It is the policy of Health Services Laboratories (HSL) supported by its board of directors, to take steps to ensure that your information is kept confidential and secure and to otherwise protect and respect your privacy. HSL will only ever collect and process the minimum amount of information required in order to provide our pathology services. As well as the steps set out in this policy, HSL is accredited to the international standard for Information Security Management Systems set out in ISO/ISE 27001, our certificate may be found here.
This is a high level privacy notice describing the information that HSL processes, the purpose of that processing, and how we protect it. For more detailed information including the lawful basis for processing please read this ‘Detailed Privacy Notice’.
Who is the data controller?
HSL is a part of The Doctors Laboratory Group, the largest independent provider of clinical laboratory diagnostic services in the UK providing pathology services to the private and public sector, information about the companies that comprise our group can be found at the respective websites:
This policy together with your terms and conditions sets out the basis on which any information HSL collects from you, or that you provide to HSL, will be processed. Please read the following carefully to understand our views and practices regarding your information and how we will treat it.
HSL as a data controller and/or processor
In providing products and services, HSL may be acting as a data processor on behalf of a third parties (such as clinicians, hospitals and/or insurers) who will themselves be the data controllers, or as a data controller (if for example you are an employee). Where acting as a data controller, HSL will comply in full with this policy. Where acting as a data processor, HSL will be required to act on the instructions of the data controller.
Information HSL may collect from or about you
Typically the information about data subjects that is processed by HSL comes from clinicians that you visit for healthcare purposes, but it may also be collected via email, over the phone or any other means of communication. They send us personal information in addition to pathology samples (body fluids or tissues) and request tests are carried out upon those samples.
The information provided to HSL may include:
- your name, date of birth, gender, address, e-mail address and in some cases phone number and card payment details, and medical history;
- practice details of the requesting clinician such as address, specialities and secretary information;
- information that is necessary to process invoices including patient demographics, financial, bank and credit card information, medical and insurer specific information such as insurer name and policy/ identification details;
You may also give HSL information by accessing or filling in forms on its websites at: www.tdlpathology.com, hslpathology.com, https://10to8.com/book/tdlandrology/, or by corresponding with HSL via its products and services, by phone, e-mail or otherwise. This includes information you provide when you register to use HSL’s sites, or place an order on HSL sites and when you report a problem with HSL sites, or participate in communications or discussions on other social media platforms.
We may record telephone calls you make to our customer contact centre in order to:
– Check for quality and incidents
– Effectively train staff and review performance
– Prevention of malicious acts
We do this in the interests of offering a good service to our customers and to protect data. If you object to this, you will need to end the call when you are told that calls may be recorded. Alternative methods of communication are available.
Uses of the information you provide
HSL will use this information:
To carry out HSL’s obligations arising from any contracts entered into between your clinician and HSL and to provide them with the information, products and services request from HSL such as:
- the provision of pathology services, associated records retention in accordance with Royal College of Pathologists Guidelines (more details about which may be found here), and processing of bills for payment;
- providing test requesting and results delivery management tools
- to process invoices on behalf of various parties, such as clinicians, hospitals and insurers;
- for process management and improvement;
- to notify you or your clinician about changes to HSL’s products and services and to otherwise manage HSL’s communications with you; and/or;
- to ensure that content from HSL’s sites are presented in the most effective manner for you and for your computer.
Disclosure of your information
HSL may share your information with selected third parties including:
- any member of The Doctors Laboratory Group, which means its subsidiaries, ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- business partners, referral laboratories, suppliers, insurers, logistics companies, debt management agencies, and sub-contractors required for the performance of any contract HSL enter into with them, you or your clinician;
- for the purpose of investigating any potential legal claims against TDL, your information may be shared with our insurers in order to obtain insurance advice and services;
- National screening or public health monitoring schemes such as Public Health England;
- Information about your interactions with our websites may be shared with organisations that assist HSL in the improvement and optimisation of websites.
When HSL shares such information, it will ensure that it is only sharing as much information as is required to fulfil the purpose for which it is sharing it.
HSL may also disclose your information to third parties if HSL are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply HSL terms and conditions and other agreements; or to protect the rights, property, or safety of HSL, its customers, employees, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your information
Unless specific consent is sought and received, or another of the conditions for transferring data outside the EEA under GDPR satisfied (such as the inclusion of EU model contractual clauses in our contract with the supplier/ third party) we will not transfer your information outside of the EEA. The policy of your Data Controller, which could be your hospital, clinician, insurer etc… may be different to this so you should check carefully the relevant privacy policies in order to fully understand their implications.
Under the General Data Protection Regulation you are given certain rights to control aspects of the processing of your information. You can exercise these rights at any time by contacting HSL via the methods set out in the “contact” section below.
HSL Data Protection
1 Mabledon Place