other third parties, for example to ensure that any services we provide to patients are suitable, to verify that our services are only made available to patients on an appropriate basis and to provide a high quality of service; and/or
- to comply with our legal obligations, regulatory requirements and governance procedures.
When we process Personal Information to meet our legitimate interests or those of a third party, we put in place robust safeguards to ensure that the privacy of individuals is protected and to ensure that those legitimate interests are not overridden by the interests or fundamental rights and freedoms of individuals.
- What we may do with your personal information
We may use your Personal Information in the following ways and for purposes specified in the relevant parts of the website:
- to facilitate your participation in interactive features you may choose to use on our websites;
- to correspond with you, notify you of events or changes to our services, or otherwise to respond to your queries and requests for information, which may include marketing to you;
- for the purposes of LML providing professional services to you; such services will be subject to additional terms and conditions of use including privacy;
- for data analysis, audits, fraud monitoring and prevention,
- to enable us to comply with our legal obligations; and
- to monitor website usage to help us enhance, improve or modify our website and to identifying usage trends that help us determine the effectiveness of our promotional campaigns and help us to develop new products and services.
Case records including medical records will not be sent to third parties (e.g. other medical practitioners) without your consent.
You are not required to share any of your personal information with other Programme participants during the group sessions but if may do so if you wish. Please also refer to the Code of Conduct set out in the LML website Terms and Conditions as regards those sessions.
- Disclosure of your information
LML may disclose your Personal Information to independent third parties as follows:
- to third party service providers such as entities providing customer service, email delivery, auditing, hosting our website, our marketing activities and other services;
- to third parties involved with events that you register for, to facilitate your participation in those events;
- if we are obliged to disclose your Personal Information under applicable law or regulation, which may include laws outside your country of residence;
- in order to enforce or apply our website terms of use, or to protect the rights, privacy, safety or property of LML, our clients, affiliates or other parties;
- in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings); and
- in accordance with the separate terms and conditions of use that may attach to LML website links.
In particular:
- Your health records including medical reports and the results of diagnostic tests are stored on Cliniko practice management software, which is protected through password protected log in. Within LML, access to your medical records is limited to LML’s medical and administrative staff. Your LML Coach will not be provided with access to your medical records. However, certain elements of your case will be discussed between your LML Doctor and your LML Coach in order to introduce you to your LML Coach. If there are any elements of your medical history that you do not want to be shared with you LML Coach it is your responsibility to inform your LML Doctor.
- Your email address will be shared with a third party email platform, MailChimp, to allow you to receive the daily Programme emails. The only information about you that is shared with MailChimp is your email address. MailChimp will not share your contact details with other third parties and you will not receive emails from anyone outside of LML as a result of LML’s use of MailChimp. In this context, we are required to provide you with MailChimp’s privacy policy which can be accessed via this link. If you do not want to receive these emails you can click on the “unsubscribe” link in any email.
- Your contact information will be shared with Cliniko, medical practice management software used by LML in order to send reminder messages to you, for example to send you a text message to remind you of an upcoming appointments. Cliniko will not share your contact details with other third parties. In this context, we are required to provide you with Cliniko’s privacy policy which can be accessed via this link.
- Demographic information such as your name, date of birth and contact details might be requested by One Welbeck Street, (the private hospital at which Dr Hameed consults) either directly from you or from us for administrative purposes.
- Your name and postal address will be shared with a third party logistics/fulfilment platform amazon.co.uk in order to send you books that you will need for full participation in the Programme. If you do not want to receive these books via amazon.co.uk please inform a member of the LML team.
- Cross border transfer
In connection with the above purposes we may transfer your Personal Information outside the European Economic Area and the United Kingdom, including to the United States and other jurisdictions which are not recognised by the European Commission as providing for an equivalent level of protection for personal data as is provided for in the European Union. For example some data is transferred to MailChimp and Amazon (i.e. name, email and postal address). If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include: (a) entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission or (b) transferring your personal data pursuant to binding corporate rules.
Further details of the measures that we have taken in this regard and the territories to which your Personal Information may be transferred are available by contacting us via one of the methods set out at the end of this notice.
- Cookies and information collected from your computer
When you visit our website, our server may record your IP address for the purposes of systems administration. In most cases, your IP address is not linked to any of your Personal Information, but in limited circumstances your IP address can be linked to your Personal Information. LML may also gather other non-personal information from you (from which LML cannot identify you), such as the type of your internet browser, which LML uses to provide you with a more effective service.
Additionally, when you visit our websites, LML may store a ‘cookie’ on the hard drive of your computer.
Cookies are small text files that a website transfers to your hard drive to store and sometimes collect information about your usage of websites, such as time spent on websites, pages visited, language preferences, and other traffic data. We use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize your experience while using our websites and to recognize your computer in order to assist your use our websites. We also gather statistical information about use of our websites in order to improve their design and functionality, understand how they are used and assist us with resolving questions regarding them.
There are different types of cookies, for example:
- Cookies served directly by LML (‘first party cookies’) and cookies served on our behalf, for example by advertisers and data analytics companies (‘third party cookies’)
- Cookies which endure for different periods of time, including those that only last only as long as your browser is open (referred to as ‘session cookies’) These are deleted automatically once you close your browser. Other cookies are ‘persistent cookies’, meaning that they survive after your browser is closed. For example, they recognise your device when you open your browser and browse the internet again
In order to help us improve our websites and the services we provide and to improve your experience of using our websites, our websites use several types of cookies:
Google Analytics.
This cookie is provided by Google, and we use them on our websites in order to analyze how visitors use our websites, thereby helping us to improve our websites. Google Analytics collects information in an anonymous form, including the number of visitors to our websites, how visitors have arrived to our websites, and which pages on our websites the visitors have viewed.
You have the right to choose whether or not to accept cookies. You can control the way in which cookies are used by altering your browser settings. You may refuse to accept cookies by activating the setting on your browser that allows you to reject cookies. Information about the procedure to follow in order to enable or disable cookies can be found on your Internet browser provider’s website via your help screen. Go to the ‘options’ or ‘preferences’ menu on your browser to change your settings.
You can view, allow or disable targeting cookies from the Privacy Preference Centre within the LML Website.
Advertising cookies.
Advertising cookies are set to display targeted promotions or advertisements based upon your interests on the sites or to manage our advertising. These cookies collect information about your activities on these and other sites to provide you targeted advertising. You can find information about advertising cookies, including how to see what cookies have been set on your device and how to manage and delete them at www.aboutcookies.org, www.allaboutcookies.org, or www.youronlinechoices.eu.
Please note that if you choose not to accept cookies, this may affect the functioning of our websites.
- Security and retention
LML maintains appropriate technical and organizational security measures to protect the security of your data against loss, misuse, unauthorised access, disclosure or alteration. These measures are aimed at ensuring the ongoing integrity and confidentiality of Personal Information. We evaluate these measures on a regular basis to ensure the security of the processing.
We will retain your Personal Information for as long as is necessary for the provision of any services we provide to you. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Generally, for health data, we are required to keep this for at least 8 years but if you would like specific information about this, please contact us. When we no longer need your Personal Information in connection with any services, we will retain your Personal Information for a period of time that reasonably allows us to comply with our regulatory obligations or governance requirements and to defend legal claims.
We may retain aggregated or anonymised data (which is not treated as Personal Information under this privacy notice) for longer.
- Your rights
You have the following rights, in certain circumstances and subject to applicable exemptions, in relation to your personal data:
- the right to access the personal data that we hold about you, together with other information about our processing of that personal data;
- the right to require us to rectify any inaccuracies in your personal data;
- the right to require us to erase your personal data;
- the right to request that we no longer process your personal data for particular purposes;
- where the legal basis for processing is consent, the right to withdraw your consent at any time;
- the right to object to our use of your personal data or the way in which we process it;
- in certain circumstances, you have the right to “data portability”, which means that you have the right to receive any personal data that you provided to us, in a structured, commonly used and machine-readable format or to require us to transmit that data to another controller; and
- you can ask to obtain a copy of, or reference to, the safeguards and any relevant EU Standard Contractual Clauses under which your personal information is transferred outside the EU/EEA.
If you would like to review, correct, update, suppress, object to or restrict the processing of your Personal Information or request a copy of Personal Information about you, you may contact us using the details found in the “Contact” section below.
In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to undertake any services or requests that you initiated prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed. Where that is the case, we will implement reasonable measures to ensure that this data remains secure and is not accessed or used in any way.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the UK Information Commissioner’s Office, at www.ico.org.uk concerns. We ask that you please attempt to resolve any issue with us first by contacting us – please see section 14 below for our contact information.
- Children and Minors
Our websites and services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from minors under the age of 18.
- Changes to our privacy policy
From time to time, we may change our privacy notice, and post those changes to our website located at www.londonmetaboliclaboratory.com or other LML Websites. The effective date of this privacy notice, as indicated at the beginning of this privacy notice, indicates the last time this privacy notice was revised or materially changed. Checking the effective date below allows you to determine whether there have been changes since the last time you reviewed the notice. We will post a notice on our website alerting users about any recent changes to the privacy notice which we believe to be significant.
- Contact
If you have any questions or comments regarding this privacy notice, please contact us via our website or at pa@londonmetaboliclaboratory.com