Privacy Policy
Last updated: 21 February 2026
This Privacy Policy explains how Lumen Clinical Ltd (“we”, “us”, “our”) collects, uses and protects your personal information when you visit our website, contact us, or use our services.
We take privacy seriously and handle personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Lumen Clinical Ltd
Website: www.lumenclinical.co.uk
Data protection contact: gdpr@lumenclinical.co.uk
For data protection purposes, we are the data controller for personal information collected through this website and most information you provide directly to us.
2. The Personal Data We Collect
We may collect the following types of personal data:
a) Information you give us
Name
Email address
Telephone number (if provided)
The content of your message or enquiry
b) Information we collect automatically
When you use our website, we may automatically collect:
IP address
Device and browser information (for example, operating system and browser type)
Pages you view, time spent on pages, and interactions with the site
Referring website/source
c) Health information
Our website is not intended to collect clinical information through general website enquiries. If you choose to share health information in a message to us, we will treat it as special category data and handle it with additional care.
3. How We Use Your Information
We use personal data to:
Respond to enquiries and provide information you request
Manage communications with you
Operate, maintain and secure our website
Improve our website, content and user experience
Meet legal and regulatory obligations where applicable
4. Lawful Basis For Processing
We process personal data under UK GDPR using one or more of the following lawful basis:
Legitimate interests: to run our website, respond to enquiries, and improve our services (balanced against your rights)
Consent: where you give it (for example, optional cookies/analytics if enabled, and any marketing if introduced)
Contract: where processing is needed to provide services you request or to take steps before entering into a contract
Legal obligation: where we must comply with the law
Special category data (health)
If we process health information you send us, we will do so under an appropriate lawful basis and condition, typically:
Explicit consent, and/or
Where applicable, processing necessary for the provision of health or social care or treatment (depending on service arrangements)
5. Cookies And Analytics
We may use cookies and similar technologies to make our website work and to understand how it is used.
Analytics: We may enable website analytics (for example, to understand page visits and improve content). If analytics is enabled, it may involve the use of cookies or similar technologies.
You can control cookies through your browser settings. If we implement a cookie banner or preference tool, you will be able to manage non-essential cookies there as well.
6. Who We Share Your Data With
We do not sell your personal data.
We may share personal data with trusted third parties who help us run our website and business, such as:
Website hosting and infrastructure providers
Email and communications providers
IT and security providers
Analytics providers (if enabled)
Professional advisers (for example, legal, accounting)
These providers are required to protect your information and only use it in line with our instructions where applicable.
If we introduce clinical delivery partners or platforms in future (for example, for bookings or secure clinical record handling), we will update this policy accordingly.
7. International Data Transfers
Some service providers may process data outside the UK. Where this happens, we ensure appropriate safeguards are in place (for example, UK adequacy regulations and/or contractual protections).
8. How Long We Keep Your Information
We keep personal data only for as long as necessary for the purposes set out in this policy.
As a guide:
Enquiries and communications: typically up to 24 months after last contact, unless we need to keep it longer for a legitimate reason
Operational and security logs: retained for a limited period as needed for security and troubleshooting
If we deliver clinical services and maintain clinical records, retention periods will be set in line with applicable legal, regulatory and professional requirements and described in an updated policy
9. How We Protect Your Information
We use appropriate technical and organisational measures to protect personal data, including access controls and secure systems. No online system is completely secure, but we take reasonable steps to safeguard your information.
10. Your Rights
You have rights under UK GDPR, including:
The right to access your data
The right to correct inaccurate data
The right to request deletion (where applicable)
The right to restrict or object to certain processing
The right to data portability (in some circumstances)
The right to withdraw consent (where processing is based on consent)
To exercise your rights, contact gdpr@lumenclinical.co.uk.
11. Complaints
If you have concerns, please contact us first at gdpr@lumenclinical.co.uk and we will try to resolve them within a reasonable timeframe.
You also have the right to complain to the UK regulator:
Information Commissioner’s Office (ICO).
12. Links To Other Websites
Our website may contain links to third-party websites. We are not responsible for their privacy practices and recommend reviewing their privacy policies.
13. Updates To This Policy
We may update this Privacy Policy from time to time. The latest version will always be published on this page with the updated date at the top.