Privacy policy

This privacy notice explains how Londonwide Local Medical Committees Limited (ICO registration number Z1239475) and its subsidiary company Londonwide Enterprise Ltd (ICO registration number Z1965945) process your data and for what reasons.  The notice is layered, you can click on the section below that relates to you for more detail on how we use your data:

Constituents
 Constituents are all practising GPs represented by the following Local Medical Committees (LMCs): Barnet, Bexley, Brent, Bromley, Camden, City & Hackney, Ealing, Hammersmith & Hounslow, Enfield, Greenwich, Haringey, Harrow, Hillingdon, Islington, Kensington, Chelsea & Westminster, Lambeth, Lewisham, Merton, Newham, Redbridge, Southwark, Sutton, Tower Hamlets, Waltham Forest, and Wandsworth.

A GP is represented by the LMC, if they are registered on the National Performers List, working in the LMC area, and paying a statutory/administrative levy. Constituents also include sessional GPs and as the levy is paid per practice, constituents also include the practice staff employed by the practice.

 Purpose: We process constituents’ personal data in order to provide the services and work outlined in the agreement between your LMC and Londonwide LMCs, which includes the following purposes:

  • Administer lists of Representative GPs (as required under the LMC constitution) and practices and their practice staff.
  • To administer the LMC elections.
  • To consider and specifically deal with matters arising under section 97 of the NHS Act.
  • To negotiate with or between and to ICBs and other bodies
  • To encourage and assist in the development of services, activities and amenities to constituents.
  • Provide advice, support and training.
  • Seek and represent your views.
  • Keep you informed about LMC activities, provide key information and guidance across London, locally and nationally through our monthly newsletters and e-alerts.
  • Keep you informed on news relating to the Londonwide LMCs’ buying Group.
  • Send out invites for attending events run by Londonwide LMCs Ltd and/or Londonwide Enterprise Ltd.

 

 Lawful basis for the processing:

The majority of our processing is carried out under General Data Protection Regulation (GDPR) Article 6 (1) (e) ‘Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority invested in the controller’.

Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

Personal data:

Name

Contact postal address.

Contact email address.

Contact telephone number.

Practice name(s) where you do most work.

Date of birth.

General Medical Council (GMC) number (for GPs).

Gender.

LMC area you do most work in.

 Who provides the personal data:

Data subject: Constituents directly.

Practice Managers and other practice staff on behalf of the practice.

We receive a minimum data set from NHS England with the details of GPs joining or leaving the performers list, which includes name, contact address, contact email address (if provided), GMC number, Date of birth (if provided) and practice where they are working.

 

 Who we share your personal data with:

  • Civica Electoral Services: We provide names, contact postal and email address details of GPs to Civica Electoral Services, who perform the role of independent scrutineer for the LMC elections and act as a Data Processor in this situation.
  • NHS England: We provide, on request, the names of practices and the names of principal GPs for those practices to NHS England to confirm levy mandates and payments.
  • Exact Target/Salesforce Marketing Cloud: We use Exact Target/Salesforce Marketing Cloud, acting as a data processor, to deliver our monthly e-newsletter and other emails. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve all of our e-communications.
  • Savanta: We provide names, contact email address and the practice name (only where a GP or Practice Manager works at more than one practice) to Savanta, acting as a data processor, in order for them to send out our twice-yearly workforce survey.
  • Your LMC: We provide details of the names of GPs and the practices they work at for the LMCs as a list of the GPs they represent.

 

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

When you retire as a GP, or are no longer registered on the NPL (national performers list), or you no longer work as a GP in an LMC area covered by Londonwide LMCs , unless you request to remain as a retired member on our database, we will lapse your record on the database keeping only minimum information including name, GMC number and work history, eg relationships to practices. For practice staff, their record will be lapsed when they no longer work in the areas covered by Londonwide LMCs.

 How we store your data

Your personal data is stored in our membership database provided to us by APT Solutions Ltd, who act as a data processor.

Committee Members
 Committee members are GPs elected or co-opted by other GPs in their LMC area, onto a Local Medical Committee (LMC). Practice Managers and Practice Nurses are invited representatives on the LMCs.
 Purpose

In addition to the purposes outlined under Constituents, we process committee members’ personal data for the purpose of administering the committee, including the election process and payment of honoraria.

Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6 (1) (e) ‘Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority invested in the controller’.

GDPR Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.

GDPR Article 6 (1) (c) ‘Processing is necessary for compliance with a legal obligation to which the controller is subject’.

Any special category data relating to access requirements and/or dietary preferences is processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.

Any special category data, eg BMA number is processed under GDPR Article 9 (2) (d) ‘processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects’.

 

 Personal data:

In addition to the personal data described under constituents, we process:

  • National insurance number, date of birth and financial details (including bank account and sort code) for processing and payment of honoraria payroll.
  • BMA number (for those LMC members who attend the annual LMC conference as a conference representative).
  • Dietary preferences/access requirements.
 Who provides the personal data:

Directly from the data subject: Committee members and invited representatives.

 Who we share your personal data with:

We provide name, contact details, national insurance number, date of birth and financial details to SD Worx, who act as a data processor for us, in order to process and pay honoraria.

We provide the names of Officers (LMC Chairs and LMC Vice-Chairs) to the General Practitioners Committee (GPC) for the entry under your LMC for the GPC year book.

We provide details of the names of committee members to all constituents when we declare results of the LMC elections and the names of committee members are displayed on Londonwide LMCs’ website www.lmc.org.uk.

We provide details to HMRC for tax purposes.

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

When a committee member finishes their term of office or resigns from the committee, their personal information is retained on the payroll system until the completion of the next quarterly honoraria payment and in order to issue a P45.

We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of the tax, payroll or accounting enquiry.

 How we store your data

Your personal data, including your BMA number (if applicable) is stored in our membership database provided to us by APT Solutions Ltd, who act as a data processor. In addition, your name, contact details, national insurance number, date of birth and financial details are stored in the SD Worx payroll database.

Event Attendees
 Event attendees may be constituents but can also be non-constituents. They are anyone who attends an event run by Londonwide LMCs Ltd or Londonwide Enterprise Ltd.
 Purpose

We process the personal data in order to run and manage the event the event attendee is attending. We may take photos or video footage of some events this will be made clear to all delegates prior to the day and at the start of the day.

Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.

Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

Any special category data relating to access requirements and/or dietary preferences is processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.

 

 Personal data:

Name

Contact postal address

Contact email address

Contact telephone number

Practice name(s)

Dietary preferences

Access requirements

Photos/Video footage taken at an event.

 Who provides the personal data:

Directly from the data subject: event attendee or from the person booking the event on their behalf, eg a Practice Manager for a GP.

 Who we share your personal data with:

We may share your name with the speakers or sponsors of an event and if this is the case, you will be informed.  We may share names with our landlord, the British Medical Association, if the event is held at our office. We may also share access requirements with the Landlord if an individual PEP is required.

 

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry.

 How we store your data

Your personal data is stored in our membership database provided to us by APT Solutions Ltd, who act as a data processor.

We don’t store any payment card details, these are processed through the Stripe Payment Platform. https://stripe.com/gb/privacy

Some of our free events are processed using Event Brite. event brite-privacy-policy

Event Exhibitors, Event Sponsors, Event Speakers and Blended Learning Programme Trainers and Mentors
 Event exhibitors, sponsors and speakers are normally non-constituents but may also be constituents.  They are anyone who exhibits, sponsor or speaks at an event run by Londonwide LMCs Ltd or Londonwide Enterprise Ltd. This section also covers the Programme Trainers and Mentors on the Blended Learning Programmes.
 Purpose

We process the personal data in order to run and manage the event and/or run the training programme. We may take photos or video footage of some events this will be made clear to all delegates prior to the day and at the start of the day.

 Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.

Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

Any special category data relating to access requirements and/or dietary preferences is processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.

 Personal data:

Name

Contact postal address

Contact email address

Contact telephone number

Dietary preferences

Access requirements

Photos/Video footage at an event/training day

CVs for trainers and mentors.

 Who provides the personal data:

Directly from the data subject: event exhibitor contact, sponsor contact, speaker contact, trainer or mentor.

 Who we share your personal data with:

We may share your name with the speakers or sponsors of an event and if this is the case, you will be informed.

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry.

 How we store your data

Your personal data is stored in our membership database provided to us by APT Solutions Ltd, who act as a data processor.

Blended learning programme students
 Practice Managers, Practice Nurses or Health Care Assistants attending one of our blended learning training programmes. They may be a constituent or a non-constituent.
 Purpose

We process the personal data in order to provide the blended learning training programmes.

We may take photos or video footage of some training days, this will be made clear to all delegates prior to the day and at the start of the day.

Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.

Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

Any special category data relating to access requirements and/or dietary preferences is processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.

 

 Personal data:

Name

Contact postal address

Contact email address

Contact telephone number

Date of Birth (required for accreditation)

Gender, ethnicity, sexual orientation, religion (collected on a separate form and held as non-identifiable statistics)

Dietary preferences

Access requirements

Photos/video footage taken at a training day

Work submitted.

 Who provides the personal data:

Directly from the student or from the person commissioning a group booking.

 

 Who we share your personal data with:

Universities providing accreditation for the courses: University of Middlesex. Trainers and mentors providing support on the course.

 Personal data transfers outside of the EEA

None.

 

 How long we retain your personal data

We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry.

 How we store your data

Your personal data is stored in a training database provided by Kent House Ltd.

We don’t store any payment card details, these are processed through the Stripe Payment Platform. https://stripe.com/gb/privacy

Employees/Workers
 All staff who have a contract of employment or a service agreement with Londonwide LMCs Ltd/Londonwide Enterprise Ltd
 Purpose

We process the personal data in order to fulfil obligations of an employment contract, provide a safe working environment, and meet legal obligations.

Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.

GDPR Article 6 (1) (c) ‘Processing is necessary for compliance with a legal obligation to which the controller is subject’.

Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

Any special category data is normally processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.

 

 Personal data:

Name

Contact details

Date of Birth

Gender

National insurance number/Passport/ID number

Work Permit/Visa details (for non-EU nationals)

Emergency contact details

Dietary requirements

Access requirements.

 Who provides the personal data:

Employee/Worker

 Who we share your personal data with:

Landlord (British Medical Association) for access purposes

HM Revenue & Customs, regulators (such as the ICO) and other authorities if required under law.

Pension providers for management of auto enrolment compliance.

Data processors, who assist in the operation of our organisation, including, SD Worx for payroll and leave, Pension providers.

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry.

 How we store your data

In paper and electronic HR files, Payroll and leave system hosted by SD Worx, who act as a data processor, Pension providers systems.

Job applicants
 Any individual who applies for a position at Londonwide LMCs Ltd/Londonwide Enterprise Ltd
 Purpose

We process the personal data in order to fulfil obligations of making pre-contract checks, providing a safe working environment, and meeting legal obligations.

Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’.

GDPR Article 6 (1) (c) ‘Processing is necessary for compliance with a legal obligation to which the controller is subject.’

Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

Any special category data is normally processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.

 

 Personal data:

Name

Contact details

Right to work (is checked at interview but is not stored for applicants)

Ethnicity, gender, age, access requirements (captured on a separate form and are held in a non-identifiable form for equality monitoring)

Declaration of unspent convictions under the Rehabilitation of Offenders Act 1974 (the declaration forms are kept separately from the application forms or CVs).

 Who provides the personal data:

Job applicant

Agency

 Who we share your personal data with:

Interview panel

Names will be shared with the Landlord for access purposes to the office.

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

We keep identifiable details for a period of 6 months after the interviews are concluded.

 How we store your data

In paper and electronic HR files.

Suppliers & Contractors
 All suppliers and contractors who provide services to Londonwide LMCs Ltd/Londonwide Enterprise Ltd.
 Purpose

We process the personal data in order to manage the contract and the services.

Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

 Personal data:

Name

Contact details

 Who provides the personal data:

Data Subject directly or from the supplier company they work for.

 Who we share your personal data with:

Landlord (British Medical Association) for access purposes

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

Personal identifiable data will be held for as long as the contract is in place.

We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry.

 How we store your data

In paper and electronic files.

Press
 All press contacts
 Purpose

We process the personal data in order to manage press contacts.

 Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

 

 Personal data:

Name

Contact details

Company they work for

 Who provides the personal data:

Data Subject directly or from the company they work for.

 Who we share your personal data with:

Landlord (British Medical Association) for access purposes

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

Personal identifiable data will be held for as long as the contract is in place.

  How we store your data

In paper and electronic files.

Visitors to our office
 All visitors to our office.
 Purpose

We process the personal data for security and safety reasons.

If your visit is planned, we’ll send your name and visit information to our landlord, the British Medical Association’s (BMA), security, who are our landlord, before your visit – so that we can print a personalised badge for your arrival. If you arrive without an appointment, you will be given a generic visitor badge. You must wear a pass throughout your visit.

Lawful basis for the processing:

General Data Protection Regulation (GDPR) Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’

 Personal data:

Name

Contact details

Company they work for.

Closed-circuit television (CCTV) used in the communal areas of the British Medical Association building is not operated by us, so we are not the controller. It is under the control of the building landlord, BMA.

 Who provides the personal data:

Data Subject directly or from the company they work for/representing.

 Who we share your personal data with:

Name and Company they represent are shared with our Landlord, the BMA for access purposes

 Personal data transfers outside of the EEA

None.

 How long we retain your personal data

Personalised badges will be destroyed when you leave the premises.

 How we store your data

In electronic files.

Visitors to our website and how we use Cookies

Use of Cookies by Londonwide LMCs

A cookie is a small text file that is placed on your computer or smart phone when you visit a website. Cookies are widely used to make websites work, or work more efficiently, as well as storing some information about your preferences or past actions.

We use Matomo and Hotjar to monitor use of the site and improve it for the future. We do not use Google Analytics. No personal data about users is retrieved or stored.

Matomo

What is it?

Matomo is a complete, ethical analytics tool that:

  • Offers 100% data ownership and data protection
  • Respects user privacy
  • Gives you control over what you do with your own data
  • Complies with GDPR and EU data law

How does Matomo work?

Matomo is an application that does mainly two things:

  • collect and store analytics data
  • provide reports of the stored data

To achieve that result, several parts of Matomo come into play:

  • the JavaScript tracker is served by Matomo via HTTP so that websites can include it in their pages
  • the tracker collects data on the web page it’s included in and sends it to Matomo by calling the HTTP tracking API
  • the archiving task runs and pre-processes data
  • data is exposed in reports, which are accessible through the web interface or the HTTP reporting API
Cookie NameCookie ProviderPurposeExpiry

 

Type
Essential Cookies

These cookies enable your cookie consent to be stored

CookieControlCivic UK Cookie Control

 

This cookie stores data on the user’s visits to the website and is used to remember a user’s choice of cookies on the website for www.lmc.org.uk.

 

3 monthsHTTP
Statistic Cookies

These cookies help us to understand how visitors interact with our website by collecting and reporting information anonymously.

_pk_id#MatomoCollects statistics on the user’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read.1 yearHTTP
_pk_ses#MatomoUsed by Piwik Analytics Platform to track page requests from the visitor during the session.1 dayHTTP
vuidvimeo.comCollects data on the user’s visits to the website, such as which pages have been read.

 

2 yearsHTTP
_hjSessionUser_{site_id}HotjarIt sets when a user first lands on a page and persists the Hotjar User ID which is unique to that site. It ensures data from subsequent visits to the same site are attributed to the same user ID. No identifying personal data is stored against this User ID.365 days durationJSON data type
_hjidHotjarIt sets when a user first lands on a page and persists the Hotjar User ID which is unique to that site. It ensures data from subsequent visits to the same site are attributed to the same user ID. No identifying personal data is stored against this User ID.365 days durationUUID data type
_hjFirstSeenHotjarIdentifies a new user’s first session. Used by Recording filters to identify new user sessionsSessionBoolean true/false data type
_hjViewportIdHotjarStores user viewport details such as size and dimensions.SessionUUID data type
_hjSession_{site_id}HotjarHolds current session data. Ensures subsequent requests in the session window are attributed to the same session.30 minutes durationJSON data type
_hjSessionTooLargeHotjarCauses Hotjar to stop collecting data if a session becomes too large. Determined automatically by a signal from the WebSocket server if the session size exceeds the limit.SessionBoolean true/false data type
_hjSessionRejectedHotjarIf present, set to ‘1’ for the duration of a user’s session, when Hotjar has rejected the session from connecting to our WebSocket due to server overload. Applied in extremely rare situations to prevent severe performance issues.SessionBoolean true/false data type
_hjSessionResumedHotjarSet when a session/recording is reconnected to Hotjar servers after a break in connection.SessionBoolean true/false data type
_hjLocalStorageTestHotjarChecks if the Hotjar Tracking Code can use local storage. If it can, a value of 1 is set. Data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created.Under 100msBoolean true/false data type
_hjAbsoluteSessionInProgressHotjarUsed to detect the first pageview session of a user.30 minutes durationBoolean true/false data type
_hjTLDTestHotjarWe try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. Enables us to try to determine the most generic cookie path to use, instead of page hostname. It means that cookies can be shared across subdomains (where applicable). After this check, the cookie is removed.SessionBoolean true/false data type

How can I change my cookie settings or disable the cookies

You can change your cookie settings at any time by clicking on the C icon in the bottom left hand corner of the webpage and adjusting the sliders to ‘On’ or ‘Off’ or by adjusting your browser settings, but this may mean that you are unable to access all the services on the website. The sliders are set to off as a default position.

Most web browsers allow some control of most cookies through browser settings and you can normally access these through the help menu. You may need to refresh the webpage for new settings to take effect.

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing. We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. In the individual sections, we have detailed any specific instances of sharing with data processors.

In some circumstances we are legally obliged to share information. For example, under a court order, where sharing is required we will satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.

Your Rights
 The right to be informed – which is what this privacy notice is for
 The right to access the data we hold about you This is commonly known as a ‘subject access request’

 

 The right to object to processing carried out in the public interest, please contact us on info@lmc.org.uk
 The right to object to direct marketing – either use the unsubscribe button in an email or contact us on info@lmc.org.uk
 The right to erasure (right to be forgotten)(in some circumstances)
 The right to data portability (in some circumstances)

 

 The right to have your data rectified if it is inaccurate

 

 The right to have your data restricted or blocked from processing

To exercise any of these rights, please contact us on governance@lmc.org.uk

You also have the right to lodge a complaint with the supervisory authority, which is the UK Information Commissioner, who you can contact via their helpline or as directed on their website www.ico.org.uk.

How to contact us and exercise your rights

Londonwide LMCs is not required to have a Data Protection Officer. The Data Protection Lead is the Associate Director of Data & Information Governance. If you have a data protection query, please contact us via governance@lmc.org.uk.

Any future changes to this policy will published on the website (www.lmc.org.uk) and communicated to constituents. New versions of the privacy policy will be indicated by the version number and updated date.