Privacy Notice
This Privacy Notice explains what information we collect about you, how we may use it, and the steps we take to ensure that it is kept secure. We also explain your rights and how to contact us.
About us
Lloyds Clinical is part of the Hallo Healthcare group of companies.
Lloyds Clinical provides care for patients with a range of conditions at home, in their place of work, or in the community. You can find out more about the range of work we do and how we do it here: https://lloydsclinical.com/about/
To help you understand how we treat your personal data, please read this Privacy Notice carefully. If you have any questions you can contact us by:
Writing to The Information Governance Manager or Data Protection Officer at dataprotectionofficer@lloydsclinical.com or Scimitar Park, Roydon Road, Harlow, Essex, CM19 5GU
Telephoning 0345 2636 123 (or 0345 2636 135 from Scotland)
Completing the contact form on our website
If you ever have any queries or concerns about the way Lloyds Clinical obtains or uses information about you, please get in touch. You can also contact the Information Commissioner if you are unhappy with how we have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
The ICO’s helpline number is: 0303 123 1113
Changes to this Privacy Notice
Privacy laws and practice are constantly developing, and we aim to meet high standards. Our notice and procedures are therefore under continual review. We may, from time to time, update our security and privacy notice and suggest that you check this page periodically to review our latest notice.
What is Personal Data?
Personal data is any information relating to a person who can be either directly or indirectly identified from that information and may include (but is not restricted to) name, address, email address and phone number.
The information we process
We collect, store and use (also called processing) personal data in order to provide our patients with the service(s) required.
If you are a patient who receives care we will have the following information about you:
Name
Address
Contact telephone number(s) and email address if you have one
Your NHS number if you are an NHS patient, and your Lloyds Clinical patient reference number
Your date of birth
Your gender
Your medical condition and related history
Your medicines and care needs
When you have received, or are due to receive deliveries
When you have received, or are due to receive nurse visits
What support you have received to provide self-care where this is an option
When you have contacted us, and when we have contacted you (including voice recordings of recent telephone calls)
If you are a private patient we will hold financial information
Information we collect about you
We collect and process information about you from a variety of sources.
We receive information from other sources including the Hospital Trust, your consultant, doctor or others involved in your care.
In the course of receiving the services you require you may provide us with further information which we will process in accordance with this notice. This may include:
Written or verbal information when creating an account with us
Information via the contact us form on our website
Information via correspondence with us by e-mail, telephone or otherwise
Information you provide during the course of us providing our service(s) to you
Completion of surveys
Your social media username if you interact with us through those channels to help us respond to your comments, questions or feedback
Anybody visiting any of our sites will also be recorded on CCTV for the prevention and detection of crime
Information about other people
If you provide information to us about any person other than yourself (i.e. authorised signatories who can sign for your medication) you confirm that you have made that person aware of how we may collect, use and disclose their information, the reason you have provided it, how they can contact us, the terms of this notice and that they have consented to such collection, use and disclosure.
Recording Telephone Calls
When you call us we may record that call, and keep that recording with your other information. We do this to ensure we provide the best possible care and customer service, and to review our services to see where we can learn and improve. Sometimes calls are audited as part of our governance function, and to provide assurances to medicines manufacturers and regulators that we meet their high standards.
How we use your information
All the personal information we obtain about you and/or any other person whose details you provide will be recorded, processed and protected in accordance with current data protection legislation.
We will keep your data confidential, use it lawfully, fairly and with transparency and protect your data keeping it secure. We will only retain your data for as long as necessary.
We primarily use your personal information in the following ways:
To create, maintain and securely store your patient record
To communicate with your hospital and doctors where necessary
To communicate with you regarding your deliveries and in the event we need to inform you of any issues regarding our service to you
To arrange to visit you and to provide you with care. Sometimes our nurses will help you learn how to care for yourself and keep records of how well you are doing
To carry out market research and conduct patient surveys
To deal with any queries or complaints, details of which will be recorded on your patient record to demonstrate our compliance with our contractual or legal obligations and our legitimate interests in providing you with the best service
Governance will regularly undertake audits, monitor calls and deal with complaints for quality control, training and service improvement
Finance to coordinate spending on patient care with NHS organisations and other partners and ensure we charge NHS (or other bill payers) correctly for the services we provide to you
Prescription Management to ensure all prescriptions are reviewed, renewed and are for the correct medicines
Warehouse and Packing to prepare packages of medicines and equipment for delivery
Transport to plan routes and ensure drivers make deliveries to patients or their authorised representatives
Our Pharmacovigilance team will investigate any adverse reaction to medicines and report such events to manufacturers and regulators in order to improve patient safety
CCTV footage at Lloyds Clinical premises is recorded and stored for the purposes of the prevention and detection of crime
For the safety of our off-site staff we utilise secure recording devices which may be activated in emergency situations.
Lawful grounds for processing your Information
In order to process your data lawfully we need to rely on one or more valid legal grounds. The grounds we may rely upon for the processing of your personal data include:
Consent: Your consent to processing activities, for example where you have consented to us using your information to invite you to participate in surveys. You are able to change your mind at any time by getting in touch using the details above
Contract: When we enter into a contract (or prior to entering into a contract) we use personal information for the performance of that contract
Legal Obligation: There may be occasions where we are required to process information for compliance with an applicable law. An example of this is our legal requirement to report any adverse reactions to medicine to the relevant regulator and the medicine’s manufacturer
Public Task: We will process patient data which includes special category data regarding the health of our patients in order to carry out our official function as a healthcare provider
Vital Interests: If we discover one or more people are at risk of harm we will process personal information to ensure the safety of these individuals, acting in that person’s vital interest
Legitimate interests: If we have a legitimate interest in something that we need to use your information to do, then we can rely on that interest as a lawful basis except where such interests are overridden by your interests and fundamental rights
Disclosure of your personal data
There are circumstances where we wish to disclose or are compelled by law to disclose your personal data to third parties. This will only take place in accordance with the applicable law and for the purposes listed. These scenarios include disclosure to:
Our subsidiaries, branches or associated offices
Our Group companies who may contact you by email, phone or post about other products and services (including those from other organisations) in which you may be interested (where you have consented to such communication)
Our outsourced service providers or suppliers to facilitate the provision of our products and/or services to you, for example:
our panel of medical experts, printing companies and mailing houses
manufacturers of the goods in the efforts to understand customer preferences, ensure satisfactory stock levels, to improve products and services and to calculate any volume discounts or rebates which may be applicable to your account
our data centre provider for the safe keeping of your personal data, webhosting provider through which your personal data may be collected
third party logistics companies where required to ensure continuity of our service to you
identity verification partners in order to verify your identity against public databases
In these circumstances, we will ensure that your personal data is properly protected and that it is only used in accordance with this Privacy Notice
Pharmaceutical companies and health authorities are legally required to collect reports of potential side effects or adverse events that happen to patients whilst taking their products to ensure patient safety. Your information is very important for public health and will not be used for any other purpose than the detection, understanding and prevention of side effects or adverse effects. Your contact details will not be shared without your consent
Third party service providers and consultants in order to protect the security or integrity of our business, including our databases and systems and for business continuity reasons
Public authorities where we are required by law to do so, or for reasons of public interest regarding public health or for research purposes.
Our regulators where it is a requirement to do so
If required, in order to receive legal advice; and
Any other third party where you have provided your consent
We share key information with your GP and the NHS as part of your care. We encourage everyone who uses our services to be open with others, whether professionals or family and friends.
When we share your personal information with the NHS we pseudonymise it, which means that only people who have access to other systems and information will be able to understand it. We use an identifier instead of your full name and protect your personal information while it’s being transferred by uploading it directly to the NHS through a secure portal.
Security
We take the security of personal information very seriously. We employ security technology, including firewalls, and Secure Socket Layers to safeguard information and have procedures in place to ensure that our paper and computer systems and databases are protected against unauthorised disclosure, use, loss and damage.
International Transfer of Personal Data
In the course of the matrix structure of our Group, your data will also be processed within our Group companies that are based in third countries, meaning in countries outside the European Economic Area. These data transfers are covered by an adequacy decision of the European Commission (Article 45 GDPR). Where this is not the case, e.g. when it comes to transfers to the USA, the data transfers are especially based on standard data protection clauses/standard contractual clauses in line with the templates adopted by the European Commission (Article 46 Para. 2 lit. c, Para. 5 S. 2 GDPR) or by an exemption according to Article 49 GDPR.
The same applies to external service providers who work on behalf of us (for example IT service providers or data centres) or third parties, insofar as they come into contact with your personal data and are based in third countries. This means that we transfer your IP address, for example, as part of the use of the TrustArc and Google Analytics tools, or your shortened IP address to countries outside the European Union, among others in the USA.
Otherwise, we do not transfer your personal data to countries outside the EU or the EEA or to international organisations.
Upon request, we will gladly provide you with appropriate detailed information.
Retention of Personal Data
Your personal data will be retained until your last use of our services, unless longer retention is required by the Data Protection Act 2018 and General Data Protection Regulation or where we have a continued legitimate and lawful purpose to do so. However, we will not retain beyond this period any of your personal data that is no longer required for the purposes set out in this Privacy Notice. The retention of your personal data will be subject to periodic review.
We may keep an anonymised form of your personal data, which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.
Your Rights
You have a number of rights regarding how your information is used, including the right to: access, rectify, erase, restrict, transport, and object to the processing of, your personal data. These rights will not all apply in every situation but to exercise them at any time, please contact us using the information above.
You also have the right to lodge a complaint with the relevant data protection authority if you believe that your personal data is not being processed in accordance with applicable data protection law. To contact the Information Commissioner’s Office (the supervisory authority in the United Kingdom), please see their details above.
Right to make subject access request (SAR). You have the right to ask us for copy of the information we have about you, whether in paper, or electronic form. Each such request will be dealt with on an individual basis.
Your right to rectification. You may request that we rectify any inaccurate and/or incomplete personal data.
Your right to erasure. You have the right to ask us to erase (delete or destroy) your personal information in certain circumstances. We will comply unless there is an overriding legal obligation we must comply with which requires us to retain your data.
Your right to object to processing. You have the right to object to us processing your data – including automated processing and profiling. You may, as permitted by applicable law, request that we stop processing your personal data. We may refuse your request to restrict processing if we have to use your information to provide you with care, or if it is in your vital interests for example. In relation to automated processing and profiling, you may object to the processing and you will have the right to obtain human intervention.
Your right to data portability. In some circumstances you may request that we provide your personal data to you in a structured, commonly used and machine-readable format and have it transferred to another provider. We will comply with such transfer as far as it is technically feasible. Please note that a transfer to another provider does not imply erasure of your personal data which may still be required for legitimate and lawful purposes.
Right to withdraw consent. You may, as permitted by applicable law, withdraw your consent to the processing of your personal data at any time. Such withdrawal will not affect the lawfulness of processing based on your previous consent. Please note that if you withdraw your consent, you may not be able to benefit certain service features for which the processing of your personal data is essential.
Cookies and tracking technology
In common with many other website operators, we use standard technology called ‘cookies’ on this site. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive and they are used to record how you navigate this website on each visit.
Our cookies are used to enable us to develop our Website to reflect our customers’ interests and by noting who has seen which pages, properties and advertisements (including click through from emails), how frequently particular pages are visited and determining the most popular areas of our website. We may use cookies to enrich your experience of using the website by allowing us to tailor what you see to what we have learned about your preferences during your visits to the site.
You can change your cookie preferences at any time by clicking ‘Select Cookie Preferences’ at the bottom of the page. If you do turn cookies off this will limit the service that we are able to provide to you and may affect your experience of the. While you will still be able to browse around the site some functions may not work properly.
If you prefer you can set your browser to disable or reject them. This will mean that no website will be able to place cookies on your computer. You can do this by adjusting the preferences within your browser. Each internet browser is different, so check the ‘help’ menu on your browser to learn how to change your cookie preference or visit www.allaboutcookies.org for further information on cookies and how to switch them off.
Cookie List
A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:
Strictly Necessary Cookies
These cookies are necessary for the basic functions of the website and cannot be switched off. Cookies in this category relate for example to functions such as setting your privacy preferences, logging in, filling in forms or selecting language preferences.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all these services may not function properly.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
Privacy Policy for Home Patient App
Introduction and Who We are
Welcome to our Lloyds Clinical Home App. It is provided by Lloyds Clinical Limited, a private limited company that is incorporated and operating in the United Kingdom and is registered with number 02764914. Our current registered office is at Unit 4 Scimitar Park, Roydon Road, Harlow, Essex, CM19 5GU.
We are committed to protecting your privacy and ensuring the security of your personal and health-related information. This Privacy Policy describes how we collect, use, disclose, and protect your data when you use our mobile Application (“App”) in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using the App, you agree to this Privacy Policy.
We are a controller in relation to the personal information that you put or allow in the App. A controller decides the purposes for which your personal information is used, and the means by which it is used. This document tells you our purposes and means, and other information required by UK GDPR and the Data Protection Act.
Our Patient App gives patients the ability to manage their personal information, schedule or amend their medication deliveries and view previous deliveries using their Android or Apple mobile devices. This App is not a medical device and is not intended to be used for use in medical emergencies.
Legal Basis for Data Processing
Consent: we ask your permission and only use your personal data if you give your permission
Legitimate interests: Use of your information is necessary for our legitimate interests. We process personal information for these purposes given our legitimate interest in providing patients with a more personalised experience based on your interactions on the App and to have the services team contact you where you have indicated an interest.
See below in the section “How We Use Your Information” to see our purposes for using your information and, for each one, our legal basis and any exceptions that we rely on.
Information We Collect
Patients can only access the App via an invite being sent to them, the invite contains a link, and patients can only register if their details entered (Name, DOB, postcode) match the details we have on recorded in our CRM system.
We may collect the following types of information:
1. Personal Information
– Full name
– Date of birth
– Email address
– Phone number
– Delivery address
2. Health Information
– Medication delivery history
3. Biometric data
– Face ID and Touch ID if enabled by patient when prompted
4. Third-party integrations
– Twilio for Multifactor Authentication (MFA)
How We Use Your Information
We use your information to:
– Process and fulfil medication deliveries (legitimate interests; provision and management of health services; establishment, exercise or defence of legal claims).
– Communicate order status (legitimate interests, and provision and management of health services).
– Monitor patient use so we can develop and improve the App functionality and user experience (legitimate interests)
– Storing and retrieving information on or from the device you use the App on (consent).
– Marketing (consent).
– Comply with legal and regulatory obligations (compliance; provision and management of health services; establishment, exercise or defence of legal claims).
Your Choices
You can choose whether to use the App or not and how much information you include in the App. If you choose not to use the App the alternative ways for you to order from us under our contract with you or your NHS or private sector health provider may not be so convenient. If you limit the information you include in the App it may affect our services or even prevent or obstruct us from providing our services for you.
Automated Decision
The App does not make automated decisions.
How We Share Your Information
We may share your information with:
– NHS healthcare providers
– Regulatory bodies as required by law
– Third-Party providers working with Lloyds Clinical in relation to the App to support in fixing or maintenance.
We do not sell your personal or health information to third parties.
Data Security
At Lloyds Clinical, we value your privacy and data security. All personal and medical data collected through our patient App is securely stored using Microsoft Azure cloud services with data centres in the United Kingdom.
We implement industry-leading security practices, including data encryption at rest and in transit, access control measures, and continuous monitoring to protect your information against unauthorised access, loss, or misuse.
The App uses multi-factor authentication for login, verifies email addresses via a one-time token, and does not store any personal data within the App itself.
All data is stored in Lloyds Clinical CRM system, ensuring compliance with GDPR and other security protocols.
By using our App, you consent to storing and processing your data within the United Kingdom under UK data protection laws, including the UK General Data Protection Regulation (UK GDPR).
Your Rights Over Your Personal Data
By law, you have a number of rights (subject to certain conditions) when it comes to your personal information.
You can contact us using the details in the ‘Contact Us’ section below to exercise any of these rights (as applicable) or to find out more about the information we hold on you as a Data Controller.
The Right To Access Your Personal Data, and A Copy of It
You have the right to obtain access to your information (if we’re processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you’re aware and can check that we are using your information in accordance with data protection law. You can do this by writing to us using the email address we have provided below.
The Right to Be Informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Policy.
The Right to Rectification of Inaccurate or Incomplete Data
You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by writing to us using the email we have provided below.
The Right to Erasure
This is also referred to as the ‘right to be forgotten’ in certain circumstances. In simple terms it enables you to request the deletion or removal of your information that we hold by writing to us on the email address below.
The Right to Restrict Processing of Your Data
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information but will not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in the future.
The right to Data Portability
You have rights to obtain and reuse your information for your own purposes across different services. For example, if you decide to switch to a new provider, this enables you to move, copy or transfer your information easily between our IT systems and theirs safely and securely, without affecting its usability.
The Right to Object to Data Processing
You have the right to object to certain types of processing, including processing for direct marketing (i.e. receiving emails from us notifying you about other services we have which we think will be of interest to you or being contacted with varying potential opportunities).
Right to Complain
If you are unhappy about the way in which we have processed your personal data then you have a right to raise the issue or to lodge a complaint with the Information Commissioner’s Office. please visit www.ico.org.uk/concerns (this link opens in a new window; please note that we are not responsible for the content of external websites
Rights to Withdraw Consent
If you have given your consent to anything we do with your personal information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). You can withdraw your consent to the processing of your information at any time by contacting us using the contact details below.
We usually act on requests and provide information free of charge, but we may charge a reasonable fee to cover our administrative costs of providing the information for excessive/repeated requests, or further copies of the same information. Alternatively, we may be entitled to refuse to act on the request.
We will respond to your request as soon as we can. Generally, this will be within one month from when we receive it but, if the request is going to take longer to deal with, we will let you know.
Data Retention
No data is stored in the App. However, we will retain a record of your personal data in our CRM in accordance with the UK GDPR and the following criteria:
Where we have a reasonable business need to do so, for example, in order to manage our relationship with you;
Where we are providing products and/or services to you and then for as long as someone could bring a claim against us in respect of those products or services; and/or;
in line with any legal and regulatory requirements or guidance in respect of retention periods.
If you uninstall the patient App your data will remain in our CRM system as an essential part of managing your ongoing care.
Third Parties or Processor Involved
Lloyds Clinical work together with third parties and processors that may on occasions have access to your personal data for example:
– The App developer – to help us fix the App if needed
– The IT services company who manage the CRM system; and
– The providers of our computers that the App and CRM systems run on, and who manages the Multifactor Authentication process.
Please feel free to contract Lloyds Clinical concerning any further information or concerns you may have in relation to third parties and processors.
Changes to The Policy
We may update this Privacy policy from time to time to reflect changes we might make to our services or to reflect changes in the law or best practice. Any changes we may make to the privacy policy in the future will be posted on this page. We encourage you to visit this page periodically so that you are aware of any changes which have been made. Additionally, you may receive notification of changes by e-mail or when you next start the App or log onto the Site. The new terms may be displayed on-screen, and you may be required to read and accept them to continue your use of the Service.
Contact Us
If you have any questions, concerns or complaints about this privacy policy or how we handle your personal information, please contact our Data Protection Officer at dataprotectionofficer@lloydscilinical.com or call our Patient Services team on 0345 2636 123.