TDL Group Privacy Notice
It is the policy of The Doctors Laboratory Group (TDL) supported by its board of directors, to take steps to ensure that your information is kept confidential and secure and to otherwise protect and respect your privacy. TDL will only ever collect and process the minimum amount of information required in order to provide our pathology services.
As well as the steps set out in this policy, TDL is accredited to the international standard for Information Security Management Systems set out in ISO/ISE 27001, our certificate may be found here.
This is a high level privacy notice describing the information that TDL processes, the purpose of that processing, and how we protect it. For more detailed information including the lawful basis for processing please read this ‘Detailed Privacy Notice’.
Who is the data controller?
TDL is is the largest independent provider of clinical laboratory diagnostic services in the UK providing pathology services to the private and public sector, information about the companies that comprise our group can be found at the respective websites:
This policy together with your terms and conditions sets out the basis on which any information TDL (TDL) collects from you, or that you provide to TDL, will be processed by TDL. Please read the following carefully to understand our views and practices regarding your information and how we will treat it.
TDL as a data controller and/or processor
In providing products and services, TDL may be acting as a data processor on behalf of a third parties (such as clinicians, hospitals and/or insurers) who will themselves be the data controllers, or as a data controller (if for example you are an employee). Where acting as a data controller, TDL will comply in full with this policy. Where acting as a data processor, TDL will be required to act on the instructions of the data controller
Information TDL may collect from or about you
Typically the information about data subjects that is processed by TDL comes from clinicians that you visit for healthcare purposes, but it may also be collected via email, over the phone or any other means of communication. They send us personal information in addition to pathology samples (body fluids or tissues) and request tests are carried out upon those samples.
The information provided to TDL may include:
- your name, date of birth, gender, address, e-mail address and in some cases phone number and card payment details, and medical history;
- practice details of the requesting clinician such as address, specialities and secretary information;
- information that is necessary to process invoices including patient demographics, financial, bank and credit card information, medical and insurer specific information such as insurer name and policy/identification details;
You may also give TDL information by accessing or filling in forms on its websites at: www.tdlpathology.com, www.hslpathology.com, https://10to8.com/book/tdlandrology, (‘TDL sites’) or by corresponding with TDL via its products and services, by phone, e-mail or otherwise. This includes information you provide when you register to use TDL’s sites, or place an order on TDL sites and when you report a problem with TDL sites, or participate in communications or discussions on other social media platforms.
Uses of the information you provide
TDL will use this information:
To carry out TDL’s obligations arising from any contracts entered into between your clinician and TDL and to provide them with the information, products and services request from TDL such as:
- the provision of pathology services, and associated processing of bills for payment;
- providing test requesting and results delivery management tools
- to process invoices on behalf of various parties, such as clinicians, hospitals and insurers;
- for process management and improvement;
- to notify you or your clinician about changes to TDL’s products and services and to otherwise manage TDL’s communications with you; and/or;
- to ensure that content from TDL’s sites are presented in the most effective manner for you and for your computer.
Disclosure of your information
TDL may share your information with selected third parties including:
- any member of its group, which means its subsidiaries, ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- business partners, referral laboratories, suppliers, insurers, logistics companies, debt management agencies, and sub-contractors required for the performance of any contract TDL enter into with them, you or your clinician;
- for the purpose of investigating any potential legal claims against TDL, your information may be shared with our insurers in order to obtain insurance advice and services
- National screening or public health monitoring schemes such as Public Health England;
- Information about your interactions with our websites may be shared with organisations that assist TDL in the improvement and optimisation of websites.
When TDL shares such information, it will ensure that it is only sharing as much information as is required to fulfil the purpose for which it is sharing it.
TDL may also disclose your information to third parties if TDL are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply TDL terms and conditions and other agreements; or to protect the rights, property, or safety of TDL, its customers, employees, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your information
Unless specific consent is sought and received, or another of the conditions for transferring data outside the EEA under GDPR satisfied (such as the inclusion of EU model contractual clauses in our contract with the supplier/ third party) we will not transfer your information outside of the EEA. The policy of your Data Controller, which could be your hospital, clinician, insurer etc… may be different to this so you should check carefully the relevant privacy policies in order to fully understand their implications.
Under the General Data Protection Regulation you are given certain rights to control aspects of the processing of your information. You can exercise these rights at any time by contacting TDL via the methods set out in the Contact section below.
TDL, 1 Mabledon Place, London WC1H 9AX