Privacy Statement for patients & website users

MB Global Health Ltd. (‘Medbelle’)

Last Updated: May 2018

KEY POINTS

• Why we use your personal data: We typically use your personal information (including special categories of personal data such as your health data) to provide safe and effective care and treatment to you.

• Who else has access to your personal data: In order to provide you with the care and treatment you need, we may share your personal information with third parties, such as our surgeon consultants and partner hospitals as well as third-party service providers.

• Security of your personal data: We respect the security of your data and treat it in accordance with the law.

• Transferring your data internationally: We may transfer your personal data outside of the EU. In such cases, we will always ensure that the appropriate compliance mechanisms and safeguards are in place.

1. WHAT IS THE PURPOSE OF THIS PRIVACY STATEMENT?

  1. Under data protection legislation we are required to explain to our patients why we collect information about you, how we intend to use that information and whether we will share this information with anyone else.
  2. This statement applies to all of our prospective, current and former patients as well as (to the limited extent that we process data of them) to website users.
  3. We take the privacy of our patients and website users very seriously. It is important that you read this statement so that you know how and why we collect and use your personal information. It is important that you inform us of any changes to your personal information (such as your contact details) we hold about you so that the information which we hold is accurate and current.

2. WHO ARE WE?

  1. We are MB Global Health Ltd. (trading as and from now on referred to as ‘Medbelle’), a company registered in England and Wales under the registration number 10209411 and with our registered office at 40 Bloomsbury Way, London, WC1A 2SE.
  2. Medbelle is a "data controller" in respect of the information we hold about you. This means that we are responsible for deciding how we use that personal information about you.

3. OUR DATA PROTECTION OFFICER

  1. Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
  2. If you have any concerns or questions about our use of your personal information, you can contact our Data Protection Officer by writing to dataprotectionofficer@medbelle.com .

4. TYPES OF PERSONAL INFORMATION WE USE

  1. We may collect the following information about you:

    1. personal details (such as name, date of birth, gender, height and weight);
    2. contact details (such as your address, personal telephone number and personal email address);
    3. information about your family and friends (such as dependants, next of kin and emergency contact numbers);
    4. information about your care preferences (to enable us to ensure that we are providing you with the care that you want);
    5. information about external healthcare providers (such as your GP and practice details);
    6. information you provide in consultation or therapy sessions (such as concerns discussed and any decisions made); and
    7. information about how you interact with us on our website and on the phone (such as your IP address, the dates, times and frequency with which you access our services, your behaviour on our website, call logs and (where lawful and appropriate) call recordings)
  2. We ask that you do not provide us with an email address that you share with others as this may compromise your confidentiality.

  3. Some of the information which we collect about you may be “special categories of personal data”. Special categories of data require a greater level of protection. The special categories of personal data about you which we may collect include:

    1. information about your racial or ethnic origin;
    2. information about your religious beliefs;
    3. information about your sex life and sexual orientation;
    4. healthcare information, including:
      1. any disabilities or special requirements which you may have;
      2. medical records such as medication requirements, allergies, and health conditions;
      3. your medical history, including information around previous health issues, any medical care you have received, including operations and medications and previous hospital visits;
      4. other records such as risk assessments, care plans and records of the care we provide to you; and
      5. details of your support and care needs.

5. SOURCE OF YOUR PERSONAL INFORMATION

  1. The above information which we collect about you will be obtained through a variety of sources which include:

    1. from you directly via any direct access to our healthcare services (in person, on our website, on the phone and via email);
    2. from your friends and relatives who provide us with information about you;
    3. from anyone who has the authority to act on your behalf such as a power of attorney or deputy;
    4. from your GP;
    5. from other healthcare professionals and officers in the local authority, social services department and emergency services; and
    6. from any other (current and/or previous) healthcare and care providers.
  2. We may also receive your personal data (particularly contact data and treatment preferences) from other third-party providers. Specifically, you might choose to enter your details on third-party comparison websites, who then securely forward this information to us (with your consent) to provide you with advice and prices. In this case please also refer to the relevant privacy policies of the relevant third party provider. Currently these providers are Marketing VF Ltd. (‘ClinicCompare’, privacy policy link), Global Medical Treatment Ltd. (‘WhatClinic’, privacy policy link) and LaingBuisson International Ltd. (‘PrivateHealth’, privacy policy link).

  3. We may also monitor your use of this website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, your behavior on these pages, traffic data, location data, your browser, and the originating domain name of a user's internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Our use of cookies is based on your consent. Please see further the section on 'Use of cookies' below.

6. HOW AND WHY WE USE YOUR PERSONAL INFORMATION

  1. We use the types of personal information listed above for a number of purposes, each of which has a "lawful basis". In accordance with the data protection laws, we need a "lawful basis" for collecting and using information about you. There are a variety of different lawful bases for using personal information which are set out in the data protection laws.

  2. We have set out below the different purposes for which we collect and use your personal information, along with the lawful bases we rely on to do so.

Why we use your informationOur lawful basis for using your information
To keep and maintain an accurate record of your medical history: To help inform decisions that we make about your care, including diagnosis, decisions around medical intervention and prescriptions and to plan your care and treatment.Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    
To provide you with safe and effective care and treatment: To provide you with safe, appropriate and personalised care and treatment as one of our service users and ensure that we meet your individual requirements. This will include us using your personal information for the following reasons:
• delivering the healthcare and personal care you require;
• determining your capacity for decision making;
• meeting your dietary requirements; and
• reviewing care provided to ensure it is meeting your needs.
Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    
To administrate and administer services to you: This includes analysis in order to match your treatment requirements with one or more surgeon consultant/s as well as arranging initial consultations and contact with our surgeon consultant/s.Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    
To work effectively with other organisations who may be involved in your care: To send information regarding your health to others, such as our surgeon consultants, our partner hospitals, your GP, other healthcare and/or social care providers for continuity of care and to ensure that your needs are being meet appropriately.Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    
To communicate with you: We will use your personal information to contact you/anyone who has authority to act on your behalf, regarding your inquiry, health, care, treatment and/or appointments. If you provide us with your phone number we will call you in the context of your inquiry unless you ask us not to. If you provide us with your email address we will communicate with you by email unless you ask us not to. If you provide us with your mobile telephone number we will send you appointment reminders unless you ask us not to.Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    
To provide order fulfillment and billing: We will use your personal information to fulfill any orders you place with us and provide billing for them.Legal obligations: It is necessary to meet legal / regulatory obligations.
To improve our services: You may choose to complete our Survey Programme or contact our Patient Care Advisory Team, to help us to improve the services we provide to you and others.Consent: We will only use your information in this way if you have provided your explicit consent for us to do so.                                                                                                                                    
To improve our website: We use cookies and other similar technology to conduct statistical and behavioural analysis on our website in order to improve our website and our communication with you. Please refer to the section ‘use of cookies’ below for details.Consent: We will only use your information in this way if you have provided your explicit consent for us to do so.
To investigate concerns or complaints: To ensure that any concerns or complaints you may have about your healthcare are appropriately investigated and responded to.Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    
For fraud preventation and detection: To protect us, our patients, our partners and the public from fraudulent activities.Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    
For safeguarding and regulation: We use your personal data for the purpose of safeguarding and regulation of care.Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    
To collect data about public health matters: To protect against serious cross-border threats to health or ensuring high standards of quality and safety of health care, medical products or devices.Legal obligations: It is necessary to meet legal / regulatory obligations.
Health: It is necessary for the purposes of medical diagnosis, and the provision of health or social care or treatment.*                                                                                                                                    

* This is an additional lawful basis which we need to rely on in order to use special categories of data such as information about your health.

7. WHAT MAY HAPPEN IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION?

  1. If you refuse to provide certain information when requested, we may not be able to provide you with safe and effective care and treatment.

8. COMPLYING WITH DATA PROTECTION LAW

  1. We will comply with data protection law. At the heart of data protection laws are the "data protection principles" which say that the personal information we hold about you must be:
    1. used lawfully, fairly and in a transparent way;
    2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
    3. relevant to the purposes we have told you about and limited only to those purposes;
    4. accurate and kept up to date;
    5. kept only as long as necessary for the purposes we have told you about; and
    6. kept securely.

9. SHARING YOUR INFORMATION

  1. We may share your personal information with third parties where we have a lawful basis for doing so.
  2. Some "third parties” are service providers (including contractors and designated agents) carrying out activities on our behalf. Other third parties will be data controllers in their own right. This means that they are not required to act on our instructions and they are solely responsible for ensuring that they comply with the law when using your personal information. We are not responsible for their use of your data if we are acting lawfully whenever we share your data with them.
  3. The types of third parties with whom we share your personal data are as follows:
    1. Other companies within our group: as part of our daily operations;
    2. Your friends, family and others: including anyone who has the authority to act on your behalf such as a power of attorney or deputy, where appropriate to do so for the provision of your health or social care, in the vital interests of you or others (or with your consent where applicable);
    3. Other healthcare providers and multi-disciplinary teams: for direct care purposes, we will share information about you with other healthcare providers such as our surgeon consultants, our partner hospitals, your GP, hospital staff, emergency services etc;
    4. ** Regulators/safeguarding authorities/commissioners:** we share your personal data with these public bodies where we are required to do so by law or a regulatory obligation;
    5. The Police and other law enforcement agencies: in limited circumstances, we may share your personal data with the police if required for the purposes of criminal investigations and law enforcement;
    6. Service providers: such as external IT providers, systems maintenance providers, language, and sign language interpretation/translation and telephone call recording for monitoring purposes;
    7. Professional advisors: such as lawyers, in the exercise or defense of legal claims;

10. DATA OF CHILDREN

  1. Children have special rights when it comes to privacy and consent. We only gather personal information from website users and patients who are under the age of 16 with the explicit and written consent of their parents. If you are under the age of 16, please contact us via under16@medbelle.com about our parental consent form (without submitting any personal information yet). Before having submitted the signed form from your parents, you are not permitted to submit any personal information to us. If we learn that a child under 16 submits personal information to Medbelle without parental consent we will aim to delete the information as soon as possible. If you believe that we might have any personal information from a child under 16 without parental consent, please contact us swiftly at under16@medbelle.com

11. INFORMATION ABOUT OTHER INDIVIDUALS

  1. If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
    1. Enter into contractual preparations (including the processing of his or her personal data) on his/her behalf
    2. Receive on his/her behalf any data protection notices
    3. Potentially enter into a contractual obligation on his/her behalf (in case you choose to book a free consultation on his/her behalf)

12. MONITORING

  1. We may monitor and record communications with you such as telephone conversations and emails for the purpose of quality assurance, training, fraud prevention and compliance.

13. USE OF COOKIES

  1. A cookie is a small text file which is placed on your computer (or another electronic device) when you access our website. We use cookies and other online tracking devices such as action tags, Local Shared Objects, single-pixel gifs on this website to:

    1. recognise you whenever you visit this website (this speeds up your access to the site as you do not have to log in each time)
    2. obtain information about your preferences, online movements and use of the internet
    3. carry out research and statistical analysis to help improve our content, products, and services and to help us better understand our visitor/customer requirements and interests
    4. target our marketing and advertising campaigns and those of our partners more effectively by providing interest-based advertisements that are personalised to your interests
    5. make your online experience more efficient and enjoyable
  2. The information we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer or other electronic devices such as your IP address, your browser and/or other internet log information, this will not usually identify you personally. In certain circumstances we may collect personal information about you – but only where you voluntarily provide it (e.g. by completing an online form) or where you purchase goods or services from us.

  3. In most cases, we will need your active consent in order to use cookies on this website. The exception is where the cookie is essential in order for us to provide you with a service you have requested (e.g. to enable you to put items in your shopping basket and use our check-out process).

  4. There is a notice on our home page which describes how we use cookies and links to this policy. If you use this website after this notification has been displayed to you we will assume that you consent to our use of cookies for the purposes described in this Privacy Policy (‘Active Consent’).

14. THIRD PARTY COOKIES

  1. We work with third-party suppliers who may also set cookies on our website, for example e.g. Facebook, Bing, Pinterest and Google.
  2. We use these Cookies to analyse user activity in order to improve our Website. For example, using Cookies we can look at aggregate patterns like the average number of pages that users visit. We can use such analysis to gain insights about how
  3. The third-party suppliers are responsible for the cookies they set on our site. If you want further information please go to the website for the relevant third party. You will find additional information in the table below.
  4. The table below is designed to provide more information about the third-party cookies we use and why:
Name of CookiePurpose for the cookie
Google AnalyticsThis is a web analytics service provided by Google, Inc which uses cookies to show us how visitors found and explored our site, and how we can enhance their experience. It provides us with information about the behaviour of our visitors (e.g. how long they stayed on the site, the average number of pages viewed) and also tells us how many visitors we have had.)
If you want to object to Google Analytics tracking you, you can use this browser extension provided by Google. You can also find out more about how Google handles your data by their privacy policy or visiting their relevant support page.
OptimizelyOptimizely offers a range of website analytics services for A/B and multivariate testing purposes. We use Optimizely as a way to better understand how our website is being used.
If you want to object to Optimizely tracking you, you can find instructions for how to do so under this link. You can also find out more about how Optimizely handles your data by reading their privacy policy.
MixpanelMixpanel offers a range of website analytics services. We use Mixpanel as a way to better understand how our website is being used. If you want to object to Mixpanel tracking you, you can do so under this link.
BingBing allows us to build lists of users who have searched for certain terms and clicked on results using their search engines, so that we can target our advertising more effectively. You can opt out of their tracking under this link.
Google DoubleclickGoogle Doubleclick provides allows us to track the effectiveness of different advertising campaigns which are delivered to different audiences and target the advertising we do on third-party websites more effectively. If you want to learn more about this or opt out of it you can visit this link..
FacebookThis cookie allows us to target the advertising we do on Facebook more effectively by matching data we hold with that held by Facebook. You can manage your preferences or opt out if it using this link.
PinterestThis cookie allows us to target the advertising we do on Pinterest more effectively by matching data we hold with that held by Pinterest. You can learn more about how that works and how you can opt out of it by reading Pinterest’s privacy policy under this link.
Google AdwordsThis cookie facilitates post-visit messaging to drive return visits. If you want to learn more about this or opt out of it you can visit this link..
HotjarWe use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. For further details, please see Hotjar’s privacy policy by clicking on this link.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
  1. If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: allaboutcookies.org

15. TRANSFERRING INFORMATION OUTSIDE THE EEA

  1. We will transfer the personal information we collect about you to the following countries outside the EU in order to perform our contract with you:
    1. United States
  1. We have put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection:

    1. The third party organisations based in the US are each subject to the US/EU Privacy Shield. This means that both organisations are part of a scheme which is designed to protect your personal information. As a result, we are not required to obtain specific authorisation to transfer your information to the US.
  1. If you require further information about these protective measures, you can request it from the Data Protection Officer via dataprotectionofficer@medbelle.com

16. CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?

  1. We typically will only use your personal information for the purposes for which we collect it. It is possible that we will use your information for other purposes as long as those other purposes are compatible with those set out in this policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
  2. We may also use your personal information for other purposes where such use is required or permitted by law.

17. STORING YOUR INFORMATION AND DELETING IT

  1. We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our Data Protection Officer by writing to dataprotectionofficer@medbelle.com

  2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

  3. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

18. SECURITY OF YOUR INFORMATION

  1. The information that you provide will be stored securely on our systems. We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those authorised to access it.
  2. We have put in place appropriate technical and organisational procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

19. YOUR RIGHTS

  1. Under certain circumstances, by law you have the right to:

    1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
    2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    3. Request erasure of your personal information in certain circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
    4. Object to processing of your personal information if we are relying on a legitimate interest (or those of a third party) or public interest/official authority as our lawful basis for processing and there is something about your particular situation which leads you to object to processing on this ground. You also have the right to object if we are processing your personal information for direct marketing purposes.
    5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
    6. Request the transfer of your personal information to another party in certain circumstances. This right is only available where we are processing your information with your consent and the processing is automated.
  2. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact us. To ensure swift processing, we set up a dedicated email address that we ask you to write to datarequest@medbelle.com

20. RIGHT TO WITHDRAW CONSENT

  1. In the limited circumstances where we are relying on your consent as our lawful basis to process your data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer in writing to dataprotectionofficer@medbelle.com
  2. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

21. AUTOMATED DECISION MAKING

  1. In the context of booking your treatment, we might offer you the option to check your eligibility for a loan from our partner Chrysalis Finance Ltd. ('Chrysalis'). In order to complete this 'soft check', Chrysalis may make confidential inquiries at credit reference agencies. You'll be able to see the inquiry on your file, but it won't show up to any other organisations, which means that there is no impact on your credit rating.
  2. This soft check will return a personalized result based on your credit record. You will only be able to apply for a loan as a payment option if your result is sufficiently positive.
  3. Chrysalis Finance will use the information that you provide to process your application. This will include searching records relating to you at credit reference agencies (known as “CRAs”). Note that Chrysalis and CRAs will link your records together. Chrysalis has a privacy notice which explains in further detail how and why they use your personal information, including how that information is shared with CRAs and fraud prevention agencies. The notice also explains your rights in relation to your personal information. The privacy notice can be found at https://www.chrysalisfinance.com/gdpr/ssps.html You can also request a paper copy by calling Chrysalis’s Data Protection Officer on 0333 32 32 230. The privacy notice contains a link to the CRA’s Information Notice (known as a C-R-A-I-N) which is also published online by CRAs or is available on request. By confirming that you are happy to proceed when going through a soft check with us, you understand that Chrysalis may use your information, and that of any joint applicant, in accordance with the linked privacy notice.

22. RIGHT TO COMPLAIN TO THE ICO

  1. You have the right to complain to the Information Commissioner's Office (the "ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

23. CHANGES TO THIS PRIVACY STATEMENT

  1. We reserve the right to update this privacy statement at any time, and we will provide you with a new privacy statement when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

24. TERMS OF USE AND ACCEPTABLE USE POLICY

  1. This Privacy Policy governs the ways in which we collect and use information about you through this Site. For the terms and conditions which apply to your use of this Site, please refer to our Terms of Use and our Acceptable Use Policy.