This privacy notice explains how Londonwide Local Medical Committees Limited (ICO registration number Z1239475) and its subsidiary company Londonwide Enterprise Ltd (ICO registration number Z1965945) process your data and for what reasons. The notice is layered, you can click on the section below that relates to you for more detail on how we use your data:
Constituents
Constituents are all practising GPs represented by the following Local Medical Committees (LMCs): Barnet, Bexley, Brent, Bromley, Camden, City & Hackney, Ealing, Hammersmith & Hounslow, Enfield, Greenwich, Haringey, Harrow, Hillingdon, Islington, Kensington, Chelsea & Westminster, Lambeth, Lewisham, Merton, Newham, Redbridge, Southwark, Sutton, Tower Hamlets, Waltham Forest, and Wandsworth. A GP is represented by the LMC, if they are registered on the National Performers List, working in the LMC area, and paying a statutory/administrative levy. Constituents also include sessional GPs and as the levy is paid per practice, constituents also include the practice staff employed by the practice. | |
Purpose: We process constituents’ personal data in order to provide the services and work outlined in the agreement between your LMC and Londonwide LMCs, which includes the following purposes:
| |
Lawful basis for the processing: The majority of our processing is carried out under General Data Protection Regulation (GDPR) Article 6 (1) (e) ‘Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority invested in the controller’. Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’ | |
Personal data: Name Contact postal address. Contact email address. Contact telephone number. Practice name(s) where you do most work. Date of birth. General Medical Council (GMC) number (for GPs). Gender. LMC area you do most work in. | |
Who provides the personal data: Data subject: Constituents directly. Practice Managers and other practice staff on behalf of the practice. We receive a minimum data set from NHS England with the details of GPs joining or leaving the performers list, which includes name, contact address, contact email address (if provided), GMC number, Date of birth (if provided) and practice where they are working.
| |
Who we share your personal data with:
| |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data When you retire as a GP, or are no longer registered on the NPL (national performers list), or you no longer work as a GP in an LMC area covered by Londonwide LMCs , unless you request to remain as a retired member on our database, we will lapse your record on the database keeping only minimum information including name, GMC number and work history, eg relationships to practices. For practice staff, their record will be lapsed when they no longer work in the areas covered by Londonwide LMCs. | |
How we store your data Your personal data is stored in our membership database provided to us by APT Solutions Ltd, who act as a data processor. |
Committee Members
Committee members are GPs elected or co-opted by other GPs in their LMC area, onto a Local Medical Committee (LMC). Practice Managers and Practice Nurses are invited representatives on the LMCs. | |
Purpose In addition to the purposes outlined under Constituents, we process committee members’ personal data for the purpose of administering the committee, including the election process and payment of honoraria. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6 (1) (e) ‘Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority invested in the controller’. GDPR Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’. GDPR Article 6 (1) (c) ‘Processing is necessary for compliance with a legal obligation to which the controller is subject’. Any special category data relating to access requirements and/or dietary preferences is processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’. Any special category data, eg BMA number is processed under GDPR Article 9 (2) (d) ‘processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects’.
| |
Personal data: In addition to the personal data described under constituents, we process:
| |
Who provides the personal data: Directly from the data subject: Committee members and invited representatives. | |
Who we share your personal data with: We provide name, contact details, national insurance number, date of birth and financial details to Automatic Data Processing Limited, who act as a data processor for us, in order to process and pay honoraria. We provide the names of Officers (LMC Chairs and LMC Vice-Chairs) to the General Practitioners Committee (GPC) for the entry under your LMC for the GPC year book. We provide details of the names of committee members to all constituents when we declare results of the LMC elections and the names of committee members are displayed on Londonwide LMCs’ website www.lmc.org.uk. We provide details to HMRC for tax purposes. | |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data When a committee member finishes their term of office or resigns from the committee, their personal information is retained on the payroll system until the completion of the next quarterly honoraria payment and in order to issue a P45. We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of the tax, payroll or accounting enquiry. | |
How we store your data Your personal data, including your BMA number (if applicable) is stored in our membership database provided to us by APT Solutions Ltd, who act as a data processor. In addition, your name, contact details, national insurance number, date of birth and financial details are stored in the Automatic Data Processing Limited payroll database. |
Event Attendees
Event attendees may be constituents but can also be non-constituents. They are anyone who attends an event run by Londonwide LMCs Ltd or Londonwide Enterprise Ltd. | |
Purpose We process the personal data in order to run and manage the event the event attendee is attending. We may take photos or video footage of some events this will be made clear to all delegates prior to the day and at the start of the day. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’. Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’ Any special category data relating to access requirements and/or dietary preferences is processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.
| |
Personal data: Name Contact postal address Contact email address Contact telephone number Practice name(s) Dietary preferences Access requirements Photos/Video footage taken at an event. | |
Who provides the personal data: Directly from the data subject: event attendee or from the person booking the event on their behalf, eg a Practice Manager for a GP. | |
Who we share your personal data with: We may share your name with the speakers or sponsors of an event and if this is the case, you will be informed. We may share names with our landlord, the British Medical Association, if the event is held at our office. We may also share access requirements with the Landlord if an individual PEP is required.
| |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry. | |
How we store your data Your personal data is stored in our membership database provided to us by APT Solutions Ltd, who act as a data processor. We don’t store any payment card details, these are processed through the Stripe Payment Platform. https://stripe.com/gb/privacy Some of our free events are processed using Event Brite. event brite-privacy-policy |
Event Exhibitors, Event Sponsors, Event Speakers and Blended Learning Programme Trainers and Mentors
Event exhibitors, sponsors and speakers are normally non-constituents but may also be constituents. They are anyone who exhibits, sponsor or speaks at an event run by Londonwide LMCs Ltd or Londonwide Enterprise Ltd. This section also covers the Programme Trainers and Mentors on the Blended Learning Programmes. | |
Purpose We process the personal data in order to run and manage the event and/or run the training programme. We may take photos or video footage of some events this will be made clear to all delegates prior to the day and at the start of the day. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’. Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’ Any special category data relating to access requirements and/or dietary preferences is processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’. | |
Personal data: Name Contact postal address Contact email address Contact telephone number Dietary preferences Access requirements Photos/Video footage at an event/training day CVs for trainers and mentors. | |
Who provides the personal data: Directly from the data subject: event exhibitor contact, sponsor contact, speaker contact, trainer or mentor. | |
Who we share your personal data with: We may share your name with the speakers or sponsors of an event and if this is the case, you will be informed. | |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry. | |
How we store your data Your personal data is stored in our membership database provided to us by APT Solutions Ltd, who act as a data processor. |
Blended learning programme students
Practice Managers, Practice Nurses or Health Care Assistants attending one of our blended learning training programmes. They may be a constituent or a non-constituent. | |
Purpose We process the personal data in order to provide the blended learning training programmes. We may take photos or video footage of some training days, this will be made clear to all delegates prior to the day and at the start of the day. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’. Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’ Any special category data relating to access requirements and/or dietary preferences is processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.
| |
Personal data: Name Contact postal address Contact email address Contact telephone number Date of Birth (required for accreditation) Gender, ethnicity, sexual orientation, religion (collected on a separate form and held as non-identifiable statistics) Dietary preferences Access requirements Photos/video footage taken at a training day Work submitted. | |
Who provides the personal data: Directly from the student or from the person commissioning a group booking.
| |
Who we share your personal data with: Universities providing accreditation for the courses: University of Middlesex. Trainers and mentors providing support on the course. | |
Personal data transfers outside of the EEA None.
| |
How long we retain your personal data We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry. | |
How we store your data Your personal data is stored in a training database provided by Kent House Ltd. We don’t store any payment card details, these are processed through the Stripe Payment Platform. https://stripe.com/gb/privacy |
Employees/Workers
All staff who have a contract of employment or a service agreement with Londonwide LMCs Ltd/Londonwide Enterprise Ltd | |
Purpose We process the personal data in order to fulfil obligations of an employment contract, provide a safe working environment, and meet legal obligations. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’. GDPR Article 6 (1) (c) ‘Processing is necessary for compliance with a legal obligation to which the controller is subject’. Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’ Any special category data is normally processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.
| |
Personal data: Name Contact details Date of Birth Gender National insurance number/Passport/ID number Work Permit/Visa details (for non-EU nationals) Emergency contact details Dietary requirements Access requirements. | |
Who provides the personal data: Employee/Worker | |
Who we share your personal data with: Landlord (British Medical Association) for access purposes HM Revenue & Customs, regulators (such as the ICO) and other authorities if required under law. Pension providers for management of auto enrolment compliance. Data processors, who assist in the operation of our organisation, including, Automatic Data Processing Limited for payroll and leave, Pension providers. | |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry. | |
How we store your data In paper and electronic HR files, Payroll and leave system hosted by Automatic Data Processing Limited, who act as a data processor, Pension providers systems. |
Job applicants
Any individual who applies for a position at Londonwide LMCs Ltd/Londonwide Enterprise Ltd | |
Purpose We process the personal data in order to fulfil obligations of making pre-contract checks, providing a safe working environment, and meeting legal obligations. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’. GDPR Article 6 (1) (c) ‘Processing is necessary for compliance with a legal obligation to which the controller is subject.’ Or under GDPR Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’ Any special category data is normally processed under GDPR Article 9 (2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’.
| |
Personal data: Name Contact details Right to work (is checked at interview but is not stored for applicants) Ethnicity, gender, age, access requirements (captured on a separate form and are held in a non-identifiable form for equality monitoring) Declaration of unspent convictions under the Rehabilitation of Offenders Act 1974 (the declaration forms are kept separately from the application forms or CVs). | |
Who provides the personal data: Job applicant Agency | |
Who we share your personal data with: Interview panel Names will be shared with the Landlord for access purposes to the office. | |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data We keep identifiable details for a period of 6 months after the interviews are concluded. | |
How we store your data In paper and electronic HR files. |
Suppliers & Contractors
All suppliers and contractors who provide services to Londonwide LMCs Ltd/Londonwide Enterprise Ltd. | |
Purpose We process the personal data in order to manage the contract and the services. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’ | |
Personal data: Name Contact details | |
Who provides the personal data: Data Subject directly or from the supplier company they work for. | |
Who we share your personal data with: Landlord (British Medical Association) for access purposes | |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data Personal identifiable data will be held for as long as the contract is in place. We need to keep the details of financial transactions for six years after the end of the financial year in which they were processed, in the event of an accounting enquiry. | |
How we store your data In paper and electronic files. |
Press
All press contacts | |
Purpose We process the personal data in order to manage press contacts. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’
| |
Personal data: Name Contact details Company they work for | |
Who provides the personal data: Data Subject directly or from the company they work for. | |
Who we share your personal data with: Landlord (British Medical Association) for access purposes | |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data Personal identifiable data will be held for as long as the contract is in place. | |
How we store your data In paper and electronic files. |
Visitors to our office
All visitors to our office. | |
Purpose We process the personal data for security and safety reasons. If your visit is planned, we’ll send your name and visit information to our landlord, the British Medical Association’s (BMA), security, who are our landlord, before your visit – so that we can print a personalised badge for your arrival. If you arrive without an appointment, you will be given a generic visitor badge. You must wear a pass throughout your visit. | |
Lawful basis for the processing: General Data Protection Regulation (GDPR) Article 6.1 (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’ | |
Personal data: Name Contact details Company they work for. Closed-circuit television (CCTV) used in the communal areas of the British Medical Association building is not operated by us, so we are not the controller. It is under the control of the building landlord, BMA. | |
Who provides the personal data: Data Subject directly or from the company they work for/representing. | |
Who we share your personal data with: Name and Company they represent are shared with our Landlord, the BMA for access purposes | |
Personal data transfers outside of the EEA None. | |
How long we retain your personal data Personalised badges will be destroyed when you leave the premises. | |
How we store your data In electronic files. |
Visitors to our website and how we use Cookies
Use of Cookies by Londonwide LMCs
A cookie is a small text file that is placed on your computer or smart phone when you visit a website. Cookies are widely used to make websites work, or work more efficiently, as well as storing some information about your preferences or past actions.
We use Matomo and Hotjar to monitor use of the site and improve it for the future. We do not use Google Analytics. No personal data about users is retrieved or stored.
Matomo
What is it?
Matomo is a complete, ethical analytics tool that:
- Offers 100% data ownership and data protection
- Respects user privacy
- Gives you control over what you do with your own data
- Complies with GDPR and EU data law
How does Matomo work?
Matomo is an application that does mainly two things:
- collect and store analytics data
- provide reports of the stored data
To achieve that result, several parts of Matomo come into play:
- the JavaScript tracker is served by Matomo via HTTP so that websites can include it in their pages
- the tracker collects data on the web page it’s included in and sends it to Matomo by calling the HTTP tracking API
- the archiving task runs and pre-processes data
- data is exposed in reports, which are accessible through the web interface or the HTTP reporting API
Cookie Name | Cookie Provider | Purpose | Expiry
| Type |
Essential Cookies These cookies enable your cookie consent to be stored | ||||
CookieControl | Civic UK Cookie Control
| This cookie stores data on the user’s visits to the website and is used to remember a user’s choice of cookies on the website for www.lmc.org.uk.
| 3 months | HTTP |
Statistic Cookies These cookies help us to understand how visitors interact with our website by collecting and reporting information anonymously. | ||||
_pk_id# | Matomo | Collects statistics on the user’s visits to the website, such as the number of visits, average time spent on the website and what pages have been read. | 1 year | HTTP |
_pk_ses# | Matomo | Used by Piwik Analytics Platform to track page requests from the visitor during the session. | 1 day | HTTP |
vuid | vimeo.com | Collects data on the user’s visits to the website, such as which pages have been read.
| 2 years | HTTP |
_hjSessionUser_{site_id} | Hotjar | It sets when a user first lands on a page and persists the Hotjar User ID which is unique to that site. It ensures data from subsequent visits to the same site are attributed to the same user ID. No identifying personal data is stored against this User ID. | 365 days duration | JSON data type |
_hjid | Hotjar | It sets when a user first lands on a page and persists the Hotjar User ID which is unique to that site. It ensures data from subsequent visits to the same site are attributed to the same user ID. No identifying personal data is stored against this User ID. | 365 days duration | UUID data type |
_hjFirstSeen | Hotjar | Identifies a new user’s first session. Used by Recording filters to identify new user sessions | Session | Boolean true/false data type |
_hjViewportId | Hotjar | Stores user viewport details such as size and dimensions. | Session | UUID data type |
_hjSession_{site_id} | Hotjar | Holds current session data. Ensures subsequent requests in the session window are attributed to the same session. | 30 minutes duration | JSON data type |
_hjSessionTooLarge | Hotjar | Causes Hotjar to stop collecting data if a session becomes too large. Determined automatically by a signal from the WebSocket server if the session size exceeds the limit. | Session | Boolean true/false data type |
_hjSessionRejected | Hotjar | If present, set to ‘1’ for the duration of a user’s session, when Hotjar has rejected the session from connecting to our WebSocket due to server overload. Applied in extremely rare situations to prevent severe performance issues. | Session | Boolean true/false data type |
_hjSessionResumed | Hotjar | Set when a session/recording is reconnected to Hotjar servers after a break in connection. | Session | Boolean true/false data type |
_hjLocalStorageTest | Hotjar | Checks if the Hotjar Tracking Code can use local storage. If it can, a value of 1 is set. Data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created. | Under 100ms | Boolean true/false data type |
_hjAbsoluteSessionInProgress | Hotjar | Used to detect the first pageview session of a user. | 30 minutes duration | Boolean true/false data type |
_hjTLDTest | Hotjar | We try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. Enables us to try to determine the most generic cookie path to use, instead of page hostname. It means that cookies can be shared across subdomains (where applicable). After this check, the cookie is removed. | Session | Boolean true/false data type |
How can I change my cookie settings or disable the cookies
You can change your cookie settings at any time by clicking on the C icon in the bottom left hand corner of the webpage and adjusting the sliders to ‘On’ or ‘Off’ or by adjusting your browser settings, but this may mean that you are unable to access all the services on the website. The sliders are set to off as a default position.
Most web browsers allow some control of most cookies through browser settings and you can normally access these through the help menu. You may need to refresh the webpage for new settings to take effect.
Sharing your information
We will not share your information with any third parties for the purposes of direct marketing. We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. In the individual sections, we have detailed any specific instances of sharing with data processors.
In some circumstances we are legally obliged to share information. For example, under a court order, where sharing is required we will satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.
Your Rights
The right to be informed – which is what this privacy notice is for | |
The right to access the data we hold about you This is commonly known as a ‘subject access request’
| |
The right to object to processing carried out in the public interest, please contact us on [email protected] | |
The right to object to direct marketing – either use the unsubscribe button in an email or contact us on [email protected] | |
The right to erasure (right to be forgotten)(in some circumstances) | |
The right to data portability (in some circumstances)
| |
The right to have your data rectified if it is inaccurate
| |
The right to have your data restricted or blocked from processing |
To exercise any of these rights, please contact us on [email protected]
You also have the right to lodge a complaint with the supervisory authority, which is the UK Information Commissioner, who you can contact via their helpline or as directed on their website www.ico.org.uk.
How to contact us and exercise your rights
Londonwide LMCs is not required to have a Data Protection Officer. The Data Protection Lead is the Associate Director of Data & Information Governance. If you have a data protection query, please contact us via [email protected].
Any future changes to this policy will published on the website (www.lmc.org.uk) and communicated to constituents. New versions of the privacy policy will be indicated by the version number and updated date.