Patient Privacy Notice
London Sports Orthopaedics is committed to protecting your personal data. The purpose of this Privacy Notice is to inform you how London Sports Orthopaedics LLP will use your personal data. London Sports Orthopaedics is the data controller. If you have any questions about this Privacy Notice, you may contact our Data Protection Manager by email at firstname.lastname@example.org, by telephone at 020 7496 3597, or by post to London Sports Orthopaedics, 31 Old Broad Street, London EC2N 1HT or alternatively, our Data Protection Officer by email at email@example.com.
The Information We Collect
We obtain information about you when you register with us as a patient, make an appointment for a consultation, undergo treatment or investigations, when you are referred to us by another healthcare professional, or when you contact us about our services.
Depending on circumstances, the personal data we use will include:
- Your name.
- Your date of birth and gender.
- Your postal address, email address and telephone numbers.
- Your medical records, including referral details, and information provided by third parties and other healthcare professionals.
- Details of your condition, treatments and investigations.
- Emergency contact details and next of kin.
- Your GP details.
- The details of any other healthcare professionals involved in your care, and the information provided by them about your care.
- Information about medical or health conditions of your family members.
- Your financial information e.g. your bank account and/or payment card details, or the financial information of any third party who is responsible for paying invoices relating to your treatment e.g. health insurance company or sponsor.
- Information about your nationality and entitlement to treatment in the UK.
- Information received in response to any questionnaires, complaints, claims, or subject access requests.
- Information about how you use our website.
- The personal information we collect via our website includes your IP address, and information regarding which pages you access and when, and if you submit a form via the website e.g. to make an appointment, we will also collect your name, email address, details of how you will pay (self-funding, insurance, or Embassy), and the details of the enquiry you submit.
- The information you submit via website forms is transmitted to us as an email and is not stored within the content management system thereafter.
- On our website, if you follow any links to other websites, please check the privacy notices on these websites, as we do not accept any responsibility or liability for these.
Our office at 31 Old Broad Street, London EC2N 1HT is part of London Bridge Hospital. There is CCTV operating on these premises which collects visual data about your personal appearance and behaviour. Information regarding this may be received from HCA’s Corporate Security Team by telephone at 020 7496 3522. London Sports Orthopaedics does not control the use, retention or deletion of any of the footage obtained by these cameras.
How We Collect Your Personal Data
We collect your personal data in a variety of ways:
- By telephone, when an appointment is scheduled, or an enquiry made about our services by you or by a third party doing so on your behalf.
- Through registration forms, either provided by you directly to us, or provided to us by the hospital facility at which you are seen.
- Through online web forms completed by you or your referrer.
- From correspondence with you, by telephone, post, or email.
- From your GP, or the healthcare professional who has referred you to our clinic.
- From other third parties, such as your insurance company or sponsor.
- Information provided by you when you attend our clinic or undergo treatment or investigations.
Personnel Who Process Your Personal Data
In order to provide an efficient healthcare service to you, the Consultants, management team, secretarial staff, reception staff, typists and accounts team at London Sports Orthopaedics will process your personal data. Your data may also be processed by a third party typist or debt recovery company in certain circumstances.
We may monitor and/or record calls, emails, text messages, and other communications with you, in order to ensure an appropriate standard of care, for regulatory compliance, crime prevention and detection, to protect the security of our communications systems, to check for unlawful or obscene content, for good governance, staff training, and when we need to see a record of communications. We may also monitor activities on our network and systems where necessary for these reasons and this is satisfied in law by our legitimate interests or other legal .
How We Use Your Personal Data
We will process your personal data under Article 6 (1); Article 9 (2) of the General Data Protection Regulation and the equivalent provisions within the Data Protection Act 2018 to provide healthcare services, to arrange appointments with the appropriate consultant, hospital or other facility for consultation, investigations or treatment, to decide the appropriate treatment pathway for your circumstances, to communicate with you about your care, to communicate with the other healthcare professionals involved in your care, and to keep your records accurate and up-to-date.
We will also process your personal data for our legitimate interests or those of other persons and organisations, unless your interests override our legitimate interest. Examples of personal data processing in our legitimate interests are provision of data for corporate governance, accounting purposes, and to fulfil business needs, for auditing our clinical and business operations, to allow us to receive full payment for the services provided to you, and to monitor emails, calls, other communications, and activities on our networks and systems; to comply with our legal and regulatory obligations, for example, when you exercise your rights under data protection law, to establish and defend our legal rights, for activities relating to the prevention, detection and investigation of crime, to verify your identity, make credit fraud prevention and anti-money laundering checks, and to investigate complaints, claims, data protection incidents, and clinical incidents
We will process your personal data based on your consent if you ask us to disclose your personal data to third parties, e.g. a family member, or otherwise agree to disclosures. You are free at any time to change your mind and withdraw your consent, where the processing is carried out under that lawful basis.
Sharing Your Personal Data
Subject to applicable data protection laws, and depending on your individual situation, we will share your personal data with:
- Other healthcare providers who are involved in your care, such as your GP, or referring healthcare professional.
- Sub-contractors and third parties who help us to provide healthcare services to you.
- Hospital Facilities, companies and other persons providing services to you as part of your extended care.
- Our legal and other professional advisors.
- Fraud prevention agencies and debt collection agencies.
- Government bodies and agencies in the UK and overseas e.g. HMRC.
- Courts, to comply with legal requirements.
- In an emergency, or to otherwise protect your vital interests.
- To protect the security or integrity of our business operations.
- When we restructure, or sell our business or its assets.
- Payment systems and providers.
- Software systems and providers. Our Email system is Microsoft Exchange. Microsoft’s Privacy Notice is available at https://privacy.microsoft.com/en-gb/privacystatement. Our patient management software system is Meddbase. Meddbase’s Privacy Notice can be found at https://www.meddbase.com/privacy-statement.
- Anyone else where we have your consent or as required by law.
- Subject to applicable data protection laws and your explicit written consent, we may share your personal data for the purpose of scientific research.
- We will never share your personal data with third parties for marketing purposes.
Security of your Personal Data
We are committed to securing your personal data. All paper and electronic personal data held by us is stored securely. All personnel involved in processing your personal data are trained in GDPR data protection principles. When we share, or otherwise transfer, your personal data, we will do so by encrypted email or by post.
Your Rights Under the General Data Protection Regulation (GDPR)
Under the GDPR, you have certain rights in relation to how your personal data is processed, including:
- The right to be informed about processing of your personal data.
- The right to have any inaccuracies in your personal data corrected.
- The right to object to processing of your personal data.
- The right to restrict processing of your personal data.
- The right to have your personal data erased.
- The right to request access to your personal data and information about how we process it (Subject Access Request).
- The right to move, copy or transfer your personal data.
- Rights in relation to automated decision making including profiling.
Please note that these rights may not apply in all circumstances. If you wish to exercise these rights, please contact the Data Protection Manager by email at firstname.lastname@example.org, by telephone at 020 7496 3597 or by post to Data Protection Manager, London Sports Orthopaedics, 31 Old Broad Street, London EC2N 1HT. Alternatively, you can email our Data Protection Officer directly at email@example.com. You have the right to complain to the Information Commissioner’s Office (www.ico.org.uk), who are responsible for monitoring compliance with data protection laws.