Privacy Policy

Health Clinics Limited trading as Care Oncology Clinic ("we", "us") is committed to ensuring that your privacy is protected. This privacy policy sets out how we will collect, store, use, share and protect any information that you provide to us. We also explain your rights and how to contact us.

Your personal data will only be used in accordance with this privacy policy.

Contents

About us

Our processing of your personal information

Prospective or existing patients.

Users of the Care Oncology Clinic website

Healthcare Professionals

Business Partners, Sub-contractors and suppliers

What marketing activities do we carry out?

How long do we keep your personal information for?

How do we protect your information?

What is our approach to sending your personal information overseas?

Your rights

Links to other websites

Contacting us

Updates to this policy

About us

We are a provider of adjunctive therapeutic cancer treatments and we manage and operate a chain of specialist cancer clinics. We also conduct research into cancer, and the safety and efficacy of our therapeutic approach.

We have appointed a Data Protection Officer to oversee our handling of personal information. Our Data Protection Officer is Mr Raphael Swery, CEO and can be reached at raphael.swery@careoncologyclinic.com. We process your information in the ways outlined below.

For the purposes of the data protection law, Health Clinics Limited will be the data controller.

Our processing of your personal information

We will collect and use different personal information about you for different reasons, depending on our relationship with you.

Sometimes we will request or receive “special categories of personal information” (which is information relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership).

Where you provide personal information to us about other individuals (for example, members of your family or other dependents) we will also be data controller of their personal information and we are responsible for protecting their personal information and using it appropriately. This policy will therefore apply to those individuals and you should refer them to this policy.

In order to make this policy as user friendly as possible, we have split it into different sections. Please click on the section below that best describes your relationship with us and the service you receive from us.

Prospective or existing patients.

1 Where you are a prospective or existing patient enquiring about or receiving cancer treatments or participating in a cancer study.
This section will apply if you currently participate in a cancer study or receive cancer treatment or if you are looking to participate in a cancer study or receive cancer treatment.
2 What personal information will we collect?

We collect the following personal information:

  • General information such as your name, address, phone numbers and email addresses, date of birth and gender.

  • Identification information including passport, driving licence, national identity card (for non-UK nationals) or government issued ID verification.

  • Employment information such as job title, employment history and professional accreditations.

  • Financial information such as your bank details and credit and debit card details.

  • Information about your family including information about your dependents.

  • Information obtained during telephone recordings.

  • Information about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views). For more information, please see our cookies policy.

  • Information which we have gathered from social media in limited circumstances where content may be relevant as patient testimonials for the purposes of marketing the clinic.

3 What special categories of personal information will we collect?
  • Details about your physical, mental and emotional health including information on your medical history and treatments received, including but not limited to, blood test results, radiology (imaging reports), medical examinations, histology (biopsies), allergies, co-morbidities, current and historical medications, relevant psychological assessments (including quality of life assessments), bone assessments, performance status (i.e. appetite, pain levels, quality of life).

  • Details of your race and/or ethnicity.

  • Details of any genetic data or biometric data relating to you.

  • Details of your sexual orientation (where relevant to your care).

4 How will we collect your personal information?

We will collect information directly from you when:

  • you attend our clinic or by filling in forms on our website.

  • you contact us by email, telephone and through other written and verbal communications.

  • Dealing with any complaints you may have.

As well as obtaining information directly from you, we will also collect your personal information from:

  • Social media in limited circumstances where content may be relevant as patient testimonials for the purposes of marketing the clinic.

  • Enquiries, discussions and referrals with healthcare professionals including NHS doctors, GPs and oncologists.

  • Other hospitals or clinics that you are currently being treated who may share your medical information with us.

5 What will we use your personal information for?

There are a number of reasons we use your personal information and for each use we need to have a "legal ground" to do so.

We will rely on the following “legal grounds” when we process your "personal information":

  • We need to use your personal information to enter into or perform the contract that we hold with you.

  • We have a legal or regulatory obligation to use such personal information. For example, your data subject access rights.

  • We have a valid business reason to use your personal information and which is necessary for our everyday business operations and activities (e.g. to keep business and accounting records, manage our business operations and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.

  • In each case we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.

When we use your “special categories of personal information", we must have an additional “legal ground". For certain processing purposes, we have outlined alternative legal grounds. We will rely on the following legal grounds when we process your special categories of personal information:

  • You have given your explicit consent to our use of your special categories of personal information.

  • We need to use such special categories of personal information to establish, exercise or defend legal rights, such as when we are facing legal proceedings or want to bring legal proceedings ourselves.

  • We need to use such special categories of personal information for the purposes of preventive medicine, medical diagnosis, provision of healthcare and treatment and the management of health care systems and services.

  • We need to use such special categories of personal information for the purposes of medical and scientific research, where that research is not to support measures or decisions with respect to particular individuals.

Summary table on the legal grounds for processing your information:

5a Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
To carry out our obligations arising from any contracts entered into between you and us.

It is necessary to enter into or perform your contract.

The processing is necessary for a legitimate interest in the form of a valid business reason (to ensure that we fulfil our contractual obligations to clients).

We need to use your information in order to establish, exercise or defend legal rights.

You have given us your explicit consent.

To provide you with the information, products and services that you request from us. The processing is necessary for a legitimate interest in the form of a valid business reason (to provide you with information about our treatments, products and services that we offer).

The processing is necessary for the purposes of preventive medicine, medical diagnosis, provision of healthcare and treatment and the management of health care systems and services.

You have given us your explicit consent.

To contact you about a request/enquiry you have made with us, for example requesting an appointment with a consultant. The processing is necessary for a legitimate interest in the form of a valid business reason (to respond to requests received as part of running our business efficiently and effectively).

The processing is necessary for the purposes of preventive medicine, medical diagnosis, provision of healthcare and treatment and the management of health care systems and services.

You have given us your explicit consent.

To communicate with your healthcare providers.

It is necessary to enter into or perform your contract.

The processing is necessary for a legitimate interest in the form of a valid business reason (to ensure that we fulfil our contractual obligations to clients).

The processing is necessary for the purposes of preventive medicine, medical diagnosis, provision of healthcare and treatment and the management of health care systems and services.

You have given us your explicit consent.

To provide you with information you may have requested, for example a letter for your doctor.

It is necessary to enter into or perform your contract.

It is necessary for compliance with a legal obligation to which we are subject (your data subject access rights).

The processing is necessary for the purposes of preventive medicine, medical diagnosis, provision of healthcare and treatment and the management of health care systems and services.

You have given us your explicit consent.

To notify you about changes to our service. The processing is necessary for a legitimate interest in the form of a valid business reason (to notify you about changes to our service).
To conduct research and analysis involving cohort studies using aggregated and anonymised data with the aim of achieving peer review to validate our treatment methods. The processing is necessary for a legitimate interest in the form of a valid business reason (to conduct research and analysis to improve the treatments, products and services we offer). The processing is necessary for the purposes of medical and scientific research, and the research is not to support measures or decisions with respect to particular individuals.
To conduct research and analysis in limited circumstances where we may undertake case studies involving specified individuals using pseudonymised data. The processing is necessary for legitimate interest in the form of a valid business reason (to conduct research and analysis to improve the treatments, products and services we offer).

The processing is necessary for the purposes of preventive medicine, medical diagnosis, provision of healthcare and treatment and the management of health care systems and services, where that research is to support measures or decisions with respect to particular individuals; or

The processing is necessary for the purposes of scientific research where that research is not to support measures or decisions with respect to particular individuals.

To provide to third parties, who may undertake independent statistical analysis using statistical techniques for the purposes of conducting research and producing reports to verify our research. The processing is necessary for a legitimate interest in the form of a valid business reason (to use your information to improve the treatments, products and services we offer).

The processing is necessary for the purposes of preventive medicine, medical diagnosis, provision of healthcare and treatment and the management of health care systems and services, where that research is to support measures or decisions with respect to particular individuals; or

The processing is necessary for the purposes of scientific or statistical research where that research is not to support measures or decisions with respect to particular individuals.

To evaluate and improve our business, including maintaining business records, file keeping, pricing our products appropriately, strategic business planning and internal audit, and management information. The processing is necessary for a legitimate interest in the form of a valid business reason (to run our business efficiently and effectively).

You have given us your explicit consent.

We need to use your information in order to establish, exercise or defend legal rights.

To comply with our legal or regulatory obligations. The use is necessary in order for us to comply with our legal obligations. The use is necessary in order for us to establish, exercise or defend our legal rights.
Communicating with you and resolving any complaints that you might have.

It is necessary to enter into or perform your insurance contract.

The processing is necessary for a legitimate interest in the form of a valid business reason (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).

You have given us your explicit consent.

We need to use your information in order to establish, exercise or defend legal rights.

To review how our website is being used and to make improvements to our website The processing is necessary for a legitimate interest in the form of a valid business reason (to run our business efficiently and effectively).
6 Who will we share your personal information with?

We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties.

  • Our business partners, suppliers and sub-contractors for the performance of any contract we enter into with you or with them for your benefit. For example, medical details you send to us electronically for assessment of your condition, arrangement of appointment or any other purpose may be transmitted to consultants with admitting rights at Care Oncology Clinic for their professional opinion.

  • Healthcare professionals including NHS doctors, GPs, oncologists, referring consultants or your other primary care provider(s).

  • We will share anonymised, aggregated data with specialist bio-statisticians, based in the European Economic Area ("EEA"), for the purposes of medical research.

  • We will share your personal information with a registered pharmacy which is providing you with medications we have prescribed for you.

  • Other third parties who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as document management providers, back office system providers, storage warehouses, IT suppliers, actuaries, auditors, lawyers, pharmacy providers, your health insurance provider, outsourced business process management providers, our subcontractors and tax advisers.

  • Our insurers (if appropriate) and with your health insurance company to facilitate reimbursement to you of costs incurred by you.

  • Prospective purchasers of our business, so that you may continue receiving a seamless service from the Care Oncology Clinic.

  • Those who we are under a duty to disclose or share your personal data with in order to comply with any legal obligation or for the purposes of fraud protection and credit risk reduction.

  • Third parties, using anonymised data, for the purposes of conducting marketing-related activities, including conducting market research and reports.

Users of the Care Oncology Clinic website

1 Where you are a User of the Care Oncology Clinic Website
If you are a user of the Care Oncology clinic website, this section will be relevant to you and sets out our uses of your personal information.
2 What personal information will we collect?
  • General information such as your name, phone number, email address, date of birth and gender.

  • Information about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views). For more information, please see our cookies policy.

3 What special categories of personal information will we collect?
  • Details about your physical health, including information on your cancer type and medical diagnosis.

  • Details about your medical history and current and past treatments.

4 How will we collect your personal information?

We will collect information directly from you when:

  • When you use our website and submit a form to enquire about appointments or to request a new patient information pack.

  • If you provide us directly with your personal information and request to be kept informed of news from the clinic.

As well as obtaining information directly from you, we will also collect your personal information from:

  • Your family or friends, who may, on your behalf, enquire about appointments or to request a patient information pack.

  • Our website may also collect your device’s unique identifier, such as your IP address.

5 What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

  • We need to use your personal information for a valid business reason (e.g. to monitor the number of visitors and usage of our website, to follow up on enquiries and to provide marketing information to you). When using your personal information for these purposes, we will always consider your rights and interests.

If you have filled in contact information, we will contact you to discuss the treatment and our clinical services.

When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your " special categories of personal information":

  • You have provided your explicit consent to our use of your special categories of personal information (e.g. in relation to your marketing preferences).

Summary table on the legal grounds for processing your information:

5a Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information

To follow up on enquiries you make or enquiries submitted on your behalf by your family and friends.

The processing is necessary for legitimate interest in the form of a business reason (to respond to all communications and enquiries we receive).

You have given us your explicit consent.

To provide marketing information to you.

The processing is necessary for legitimate interest in the form of a valid business reason (to send you selected communications about other products and services we offer).

You have given us your explicit consent.

To review how our website is being used and to make improvements to our website.

The processing is necessary for a legitimate interest in the form of a valid business reason (to run our business efficiently and effectively).

6 Who will we share your personal information with?

We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to:

  • Other group companies based in the EEA, for example the SEEK Group.

  • Third parties who we have entered into contractual arrangements with to provide services we need to carry out our everyday business activities such as IT suppliers and website providers.

Healthcare Professionals

1 Where you are a healthcare professional
If you are a healthcare professional, this section will be relevant to you and sets out our uses of your personal information.
2 What personal information will we collect?
  • We will collect your name and address, your contact information such as your email address and telephone numbers, and information about your professional work such as your employer, your job title and your research interests.

  • Information about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views). For more information, please see our cookies policy.

3 What special categories of personal information will we collect?
We do not collect any of your special categories of personal information. In the event that this changes, we will let you know.
4 How will we collect your information?
  • Where you contact us directly by email, phone or via the website and request and provide us with your personal information and request to be kept informed of news from the clinic.

  • When you use our website, we will collect your browsing information.

5 What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal ground”, when we process your "personal information":

  • We need to use your personal information for a legitimate interest in the form of a valid business reason (e.g. to monitor the number of visitors and usage of our website, to follow up on your enquiries and to send you research materials and updates about our activities). When using your personal information for these purposes, we will always consider your rights and interests.

Summary table on the legal grounds for processing your information:

5a Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information

To follow up on enquiries you make where you have filled in contact information or where we communicate with you about a patient that you have referred to us.

The processing is necessary for legitimate interest in the form of a valid business reason (to respond to your queries and to provide you with information about our treatment and clinical services, clinical research programmes and information related to a patient referral).

To send you research materials and updates about our activities.

The processing is necessary for legitimate interest in the form of a valid business reason (to send you selected research materials and information about our activities).

To review how our website is being used and to make improvements to our website

The processing is necessary for a legitimate interest in the form of a valid business reason (to run our business efficiently and effectively).

6 Who will we share your personal information with?

We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties:

  • Other group companies based in the EEA, for example the SEEK Group.

  • Third parties who we have entered into contractual arrangements with to provide services we need to carry out everyday business activities such as IT suppliers, marketing services providers and website providers.

  • Third party healthcare providers who are involved in the care of a patient, who may need to contact you regarding the care of that patient.

Business Partners, Sub-contractors and suppliers

1 Business partners, sub-contractors or other third-party suppliers
If you are a business partner, sub-contractor or other third-party supplier, this section will be relevant to you and sets out our uses of your personal information.
2 What personal information will we collect?
  • Your name, address, date of birth and gender.

  • Contact information, including previous contact information, such as your telephone numbers and email addresses.

  • Information about your job such as job title and previous roles.

  • Information which we have gathered from publicly available sources such as internet search engines and social media sites as part of our general due diligence enquiries.

  • Information about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views). For more information, please see our cookies policy.

3 What special categories of personal information will we collect?
We do not collect any of your special categories of personal information. In the event that this changes, we will let you know.
4 How will we collect your information?

As well as obtaining information directly from you, we will collect information from:

  • Other group companies based in the EEA, for example the SEEK Group.

  • Publicly available sources such as internet search engines and social media sites.

  • Our website may also collect your device’s unique identifier, such as an IP address.

5 What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

  • We need to use your personal information to enter into or perform the contract that we hold with you. For example, we may need certain information in order to operate our business arrangement.

  • We have a legal or regulatory obligation to use such personal information. For example, we may be required to carry out certain background checks.

  • We need to use your personal information for a valid business reason (e.g. to keep business and accounting records, manage our business operations and to improve quality, training and security). When using your personal information for these purposes, we will always consider your rights and interests.

Summary table on the legal grounds for processing your information:

5a Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). For business processes and activities including analysis, review, planning and business transaction. The processing is necessary for legitimate interest in the form of a valid business reason (to effectively manage our business operations).
Complying with our legal or regulatory obligations. We need to use your information in order to comply with our legal obligations.
Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers). The processing is necessary for legitimate interest in the form of a valid business reason (to develop and improve the products and services we offer).
Communicating with you to manage and handle your queries.

The processing is necessary for legitimate interest in the form of a valid business reason (to send you communications to effectively manage our business and respond to your queries).

It is necessary to enter into or perform our contract with you.

Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems). The processing is necessary for legitimate interest in the form of a valid business reason (to ensure the integrity and security of our systems).
6 Who will we share your personal information with?

We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties:

  • Other group companies based in the EEA, for example the SEEK Group.

  • Our third-party service providers such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers.

  • Selected third parties in connection with any sale, transfer or disposal of our business.

What marketing activities do we carry out?

We may use your personal information to provide you with information about our products or services or which may be of interest to you where you are an existing patient, which are part of the ongoing services we offer or where you have provided your consent for us to do so.

We may use your personal information to provide you with information about our products, our services or our research which may be of interest to you where you are a healthcare professional who has registered an interest in learning more about our work.

We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving. If you wish to opt out of marketing, you may do so by clicking on the "unsubscribe" link that appears in all emails or telling us when we call you. Otherwise you can always contact us using the details set out in section 9 to update your contact preferences.

Please note that, even if you opt out of receiving marketing messages, we may still send you communications which are relevant to the nature of the clinical services we offer you as a patient.

How long do we keep your personal information for?

We will retain your personal information for as long as your account is active or as reasonably necessary to provide you services, comply with our legal and regulatory obligations, resolve disputes and/or enforce our agreements.

The exact time period will depend on your relationship with us and the type of personal information we hold.

If you would like further information regarding the periods for which your personal information will be stored, you can review our retention policy which can be accessed here or please contact us using the details set out in section 9.

How do we protect your information?

We are committed to ensuring that your information is secure.

We will store your personal information (including the special category information) in a specialist I.T. system. This is currently provided by Medical Management Systems Ltd (MMS) – a UK based provider of secure cloud-based systems for integrated electronic healthcare management. MMS is a data processor, acting on our behalf.

In order to prevent unauthorised access, loss, misuse or disclosure, we take and maintain reasonable and appropriate technical, organisational and physical safeguards designed to protect your personal information. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of pseudonymisation, encryption generally, a clean desk policy and access controls which we regularly review. Our overall data security policies are documented under our Systems Level Security Policy and reviewed regularly.

What is our approach to sending your personal information overseas?

There may be some instances where your personal information is transferred to countries outside of the EEA, such as when we transfer information to a patient’s primary healthcare provider based outside the EEA, when we are treating a patient via telemedicine or when a patient elects to travel to a country outside the EEA for their treatment. Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. We will do so in a number of ways including:

• entering into data transfer contracts and using specific contractual provisions that has been approved by European data protection authorities otherwise known as the "standard contractual clauses";

• transferring personal information only to companies in the United States who are certified under the "Privacy Shield". The Privacy Shield is a scheme whereby companies certify that they provide an adequate level of data protection. You can find out more about the Privacy Shield [here];

• we will only transfer personal information to companies in non-EEA countries who have been deemed by European data protection authorities to have adequate levels of data protection for the protection of personal information. You can find out more about this [here];

We are also entitled under European data protection laws to transfer your personal information to countries outside the EEA where it is necessary for the performance of the contract we have with you.

If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us using the details set out in section 9 below.

Your rights

Under data protection law you have a number of rights in relation to the personal information that we hold about you which we set out below. You can exercise your rights by contacting us at any time using the details set out in section 9 below.

Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we couldn’t comply with our own legal or regulatory requirements. However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why.

1 The right to access your personal information

You have the right to access the information that we hold about you. We will not usually charge you in relation to a request.

We are happy to provide you with such details but in the interests of confidentiality, we follow strict disclosure procedures which may mean that we will require proof of identify from you prior to disclosing such information.

We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by secure electronic means where possible.

2 • The right to rectification
We take reasonable efforts to ensure that the personal information we are holding on you is accurate and up to date. However, if you do not believe this is the case, please contact us and we will promptly correct any information found to be incorrect.
3 The right to restriction of processing
In certain circumstances, you have the right to ask us to stop using your personal information, for example where you think that we no longer need to use your personal information.
4 The right to withdraw your consent
Where we rely on your consent to process your personal information, you have the right to withdraw such consent to further use of your personal information.
5 The right to erasure
In certain circumstances, you have the right to request that your personal information is deleted such as where we no longer need your personal information for the purpose we originally collected it.
6 The right to object to direct marketing
You have a choice about whether or not you wish to receive marketing information from us and you have the right to request that we stop sending you marketing messages at any time. You can do this either by clicking on the "unsubscribe" button in any email that we send to you or by contacting us using the details set out in section 9.
7 The right to data portability
In certain circumstances, you have the right to request that we transfer any personal information that you have provided to us to a third party of your choice.
8 Rights relating to automated decision-making
We do not carry out any automated decision-making but in the event that this changes in the future, we will notify you.
9 The right to make a complaint with the Information Commissioner’s Office (ICO)

You have a right to complain to the ICO if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations.

You can visit the ICO’s website at https://ico.org.uk/ for more information. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. You should familiarise yourself with the privacy statement applicable to the website in question before use.

Contacting us

If you would like any further information about any of the matters in this policy or if you have any other questions about how we collect, store or use your personal information, you may contact our Data Protection Officer, Mr. Raphael Swery, by email at info@careoncologyclinic.com or by writing to us at the following address:

Care Oncology Clinic
Data Protection Queries
40 Harley Street
London
W1G 9PP

Updates to this policy

We may need to change this policy from time to time, for example, as the result of changes to law, technologies, or other developments. We will provide you with the most up-to-date notice and you can check our website [here] periodically to view it.

This policy was last updated on 25 May 2018.