Effective date: January 2026 V2.1

This Operational Privacy Notice explains how personal information is handled when you use the LEO360 telehealth service (‘LEO360’) in the United Kingdom. It describes what data is collected, why it is used, how it is protected, and who it is shared with, in a clear and transparent way.

LEO360 is designed to support access to remote healthcare services. We take the protection of personal and health information seriously and process all data in accordance with UK data protection law.

GPDQ acts as the Data Controller and is responsible for determining the purposes and means of processing personal and health data related to the provision of clinical care. GPDQ’s Privacy Notice explains how personal data is used, stored, and protected in relation to medical services.

https://www.gpdq.co.uk/privacy-policy/

Lyons Global LTD (LEO360) and Davidsons Homes act as Data Processors, processing personal data solely on the documented instructions of GPDQ and in accordance with applicable data protection law.

Lyons Global LTD Privacy Notice Link: Operational Privacy Notice for LEO360 (UK) (1).docx

GPDQ Privacy Notice Link: GPDQ Privacy Notice.docx

Davidsons Developments Ltd Customer Privacy Notice is available on https://davidsonsgroup.co.uk/privacy-notice

Davidsons Developments Ltd Employee Privacy Notice is available on the company’s Intranet.

1. Scope

LEO360 is a telehealth access solution that enables users to connect to remote clinical services provided by authorised healthcare professionals.

From a patient and user perspective, LEO360 is experienced as:

•  A physical telehealth access point (a Robot (LEO360) located within the Broadnook community or employee health), and

•  A web-based telehealth interface, accessible via a browser or supported mobile device, used to get an online appointment. 

LEO360 itself does not provide clinical care. It facilitates secure access to telehealth services delivered by GPDQ, which acts as the Data Controller and clinical service provider.

This notice applies to:

• LEO360 web and mobile applications
• LEO360 telehealth platform
• All users located in the United Kingdom
• All internal staff, contractors, and third-party processors who interact with LEO360 data

This notice operates alongside the public Privacy Policy and takes precedence for operational clarity.

2. Roles and Responsibilities Under UK GDPR

2.1 LEO360 Role

LEO360 operates strictly as a Data Processor, not a Data Controller.

LEO360 processes data only on documented instructions from the Data Controller and does not determine the purposes or means of processing personal or medical data.

2.2 Data Controller

Primary Data Controller: Semble (GPDQ Group) Semble is the sole controller for:

• Patient identity data
  • Medical and clinical records
  • Healthcare regulatory compliance

3. Personal Data Collected (Actual Collection)

LEO360 does not store or persist identifiable user data or medical records within its own databases. The platform operates as an orchestration and communication layer only.

3.1 Identifiers Stored by LEO360

LEO360 stores the following identifiers:

• EHR_user_id (issued by the Semble EHR system)

The EHR_user_id is pseudonymous, not anonymous. When combined with authorised access to the Semble EHR system, it can be linked to an identifiable individual.

LEO360 treats this identifier as personal data under UK GDPR.

3.2 Medical and User Data (Not Stored by LEO360)

LEO360 does not store, persist, or process the following within its own systems:

• Names
  • Email addresses
  • Phone numbers
  • Dates of birth
  • Addresses
  • Medical history
  • Symptoms
  • Diagnoses
  • Prescriptions
  • Consultation notes
  • Uploaded medical documents

All such data is stored, processed, and governed exclusively by a third-party EHR provider.

3.3 Automatically Collected Technical Data

LEO360 processes limited technical and operational metadata required for platform reliability and security:

• EHR_user_id
  • Session identifiers
  • Timestamps
  • Error and diagnostic metadata

LEO360 uses third-party error tracking and performance monitoring services which may collect:

• Stack traces
  • Runtime environment details
  • Browser and operating system information
  • Anonymised IP data (where supported by the provider)

Medical device payloads and medical content are not intentionally logged. Error tracking is configured to minimise data capture and exclude medical content wherever technically possible.

3.3 Automatically Collected Technical Data

Collected directly by LEO360 systems and integrated services:

• IP address
• Device identifiers
• Operating system and version
• Browser type and version
• Screen resolution
• Language settings
• Time zone
• Referrer URLs
• Session timestamps
• Log files and error traces

4. Browser and Tracking Information (Including Third Parties)

4.1 Vonage Video Service Provider

LEO360 uses Vonage Video Services for real-time communication. Vonage independently collects:

• IP address
  • Browser type and version
  • Operating system
  • Device type
  • Network performance metrics
  • Session timestamps

This data is processed under Vonage’s role as a sub-processor. LEO360 does not store this browser data.

4.2 Error Tracking and Operational Analytics (Anonymised)

LEO360 uses third-party error tracking and operational analysis services to maintain system stability and security.

• No user profiles are created
  • No medical records are intentionally captured
  • Data is used only for debugging, reliability, and security analysis

These services may process limited browser and environment metadata independently of LEO360.

4.3 First-Party Cookies

LEO360 uses essential cookies only for:

• Security
  • Session integrity
  • System-to-system communication

No advertising or behavioral profiling cookies are used.

4.2 Google Analytics (Anonymised)

LEO360 uses Google Analytics configured for anonymized measurement only.

• IP anonymisation is enabled
• No user identifiers are passed
• Analytics data is not linked to EHR_user_id or any personal identifiers

Google Analytics is used solely for aggregated usage statistics and platform performance analysis.

4.3 First-Party Cookies

LEO360 uses essential cookies only for:

• Security
• Session integrity
• System-to-system communication

No advertising or behavioral profiling cookies are used.

4.2 First-Party Cookies and Storage

LEO360 uses essential cookies only, strictly required for:

• Session integrity
• Security protections
• Communication with the EHR system No advertising or profiling cookies are used.

5. Purpose of Processing (Operational)

LEO360 processes data strictly to:

• Securely transmit patient data from medical devices to the Semble EHR
• Establish and maintain encrypted video communication sessions
• Authenticate sessions using EHR_user_id
• Ensure system integrity, availability, and security
• Meet contractual and regulatory obligations as a data processor LEO360 does not use data for advertising, profiling, or secondary purposes.

6. Data Storage and Processing Locations

• Primary infrastructure: United Kingdom and European Economic Area (EEA)
• Backup and disaster recovery: EEA
• Limited processing may occur outside the UK/EEA by third-party processors under Standard Contractual Clauses (SCCs)

7. Data Access (Who Can See the Data)

7.1 LEO360 Staff Access

LEO360 staff may, in limited and authorized circumstances, view patient data retrieved in real time from the Semble EHR system for operational or clinical support purposes.

• Data is fetched on demand from Semble
  • Data is displayed transiently to authorized staff
  • Data is not stored or persisted within LEO360 systems Access is:
  • Role-based
  • Logged
  • Restricted to authorized personnel only

7.2 External Access

• Semble (GPDQ Group) – full access as Data Controller
  • Vonage – browser and communication metadata
  • Error tracking providers – anonymized diagnostic data

8. Data Retention (Actual Practice)

• Account data: retained until account deletion
• Medical records: retained in line with UK healthcare regulations
• Audio/video recordings: retained only if required for clinical or legal reasons
• Logs and technical metadata: 30–90 days
• Backups: up to 90 days

Deletion from active systems does not immediately remove data from encrypted backups.

9. Security Measures

Appropriate technical and organisational measures are in place to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

These measures are designed to ensure the confidentiality, integrity, and availability of personal data and are proportionate to the nature and sensitivity of the data processed.

Access to personal data is restricted to authorised personnel and service providers who require access in order to perform their duties and who are subject to confidentiality obligations.

Security measures are regularly reviewed and updated in line with legal, regulatory, and industry standards.

10. User Rights (Operational Handling)

UK users have the right to:

• Access their data
• Rectify inaccuracies
• Request deletion (subject to medical/legal retention)
• Restrict or object to processing
• Data portability

Requests are processed within statutory timeframes via: [email protected]

11. Third-Party Processors (Non-Exhaustive)

11.1 Data Controller / EHR Provider

• Semble (GPDQ Group) – Data Controller and system of record for all patient and medical data

11.2 Sub-Processors

• Vonage – video communication and associated browser/device metadata
  • Error tracking and monitoring providers – anonymized operational diagnostics
  • Cloud infrastructure providers – secure hosting and networking

All sub-processors are governed by contractual agreements and UK GDPR-compliant safeguards.

11.2 Video Communication Provider

• Vonage – real-time audio/video communication and associated browser/device metadata collection

11.3 Infrastructure Providers

• Cloud and network providers supporting application availability and security

12. Changes to This Notice

This document is reviewed regularly and updated when operational practices change. Material changes will be communicated to users where required.

13. Individual Rights

Under UK data protection law, individuals have specific rights in relation to their personal data.

These rights include the right to:

• Request access to their personal data
• Request correction of inaccurate or incomplete data
• Request erasure of personal data, where applicable
• Request restriction of processing in certain circumstances
• Object to the processing of personal data
• Request data portability, where legally applicable

Requests to exercise these rights should be directed to GPDQ, as the Data Controller.

How to Exercise Your Rights

To exercise any of the rights listed above, individuals may contact GPDQ’s Data Protection Officer using the contact details provided in this Privacy Notice.

GPDQ will respond to requests in accordance with applicable legal requirements and within the statutory timeframes set out under UK data protection law.

Right to Lodge a Complaint

Individuals also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if they believe their personal data has been processed unlawfully.

Information about how to raise a concern with the ICO is available on the ICO website.

14.  Escalation and Complaints

If an individual has concerns about how their personal data is being processed, they are encouraged to raise these concerns in the first instance with GPDQ, as the Data Controller, or with GPDQ’s Data Protection Officer using the contact details provided in this Privacy Notice.

If the concern is not resolved satisfactorily, individuals have the right to escalate the matter to the UK Information Commissioner’s Office (ICO), which is the UK’s independent authority responsible for data protection.

ICO contact details:

• Website: https://www.ico.org.uk
• Telephone: 0303 123 1113
• Postal address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Document title: LEO360 Operational Privacy Notice

Version: 2.0

Effective date: January 2026

Last review date: January 2026

Next scheduled review: January 2027

Document owner: GPDQ (Data Controller)

Version	Date	Description of Change	Approved By
1.0	January 2026	Initial approved version	GPDQ
2.0	January 2026	Updated partners Privacy Notice Statements	DDL

Contact details for the Lyons Global Data Protection Officer: Masoud Tavakkoli

Phone Number: +971-50 204 2722

Email: [email protected]