This Policy below will become effective May 25, 2018.
LDPath Limited cares about your privacy. We collect and use your or your service users’ personal data only as it might be needed for us to deliver to you our services, applications and most importantly, care to your service users (collectively, our “Services”).
We act as a “data controller” in relation to personal data we collect from you in order to supply our Services to you (this includes your identity, contact and billing details). We act as a “data processor” in relation to personal data relating to your service users that you supply to us (this includes their identity and contact details and data relating to their health).
In this Policy, the terms “data controller”, “data processor” and “personal data” all have the meanings as defined in the Data Protection Laws. The “Data Protection Laws” means all applicable privacy and data protection laws including the General Data Protection Regulation ((EU) 2016/679) and any applicable national implementing laws, regulations and secondary legislation in England and Wales relating to the processing of Personal Data, as may be amended, replaced or updated from time to time,
Personal data includes information such as:
- Telephone number
- Date of birth
- Health data (this may constitute “Special category data”, particularly that of clinical relevance)
- Other data collected that could directly or indirectly identify you or your service users
This Policy is intended to describe how and what data we collect, and how and why we use your and your service users’ personal data. It also describes options we provide for you to access, update or otherwise take control of your personal data that we process.
What information do we collect and when do we collect it?
We collect personal data when you interact with us directly in the following ways:
- when you create an account with us or purchase any of our Services (e.g. billing information, including name, address, credit card number, government identification)
- when you submit a Request Form (RF) requesting our services (e.g. details of your service users including name, address, sex, date of birth, clinical affliction);
- when you request assistance from our support team
- when you complete contact forms or request newsletters or other information from us
However, we also collect additional information when delivering our Services to you to ensure necessary and optimal performance. These methods of collection are not as obvious, so below we highlight and explain what these might be and how they work:
Account related information is collected in relation to your use of our Services, such as application usage, requests, and customer service requests and notes or details explaining what you asked for and how we responded.
Data about Usage of Services is automatically collected when you use and interact with our Services, including metadata and log files.
Supplemented Data may be received about you from other sources, including public databases and third parties from whom we have purchased data.
Special Categories of Data
The Data Protection Laws recognise that Special Categories of Personal Data (as defined in the Data Protection Laws) are more sensitive and require a higher degree of protection. Special Categories of Personal Data include information about a person’s health.
We will only use health information and other personal data which relates to your service users for the purposes of providing our Services and industry standard reports in accordance with your written instructions. We may pass these details on to any trusted third party who is delivering Services on our behalf under conditions of strict confidentiality for this purpose. We will not pass such details on to any other third party or use them in any other way.
How we utilise information
We endeavour to minimise the data we collect and limit its use and purpose to only that:
- for which we have been given permission,
- as necessary to deliver the Services you purchase or interact with you,
- as we might be required or permitted for legal compliance or other lawful purposes.
Often, the data we collect is aggregated or statistical data about how groups of individuals use our Services, and is not linked to any personal data, but to the extent it is itself personal data, or is linked or linkable to personal data, we treat it in accordance with the Data Protection Laws.
Whenever we process your Personal Information under the ‘legitimate interest' lawful basis, we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
Sharing with trusted third parties
We may share your personal data with affiliated companies within our operational network, with third parties with which we have partnered to allow you to integrate their services into our own Services, and with trusted third party service providers as necessary for them to perform services on our behalf, such as:
- Processing payments
- Performing analysis of our Services
We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from using, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for or without your consent.
Communicating with you
We may contact you directly or through a third party service provider regarding services you have signed up or purchased from us. We would also like to contact you with offers for additional services we think you’ll find valuable by.
- SMS messages
- Telephone calls
If you would like to request that we do not use your personal information to contact you for marketing purposes via these means, please contact us at . If you opt out of receiving marketing messages, we will still continue to contact you in relation to any Services you have requested from us.
We will only use the contact details of your service users in order to provide our Services to you and will never contact them direct.
Transfer of personal data abroad
We cooperate with government, legislative bodies and regulators including but not limited to the Care Quality Commission to enforce and comply with the law. At our sole discretion, we will disclose information about you to such a body if we believe necessary to respond to claims or legal processes, to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
Where we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of legal process.
How you can access, update or delete your data
To easily access, view, update, delete or port your personal data (where available), or to update your subscription preferences, please sign into your Account and visit “Account Settings.”
If you make a request to delete your personal data and that data is necessary for the products or services you have purchased, the request will be honored only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements.
If you are unable for any reason to access your Account Settings or our Privacy Center, you may also contact us by one of the methods described in the “Contact Us” section below.
Where we hold or process any personal data relating to your service users, we will provide you with all necessary assistance, at your cost, if any of your service users make a subject access request or wish to exercise any other rights in relation to their personal data.
How we secure, store and retain your data
We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilisation of encryption where appropriate.
We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
If you have any questions about the security or retention of your personal data, you can contact us at .
Changes in our Policy
We reserve the right to modify this Policy at any time. If we make material changes to this Policy, we will notify you by email, or by means of a notice on our home page.
Data Protection Authority
If you are a resident of the European Economic Area (EEA) and believe we maintain your personal data subject to the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority the ICO.
If you have any questions, concerns or complaints about our Policy, our practices or our Services, you may contact our Office of the DPO by email firstname.lastname@example.org. In the alternative, you may contact us by either of the following means:
- By Mail: LD Path Ltd, 6 St John’s Place, London EC1M 4NP
- By Phone: 0207 336 0921
We will respond to all requests, inquiries or concerns within thirty (30) days.