Privacy policy

Introduction

Blue Lozenge is committed to protecting your privacy and personal data. As putting people first is one of our core values, we encourage you to carefully read this Privacy Policy.

This Policy informs you of our data protection and privacy practices and the way your personal data is collected, processed, and used by Blue Lozenge. This Policy is readily available on our home page and at the bottom of each page of this Website.

Blue Lozenge strongly supports the fundamental rights to privacy and data protection as well as compliance with UK and international privacy laws, particularly the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Policy is applicable to all Blue Lozenge entities which collect, process, use, transfer, and store personal data.

Who we are

Blue Lozenge is a healthcare communications and engagement agency dedicated to transforming healthcare through strategic communication and engagement. Our registered address is:

10a High Street, Chislehurst, Bromley, Kent, BR7 5AN

For questions about this privacy policy or our data practices, please contact:

Data Protection Officer
Blue Lozenge
Email: hello@bluelozenge.co.uk how to manage your cookies.

What information we collect

We may collect the following types of personal data:

    • Identity data: Names, titles, and other identifiers
    • Contact data: Email addresses, telephone numbers, postal addresses
    • Technical data: IP addresses, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
    • Usage data: Information about how you use our website
    • Marketing preferences: Your preferences in receiving marketing communications from us 

How we collect your information

We collect your personal data through:

    • Direct interactions: When you contact us, request information, complete forms on our website, or provide feedback
    • Automated technologies: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions, and patterns
    • Third parties: We may receive information about you from various third parties such as analytics providers and search engines

    How we process your personal data

    Blue Lozenge respects the rights of each individual to have their privacy and personal data protected. We will observe the following principles when processing your personal data:

      • Processing your personal data fairly, lawfully and in a transparent manner
      • Collecting your personal data for specified, legitimate purposes and not processing further in ways incompatible with those purposes
      • Collecting your personal data which is relevant to and not excessive for the purposes for which it is collected and used
      • Maintaining your personal data and ensuring it is accurate, and where necessary, kept up-to-date
      • Keeping your personal data only as long as it is necessary for the purposes for which it was collected and processed
      • Processing your personal data in accordance with your legal rights
      • Taking appropriate technical and organisational security measures to protect your data
      • Processing your personal data only with a valid legal basis

    We process your personal data in accordance with the UK GDPR for the following purposes:

      • To respond to your enquiries
      • To provide you with information or services you have requested
      • To improve our website and user experience
      • To send you relevant communications about our services
      • To comply with legal obligations
      • To maintain the security of our website
      • To manage client relationships
      • To manage partner and supplier relationships
      • To handle applications for employment
      • To manage product and institutional communications
      • To administer legal formalities and prevent fraud
      • To process subscription to newsletters
      • To manage and respond to contact requests
      • To secure access to our websites

    All personal data is processed with care and attention to confidentiality, reflecting our commitment to being compassionate and data-driven, two of our core values.

    Legal basis for processing

    We process your personal data based on one or more of the following legal grounds:

      • Consent: Where you have explicitly agreed to us processing your data for a specific purpose
      • Contract: Where processing is necessary to fulfil our contractual obligations to you
      • Legitimate interest: Where we have a legitimate business interest in processing your data, such as improving our services or communicating with you as a business contact
      • Legal obligation: Where we are required to process your data to comply with legal requirements 

    Data retention

    We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Our specific retention periods are determined by the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and our legal requirements.

    The typical retention periods for different types of data include:

     

      • Client relationship data: Term of the contract plus applicable limitation periods
      • Partner and supplier relationship data: Term of the contract plus applicable limitation periods
      • Employment application data: 2 years
      • Website communications data: Duration of the communication plus applicable limitation periods
      • Newsletter subscription data: Duration of subscription to the newsletter
      • Contact request data: Time required to process the request
      • Website access logs: 6 months to 1 year maximum
      • Data rights request records: 1 year or 6 years from the request, according to the right exercised
      • Event participation data: Duration of the event/programme and related marketing activities plus applicable limitation periods 

    In the event of litigation or legal proceedings initiated before the end of the above periods that require the retention of personal data, such data shall be retained for the duration of said proceedings and until the exhaustion of all legal remedies.

    Your rights

    Under UK data protection laws, you have the following rights regarding your personal data:

     

      • Right to access: Request copies of your personal data
      • Right to rectification: Request correction of inaccurate or incomplete data
      • Right to erasure: Request deletion of your personal data under certain circumstances
      • Right to restrict processing: Request limitation of processing under certain circumstances
      • Right to data portability: Request transfer of your data to another organisation
      • Right to object: Object to processing of your personal data
      • Rights related to automated decision making: Request human intervention for automated decisions 

    To exercise any of these rights, please contact us using the details provided above. We will respond to all legitimate requests within one month.

    Cookies

    Our website uses cookies to distinguish you from other users and to enhance your experience. A cookie is a small file placed on your device that enables our website to recognise your device and gather information about your interaction with our website.

    Types of cookies we use

      • Essential cookies: Required for the operation of our website
      • Analytical/performance cookies: Allow us to recognise and count visitors and analyse website usage
      • Functionality cookies: Enable our website to remember your preferences
      • Targeting cookies: Record your visit to our website, the pages you visit, and the links you follow 

    Cookie consent

    When you first visit our website, you will be presented with a cookie banner that allows you to:

      • Accept all cookies
      • Reject non-essential cookies
      • Customise your cookie preferences

    You can change your cookie preferences at any time by clicking on the “Cookie Settings” link in the footer of our website.

    Google analytics

    We use Google Analytics to understand how visitors interact with our website. Google Analytics stores information about:

      • The pages you visit
      • How long you spend on each page
      • How you arrived at our website
      • What you click on while visiting our website

    We have configured Google Analytics to anonymise IP addresses and have enabled the data sharing settings that support our use of the service while limiting Google’s use of the data.

    You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at: https://tools.google.com/dlpage/gaoptout

     

    Data security

    We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include:

     

      • Encryption of sensitive data
      • Regular security assessments
      • Access controls and authentication procedures
      • Staff training on data protection
      • Secure disposal of data when no longer required

    We regularly review and update these security measures.

    Data breach notification

    In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

    Recipients of your data

    We may share your personal information within our group of companies. We may also share your personal data with:

      • Our suppliers and service providers, including IT service providers, who help us operate our business and website
      • Our business partners where they are helping us to market and advertise our services or providing services to you
      • Event partners or sponsors when you participate in an event or programme
      • Our professional advisers including lawyers, auditors, and insurers
      • Tax and social security bodies, public authorities, court officers and ministerial officers where legally required
      • Regulatory bodies and law enforcement agencies, where necessary for legal or regulatory purposes

    International data transfers

    We primarily store and process your personal data within the United Kingdom and the European Economic Area (EEA). However, in some cases, your data may be transferred outside the UK and EEA, including to countries which have less strict, or no data protection laws, when compared to those in the UK.

    Whenever we transfer your information as described above, we will take steps which are reasonably necessary to ensure adequate safeguards are in place to protect your personal information, such as:

     

      • Standard Contractual Clauses approved by the UK government
      • Adequacy decisions by the UK government
      • Binding Corporate Rules
      • International Data Transfer Agreements

    If you are located in the UK, you may contact us for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

    Children’s privacy

    Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information. If you believe that we might have any information from or about a child, please contact us.

    Legal disclosures

    We may disclose your personal data if required to do so by law or in good faith belief that such action is necessary to:

      • Comply with a legal obligation
      • Protect and defend our rights or property
      • Prevent or investigate possible wrongdoing
      • Protect the personal safety of our staff, clients, or the public
      • Protect against legal liability

    Changes to this Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the “Last Updated” date at the top of this Privacy Policy and notify you through a notice on our website or by email if the changes are material.

    Links to third-party websites

    Our website may provide links to third-party applications, products, services, or websites for your convenience and information. If you access those links, you will leave the Blue Lozenge website. Blue Lozenge does not control those third-party websites or their privacy practices, which may differ from our practices. We do not endorse or make any representations about third-party websites.

    The personal data you choose to provide to or that is collected by these third parties is not covered by this Policy. We encourage you to review the privacy policy of any website you interact with before allowing the collection and use of your personal data.

    We may also provide social media links that enable you to share data with your social networks and to interact with Blue Lozenge on various social media sites. Your use of these links may result in the collection or sharing of data about you, depending on the feature. We encourage you to review the privacy policies and settings on the social media sites with which you interact.

    If you post, comment, indicate interest, or share personal data, including photographs, to any public forum, social network, blog, or other such forum, please be aware that any personal data you submit can be read, viewed, collected, or used by other users of these forums, and could be used to contact you, send you unsolicited messages, or for purposes that neither you nor Blue Lozenge have control over. Blue Lozenge is not responsible for the personal data you choose to submit in these forums.

    Changes to this Privacy Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. When we make changes, we will update the “Last Updated” date at the bottom of this Privacy Policy and notify you through a notice on our website or by email if the changes are material.

    Complaints

    If you have a complaint about how we have handled your personal data, please contact us first so we can try to resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

    All requests regarding your data protection rights and any questions regarding this Privacy Policy, can be sent to our Data Protection Officer via hello@bluelozenge.co.uk.

    Last updated: 7 May 2025