We are The Medical Cannabis Clinics (London) (“the Clinic”).
The Clinic collects and uses your information in order to provide our services to you. We are a data controller in relation to the processing of personal information that you provide us when using our services.
This policy explains:
- The types of information we collect about you
- The purposes for which we use that information
- Who we may share your information with
- How long we keep information about you for
- Where the information about you is stored
- The rights you have under data protection legislation
- Contact details if you have any queries or concerns about what is said in this notice
“Clinic Team”. The Clinic Team is made up of the clinicians who directly provide or support your care at the Clinic and may also include administrative colleagues.
“personal data”. Personal data is any information relating to a living individual who can be identified from the information.
“special personal data” or “special category data”, this is data that is deemed to be more sensitive than the above personal data. It includes for example data about your health (including mental health), genetic data and biometric data where processed to uniquely identify an individual; your gender and ethnicity.
We set out below the bases we rely upon to process your personal data:
Consent: where we ask for your consent to process your data for a specific purpose. Such as when we ask you to complete a medical questionnaire. As a patient you may be asked for consent to allow us to collect sensitive personal data about you to ensure your safe treatment and care.
Contractual obligations: where we need your data to fulfil our contractual obligations, i.e. your contact details and address to process payment and secure your booking.
Legal compliance: where we are required by law or regulatory bodies to process your data for example proof of ID and age where the law requires.
Legitimate Interests: where we require your data to pursue our interests in a way which might reasonably be expected as part of running our business and which does not significantly impact your rights or freedom. We will use the contact details you provide, to call/SMS/email you regarding your enquiry and provide you with targeted relevant information. We may also combine and anonymise your data with that of other customers to help make improvements to our service and business.
What information does the Clinic use?
The personal data/information the Clinic uses and stores about you includes:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
- Biographical information like your date of birth, nationality and gender.
- Information about your next of kin and carers (including their contact details and emergency contact information).
- Your NHS number.
- Communications with or about you, for example letters and emails between the Clinic and you or letters you ask us to write to your employer.
The Clinic may also use and store the following special personal data about you:
- Notes and reports relevant to your health, including any information you have told us about your health.
- Details of your treatment and care, including the professional opinion of the staff caring for you.
- Results of investigations, such as laboratory tests and x-rays.
- Relevant information from health and social care professionals, relatives or those who care for you.
- Information about your ethnicity, sexual orientation, sex life, religious beliefs or opinion or genetic data where this is relevant to your care or is information that you have provided to us as part of your care.
- Equality and diversity information about you. This may include details of your ethnicity, sexual orientation, religious or philosophical beliefs or any disability.
We only use this data for the purposes of your treatment and to ensure you care and safety as a patient. We will usually ask for your consent to collect or process this data, though there may be instances where we are required or permitted to do so by applicable law (eg. To comply with public health requirements). We never use your sensitive personal data for marketing. When you arrive for an appointment, the clinic team may check your details to ensure our records are accurate. We ask that you notify us promptly of any inaccuracies in the information or changes to your personal details.
How is information about me stored?
This information will be stored electronically on a patient information system.
We take the security of your data seriously and take all appropriate steps to protect it from unauthorised access, loss and misuse. We never sell any of your personal data for any purpose. We further restrict access to any sensitive personal data we may collect (such as medical records) and it is never used for marketing purposes.
How is information about me stored?
We may use your information to:
- Provide you with treatments for your condition or symptoms.
- Communicate with you and, if appropriate your next of kin and/or carer(s), about your care.
- Carry out internal audits and monitor the care the Clinic provides to ensure it is of the highest standard.
- Get feedback on our service and respond to any complaint from you.
- Keep you up to date about a change, cancellation or postponement of any appointment
- Respond to queries from regulators or if there is a legal requirement for us to do so.
- Conduct legal claims, comply with a court order or other legal obligation, seek legal advice or advice about
- Insurance coverage or other assistance from our professional advisors.
- Provide information to national registries that systematically collect data about particular conditions to help
- Research or evaluation.
- Prevent or manage risks to public health.
- Ask you whether or not you want to participate in research projects.
- Produce anonymous information that we can use to train and educate the Clinic’s staff. We will only use
- Information from which you can be identified for training purposes if you have agreed to this beforehand.
- If you ask us to, to provide a letter about your treatment to your employer.
To help us give you the best possible experience, our websites and emails contain cookies, and similar technologies. Cookies are small text files that are downloaded to your computer/device when you visit websites. They serve a range of purposes such as helping us understand our website usage, activity and user behaviour.
Does the Clinic share my personal information?
Sharing your information to provide you with care
As part of providing you with care we may need to share your information. This includes sharing information with:
- Your referring healthcare professional
- Organisations that provide diagnostic tests;
- Organisations that provide private ambulance or patient transport services
Sharing information with your next of kin or carer
With your agreement, information can be shared with relatives, partners or friends who act as a carer for you. We may share information with anyone you have given as an emergency contact, for example your next of kin.
Sharing your information for other purposes
Usually the Clinic will not share information about you and your health with other organisations unless they are involved in your care or you have agreed to the data sharing. However, there are some limited circumstances where we may share information with other organisations who are not directly involved in your care. For example:
- We may share information with the police, fire and rescue services if:
⁃ There is an immediate risk of harm to you or other people
⁃ There is a legal requirement to do so e.g. the police have obtained a court order requiring us to provide information[KT1]
- We may share information with our professional advisors, including lawyers and accountants, if this is necessary to take and receive professional advice (including legal advice) and with insurers,
- We may share information with individuals or organisations specified in a court order.
- Where we, or substantially all of our assets, are merged or acquired by a third party, in which case this information may form part of the transferred or merged assets
How long will the Clinic keep personal data about me for?
Your personal data will be held by the Clinic for as long as is necessary to fulfil the purpose for which it was collected. It will then be stored for a period of 10 years. At the end of that period, your data will either be deleted or anonymised so that it can be used in a non-identifiable way for statistical analysis which helps us make improvements to our service and business.[KT2]
Will the Clinic transfer my data outside of the EU? The Clinic does not transfer data outside of the EU.
What rights do I have?
The General Data Protection Regulation (GDPR) gives individuals rights about their personal data:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information the Clinic holds about you and to check that the Clinic is lawfully processing it.
- Request correction of the personal information that the Clinic holds about you. This enables you to have any incomplete or inaccurate information the Clinic holds about you corrected.
- Request erasure of your personal information. This enables you to ask the Clinic to delete or remove personal information where there is no good reason for the Clinic continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where the Clinic is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask the Clinic to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Please note there may be instances where we refuse your request for any of the above (unless otherwise stated) where we have a strong overriding [KT3] reason or are legally obliged to.
If you wish to exercise any of your rights, have a complaint or questions about this policy, please contact our Data Protection Officer at the contact details specified in the section below.
You can find out more about your rights under the GDPR through the Information Commissioner’s Office: https://ico.org.uk/
Who can I contact at the Clinic in relation to my data?
If you have any questions about how the Clinic uses your personal data, your rights or the content of this notice, the Clinic has appointed a Data Protection Officer (“DPO”) who is Lance Fisher. Please contact the DPO at 33 Foley Street, London W1W 7TL.
If you do not think that the Clinic has complied with your data protection rights or legislation you can contact the Information Commissioner’s Office at https://ico.org.uk/