Skip to main content

Privacy Policy

This privacy notice explains the information we collect from you when you use our website and services. As a data controller, we are required by law to inform you about who we are, why we collect your data, how we use it, and the rights you have regarding your personal information.

Who are we?

We are Lumir Clinic UK Ltd trading as Lumir Clinic (“the Clinic”).

The Clinic collects and uses your information in order to provide services to you. In this capacity, we act as a data controller when processing the personal information you provide while using our services.

This policy covers:

  • The types of information we collect about you
  • How we use that information
  • Who we may share your information with
  • How long we retain your information
  • Where your information is stored
  • The rights you have under data protection laws
  • How to contact us if you have any questions or concerns about this notice

Terms used

  • “Clinic Team”: The Clinic Team consists of the clinicians directly providing or supporting your care at the Clinic, as well as administrative staff.
  • “Personal data”: Any information relating to an identifiable living person.
  • “Special personal data” or “special category data”: More sensitive data, such as health-related information (including mental health), genetic or biometric data, gender, and ethnicity.

Legal basis for processing personal data

We process your personal data based on the following grounds:

  • Consent: We will ask for your consent when necessary, for example, when you complete a medical questionnaire or allow us to contact your GP to access your medical records. You may also be asked for consent to process sensitive data to ensure your safety during treatment and care.
  • Contractual obligations: Your data may be required to fulfill our obligations, such as processing payments and securing your appointment.
  • Legal compliance: Certain data processing is required by law, such as proof of identity or age.
  • Legitimate interests: We may process your data to pursue our legitimate business interests, provided it does not significantly affect your rights or freedoms. For example, we use your contact details to respond to inquiries and provide relevant information. We may also anonymize your data and combine it with other customers’ data to improve our services.

What information does the Clinic collect?

The Clinic collects and stores personal data such as:

  • Contact information (name, title, address, phone number, and email)
  • Biographical data (date of birth, nationality, gender)
  • Next of kin details (including emergency contacts)
  • NHS number
  • Communications between you and the Clinic or between the Clinic and your GP
  • Your health records, including treatment notes, investigation results, and information provided by health professionals involved in your care
  • Equality and diversity data (e.g., ethnicity, sexual orientation, religious beliefs, disability status)

How do we use your information?

We use your data solely to ensure your treatment and care as a patient. We process your personal information for:

  • Providing treatments
  • Communicating with you and your next of kin or carers (as appropriate)
  • Auditing and monitoring the quality of care we provide
  • Responding to feedback or complaints
  • Notifying you of appointment changes or cancellations
  • Responding to queries from regulators or complying with legal requirements
  • Handling legal claims and complying with court orders
  • Supporting national research or evaluation registries
  • Managing public health risks
  • Asking for your participation in research projects
  • Training and educating our staff using anonymized data, or with your consent, identifiable data
  • Writing letters about your treatment, upon request, for your employer or other relevant parties

We may also use your data to meet contractual or legal obligations, improve website functionality, or send you direct marketing communications with your consent (which you can withdraw at any time).

How is information about me stored?

As part of our commitment to protecting your personal data under the General Data Protection Regulation (GDPR), we store personal data in a secure SQL database hosted on Amazon Web Services (AWS). AWS provides robust security features to ensure your data is protected in compliance with GDPR standards.

Data is encrypted both in transit and at rest using industry-standard encryption protocols. AWS’s infrastructure includes security features such as multi-factor authentication (MFA), firewall protections, automated backup systems, and continuous monitoring for any unauthorized access.

We use the following AWS security mechanisms:

  • Encryption: All data is encrypted using advanced encryption standards (AES-256) while stored and transmitted to prevent unauthorized access.
  • Access Control: Strict access control policies are enforced, ensuring only authorized personnel can access your personal data, with further authentication measures in place.
  • Monitoring and Logging: AWS provides continuous monitoring, logging, and auditing of all activity on the servers where data is stored, providing real-time alerts for any suspicious activity.
  • Data Backups: Automated backups are performed regularly to ensure data integrity and prevent any data loss in the event of a failure.

 

We also will store your data in our clinical system which provides equivalent to aforementioned AWS security mechanisms.

We ensure that all data processing activities comply with GDPR, including any potential international transfers, and we have strict protocols in place to handle data securely and protect your rights as a data subject.

If you have any questions regarding how we store and protect your data, please contact our Data Protection Officer (DPO).

 

Cookies

Our website uses cookies and similar technologies to give you the best possible experience. Cookies help us understand website usage, user activity, and behavior. You can choose to allow all cookies, only essential cookies, or customize your preferences when you use our website.

Does the Clinic share my personal information?

We may share your information with:

  • Referring healthcare professionals
  • Diagnostic test providers
  • Private ambulance or transport services

As part of Lumir Clinic UK Ltd trading as Lumir Clinic, we may also share your data with other group companies, including Lumir Clinic’s Pharmacy Partner or anonymised data with our headquarters in Australia to assist with business intelligence and providing a safer and more responsive service.

 

Data will only be shared when necessary for delivering services or improving our business. All group companies follow the same procedures to ensure your data is protected.

With your consent, we may share information with relatives, partners, or friends who care for you or act as your emergency contact.

Sharing information with other organizations

In some limited cases, we may need to share your data with organizations not directly involved in your care, for example:

  • With the police or other emergency services if there is an immediate risk of harm or if required by law
  • With our professional advisors (e.g., lawyers, accountants) for advice on legal matters
  • In compliance with a court order
  • If our assets are merged or acquired by a third party

How long do we keep your personal data?

We will retain your personal data for as long as necessary to fulfill the purpose for which it was collected, usually for a period of 8 years. After this, your data will be deleted or anonymized for statistical analysis purposes.

Will my data be transferred outside of the EU?

Yourdata will be stored in the UK or EU.

What rights do I have?

Under the UK GDPR and Data Protection (Jersey) Law, you have the right to:

  • Access your personal information (data subject access request)
  • Correct inaccurate or incomplete data
  • Request erasure of your data where there is no valid reason for continued processing
  • Object to the processing of your data based on legitimate interest
  • Request the restriction of data processing under certain circumstances

We may deny requests in some instances where legal obligations or overriding reasons exist.

If you have any questions or wish to exercise your rights, please contact our Data Protection Officer (DPO) at the contact information below.

Who can I contact regarding my data?

For questions about how we use your personal data, your rights, or the content of this privacy notice, please contact our Data Protection Officer (DPO) at dataprotection@lumirclinic.com.

If you believe your data protection rights have not been upheld, you may contact the Information Commissioner’s Office (ICO) in the UK.

Changes to this privacy policy

We may update this policy from time to time to reflect how we use your personal data. Please review this policy regularly on our website to stay informed.