View Blood Tests
Contact Us
OriginNewBlue
Origin TRT
0 ITEMS
View all Tests
Contact Us
Origin TRT
0 ITEMS

Privacy Policy

ORIGIN BLOODS – DATA PROTECTION AND PRIVACY NOTICE

The General Data Protection Regulation (GDPR) seeks to protect and enhance the rights of patients and individuals. These rights cover the safeguarding of personal data and protection against the unlawful processing of personal data.

Origin Health Care Group Ltd (Company No. 16914475), trading as Origin Bloods, operates in partnership with SJLD Ltd (Company No. 13138487), trading as Urban Health Care, which is registered with and regulated by the Care Quality Commission (CQC).

CQC Location ID: 1-11736605080
CQC Provider ID: 1-10993862536

The Data Controller for clinical services is SJLD Ltd trading as Urban Health Care, which is also registered with the Information Commissioner’s Office (ICO).

The Data Protection Officer (DPO) is Timothy Liggins, who ensures that the clinic complies with data protection requirements and that personal data is collected, used, stored, and disposed of responsibly.

The Information Governance (IG) Lead is Timothy Liggins, who maintains a robust Information Governance Management Framework for the current and future management of information and compliance with relevant legislation.

This privacy notice explains the type of personal information we hold, why we hold it, and how it is used.

In providing blood testing services and clinical interpretation, we will ask for information about you and your health. We may also receive information about you from other healthcare providers who have been involved in your care.

We do not share your personal information with third parties unless we have a contract in place for them to process data on our behalf, or unless we are legally required to do so.

Where referrals to other healthcare providers are necessary, your consent will be obtained before any personal data is shared.

We only collect and use personal information for specific lawful purposes. Below, we explain the categories of data we hold, why we hold them, and the lawful basis for processing.

Categories of Data

Origin Bloods processes personal data and special category data, including:

  • Patient health records, laboratory reports, correspondence, and personal details
  • Clinical information required to provide blood testing services and doctor interpretation
  • Staff employment records, including health information and criminal record checks (for safe recruitment and performance management)
  • Personal data used for marketing purposes (where consent has been provided)
  • Personal data relating to contractors and service providers
  • Limited payment-related data, such as transaction references, payment status, and billing information associated with one-time purchases or services

Card and bank details are processed securely by third-party payment service providers and are not stored by Origin Bloods or the clinic.

Lawful Basis for Processing Your Data

Processing includes collecting, storing, updating, and archiving data.

We process personal and special category data on the following lawful bases:

  • Patient data: processed to provide safe and effective healthcare, blood testing, and clinical interpretation, and where necessary in our legitimate interests and in accordance with healthcare obligations under data protection law
  • Staff data: processed to meet legal obligations under employment, taxation, and pensions legislation
  • Contractor data: processed to fulfil contractual obligations
  • Marketing data: processed only where valid consent has been provided

Your contact details (such as name, date of birth, address, telephone number, and email address) are used to manage test orders, appointments, send reminders, deliver results, and support continuity of care.

Financial information relating to fees and payments is processed to fulfil contractual and legal financial obligations.

Health records (special category data) include clinical records, blood test results, medical history, clinician notes, correspondence, appointment details, and complaints relating to your care.

Sharing Your Information

Your information is normally accessed only by those working within the clinic.

Where necessary, information may be shared on a strict need-to-know basis with:

  • Accredited laboratories involved in analysing your blood sample, including Inuvi Lab
  • Other healthcare professionals involved in your care (e.g. specialists or your GP, where appropriate)
  • IT and clinical software providers for secure data hosting and backup
  • Accountants, occupational health providers, and government agencies such as HMRC (where legally required)

All recipients of data are legally required to maintain confidentiality.

Information will not be disclosed without consent unless required by law or where there is a serious risk to health or safety.

Use of Clinical Management Software (Semble.io)

We use Semble.io, a UK-based clinical practice management system, to securely manage patient records, test requests, appointments, correspondence, and clinical documentation.

Semble.io acts as a data processor on our behalf and processes personal and special category health data strictly in accordance with our instructions and applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

All data stored within Semble.io is hosted on secure servers and protected by industry-standard technical and organisational security measures, including encryption, access controls, audit logging, and routine security monitoring.

Access is restricted to authorised clinic staff only.

How We Keep Your Data Secure

Personal and special category data is stored securely on our clinical systems.

Access is limited to authorised staff who are trained in data protection and confidentiality obligations.

Systems are protected by access controls, audit trails, and routine backups.

Information Governance procedures support ongoing data security and compliance.

Retention of Data

Patient records are retained for as long as we are providing care or recall services.

In line with Department of Health guidance, medical records may be retained for up to 30 years where appropriate.

Employment records are retained for six years after employment ends (or longer where legally required).

Contractor data is retained for seven years after contract completion.

Website Use, Cookies and Analytics

When you visit the Origin Bloods website, limited personal data may be collected through the use of cookies and similar technologies. This may include your IP address, device information, browser type, and information about how you use the website.

We currently use Google Analytics to help us understand how visitors interact with our website and to improve its performance and content.

Analytics cookies are not strictly necessary and are only placed on your device with your consent, which can be given or withdrawn at any time via our cookie consent banner.

For full details about the cookies we use and how you can manage your preferences, please refer to our Cookie Policy.

Your Rights

You have the right to:

  • Be informed about how your data is used
  • Access the information we hold about you
  • Request correction of inaccurate data
  • Request erasure of certain non-clinical data (clinical records cannot usually be erased)
  • Request transfer of your data to another provider
  • Object to certain uses of your data, such as marketing communications

Requests should be made in writing to Timothy Liggins (DPO) at rm@urbanhealthcare.co.uk.

Identity verification may be required.

Requests will be responded to within 30 days.

Concerns About Data Use

If you have concerns about how your data is used, please discuss them with your clinician or healthcare professional, or contact the Data Protection Officer.

If concerns cannot be resolved and you remain dissatisfied, you may raise a complaint with the Information Commissioner’s Office (ICO) via www.ico.org.uk or by calling 0303 123 1113.