Legal Information

Privacy and Legal Information

1. Introduction

Mr Luke Cascarini is an Oral and Maxillofacial Surgeon, trading as Luke Cascarini Limited. Luke Cascarini Limited understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. The security of that data is very important to us. In this document, we will explain how we collect, use and protect your personal data.

We will also explain what rights you have with regards to your personal data and how you can exercise those rights.

2. Who we are

Luke Cascarini Limited is the data controller. This means that Luke Cascarini Limited determines what data is collected, how this data is going to be used and how this data is protected.

Our correspondence address is:

Luke Cascarini Limited

The London Clinic Consulting Rooms, 5 Devonshire Place, London W1G 6HL

If you have questions about how we process personal data, or would like to exercise your data subject rights, please email us at LC@OS.clinic.

3. Companies and websites within scope

Luke Cascarini Limited and the website www.tmjlondon.uk are within scope for this privacy policy.

It includes personal data that is collected through our websites, by telephone and through any related social media applications.

4. Collection of personal data

When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.

Accordingly, we may hold and use personal data about you as a customer, a patient or in any other capacity, for example, when you visit one of our websites, complete a form, access our services or speak to us. Depending on what services you receive from us this may include sensitive personal data such as information relating to your health.

We collect personal data from you for one or more of the following purposes:

Information that you give us when you enquire or become a customer or patient of us or apply for a job with us including name, address, contact details (including email address and phone number).
The name and contact details (including phone number) of your next of kin.
Details of referrals, quotes and other contact and correspondence we may have had with you.
Details of services and/or treatment you have received from us or which have been received from a third party and referred on to us.
Information obtained from customer surveys, promotions and competitions that you have entered or taken part in.
Recordings of calls we receive or make.
Notes and reports about your health and any treatment and care you have received and/or need, including about clinic and hospital visits and medicines administered.
Patient feedback and treatment outcome information you provide.
Information about complaints and incidents.
Information you give us when you make a payment to us, such as financial or credit card information.
Other information received from other sources, including from your use of websites and other digital platforms we operate or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information about you.
Where you have named someone as your next of kin and provided us with personal data about that individual, it is your responsibility to ensure that that individual is aware of and accepts the terms of this Privacy Policy.

Where you use any of our websites, we may automatically collect personal data about you including:

Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.

The data that we request from you may include sensitive personal data. This includes information that relates to the mental or physical health or racial or ethnic origin (which may include children’s data).

By providing us with sensitive personal data, you give us your explicit consent to process this sensitive personal data for the purposes set out in this Privacy Policy:

To provide you with information that you have requested or which we think may be relevant to a subject in which you have demonstrated an interest
To initiate and complete commercial transactions with you for the purchase of services
To fulfil a contract that we have entered into with you
To ensure the security and safe operation of our websites and underlying business infrastructure
To manage any communication between you and us

5. How do we use your personal data?

Your personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines.

Sensitive personal data related to your health will only be disclosed to those involved with your treatment or care, or in accordance with UK laws and guidelines of professional bodies or for the purpose of clinical audits (unless you object). Further details on how we use health related personal data are given below. We will only use your sensitive personal data for the purposes for which you have given us your explicit consent to use it. Please note that, although we have set out the purposes for which we may use your personal data below, we will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.

We may use your personal data to:

Enable us to carry out our obligations to you arising from any contract entered into between you and us including relating to the provision by us of services or treatments to you and related matters such as, billing, accounting and audit, credit or other payment card verification and anti-fraud screening.
Provide you with information, products or services that you request from us.
To notify you about changes to our products or services.
Respond to requests where we have a legal or regulatory obligation to do so.
Check the accuracy of information about you and the quality of your treatment or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process.
Support your doctor, dentist, nurse or other healthcare professional.
Assess the quality and/or type of care you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated.
To conduct and analyse market research.
To ensure that content from any of our websites is presented in the most effective manner for you and for your computer.

6. The security of your personal data

We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. We conduct assessments to ensure the ongoing security of our information systems.

Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.

Personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Where we transfer your personal data outside the EEA, we will ensure that there are adequate protections in place for your rights, in accordance with Data Protection Laws. By submitting your personal data, and in providing any personal data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

All information you provide to us is stored securely. Any payment transactions on our website will be processed securely by third party payment processors. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.

The transmission of information via the internet cannot be guaranteed as completely secure. However, we ensure that any information transferred to our websites is via an encrypted connection. Once we have received your information, we will use strict procedures and security features for prevention of unauthorised access.

At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.

Luke Cascarini Limited is the data controller. This means that Luke Cascarini Limited determines what data is collected, how this data is going to be used and how this data is protected.

Our correspondence address is:

Luke Cascarini Limited
The London Clinic Consulting Rooms, 5 Devonshire Place, London W1G 6HL

If you have questions about how we process personal data, or would like to exercise your data subject rights, please email us at LC@OS.clinic.

7. Disclosure of your personal data

In the usual course of our business we may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:

A doctor, nurse, carer or any other healthcare professional involved in your treatment.
Other members of support staff involved in the delivery of your care, like receptionists and porters.
Anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or carer.
NHS organisations, including NHS Resolution, NHS England, Department of Health.
Other private sector healthcare providers.
Your GP.
Your dentist.
Your clinician (including their medical secretaries).
Third parties who assist in the administration of your healthcare, such as insurance companies.
Private Healthcare Information Network.
National and other professional research/audit programmes and registries, as detailed under Purpose 4 above.
Government bodies, including the Ministry of Defence, the Home Office and HMRC.
Our regulators, like the Care Quality Commission, Health Inspectorate Wales and Healthcare Improvement Scotland.
The police and other third parties where reasonably necessary for the prevention or detection of crime.
Our insurers.
Debt collection agencies.
Credit referencing agencies.
Our third party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers.
Selected third parties in connection with any sale, transfer or disposal of our business.

We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax and telephone.

Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so.

8. Health information collected during provision of treatment or services

Sensitive personal data (including information relating to your health) will only be disclosed to third parties in accordance with this Privacy Policy. That includes third parties involved with your treatment or care, or in accordance with UK laws and guidelines of appropriate professional bodies. Where applicable, it may be disclosed to any person or organisation who may be responsible for meeting your treatment expenses or their agents. It may also be provided to external service providers and regulatory bodies (unless you object) for the purpose of clinical audit to ensure the highest standards of care and record keeping are maintained.

Hospitals / Clinics working with us: We share clinical information about you with hospitals / clinics as we think necessary for your treatment. We remain the data controller of your personal data, either alone or jointly with us and will be required to maintain their own records in accordance with Data Protection Laws and applicable clinical confidential guidelines and retention periods. Where that is the case, we may refer you to that hospital / clinic to exercise your rights over your data. Our contracts with hospitals / clinics require them to cooperate with those requests. In all circumstances, those hospitals / clinics will only process your personal data for the purposes set out in this Privacy Policy or as otherwise notified to you.

External practitioners: If we refer you externally for treatment, we will share with the person or organisation that we refer you to, the clinical and administrative information we consider necessary for that referral. It will always be clear when we do this.

Your GP or Dentist: If when treating you we believe it to be clinically advisable, we may also share information about your treatment with your GP or Dentist. You can ask us not to do this, in which case we will respect that request if we are legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP or Dentist full information about your medical history, and we strongly advise against it.

Your insurer: We share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with us. We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.

The NHS: If you are referred to us for treatment by the NHS, we will share the details of your treatment with the part of the NHS that referred you to us, as necessary to perform, process and report back on that treatment.

Medical regulators: We may be requested – and in some cases can be required – to share certain information (including personal data and sensitive personal data) about you and your care with medical regulators such as the General Medical Council or the Nursing and Midwifery Council, for example if you make a complaint, or the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate. We will ensure that we do so within the framework of the law and with due respect for your privacy.

From time to time we may also make information available on the basis of necessity for the provision of healthcare, but subject always to patient confidentiality.

In an emergency and if you are incapacitated, we may also process your personal data (including sensitive personal data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).

We will use your personal data in order to monitor the outcome of your treatment by us and any treatment associated with your care, including any NHS treatment.

We participate in national audits and initiatives to help ensure that patients are getting the best possible outcomes from their treatment and care. The highest standards of confidentiality will be applied to your personal data in accordance with Data Protection Laws and confidentiality. Any publishing of this data will be in anonymised, statistical form. Anonymous or aggregated data may be used by us, or disclosed to others, for research or statistical purposes.

9. Security measures

We have what we believe are appropriate security controls in place to protect personal data. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

10. Your rights as a data subject

As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email LC@OS.clinic or use the information supplied in the Contact us section below. In order to process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.

For more information on these rights, visit – https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

11. Contact us

Any comments, questions or suggestions about this privacy policy or our handling of your personal data should be emailed to LC@OS.clinic.

Alternatively, you can contact us using the following postal address:

GDPR Compliance

The London Clinic Consulting Rooms, 5 Devonshire Place, London W1G 6HL

12. Complaints

Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.

Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the United Kingdom, this is the Information Commissioner’s Office (ICO), who is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/global/contact-us/.