Privacy Policy

Logan Tod & Co  |  Last updated: 12 June 2026  |  Version 2.0

In plain English: Logan Tod & Co is a small healthcare consultancy. We collect minimal personal data, we don't sell it to anyone, and we only use it to run our business and deliver our services. This policy explains what we collect, why, and your rights.

1. Who We Are

Logan Tod & Co is a healthcare operational intelligence consultancy registered in England and Wales.

  • Company name: Logan Tod & Co
  • Company number: 10763659
  • Registered address: Mansion House, Manchester Road, Altrincham, Cheshire, England, WA14 4RW
  • Website: www.logantod.net
  • Data Protection Officer (DPO): Zhiqian Huang
  • Contact: zhiqian.huang@logantod.net
  • ICO Registration Number: ZA643572

We are registered with the Information Commissioner's Office (ICO) as a data controller.

2. What Personal Data We Collect and Why

We collect and process personal data in the following circumstances:

Category Data Collected Purpose Lawful Basis (UK GDPR)
Website visitors No personal data is collected by our website. We do not use cookies that track individuals, and we do not operate contact forms that store submissions. N/A N/A
Clients & business contacts Name, job title, organisation, work email address, work phone number Delivering consulting services, managing contracts, business communications Art. 6(1)(b) — Contract performance; Art. 6(1)(f) — Legitimate interests
Prospective clients Name, job title, organisation, work email address Business development outreach and follow-up Art. 6(1)(f) — Legitimate interests
Suppliers & partners Name, job title, work email, company details Managing supplier relationships and contracts Art. 6(1)(b) — Contract performance; Art. 6(1)(f) — Legitimate interests

We do not process patient data. Our A&E operational intelligence product processes fully anonymised operational data only.

3. How We Collect Personal Data

  • Directly from you — when you email us, meet us at events, or engage us for services
  • Via LinkedIn — for business development purposes (publicly available professional information)
  • From your organisation — when your employer engages Logan Tod as a consultant

We do not buy personal data from third parties or use data brokers.

4. Who We Share Your Data With

Where necessary to deliver our services and run our business, we share personal data with trusted third-party service providers in the following categories:

  • Cloud productivity and document storage providers
  • Payroll and accounting software providers
  • Customer relationship management (CRM) providers
  • AI-assisted productivity tools (business data only — no patient data)

All third-party processors are bound by Data Processing Agreements (DPAs) compliant with Article 28 UK GDPR. They are only permitted to process your data on our instruction and may not use it for their own purposes.

A full list of our processors is available on request from our DPO at zhiqian.huang@logantod.net.

We do not sell, rent or trade personal data. We do not share personal data with any third party for marketing purposes.

5. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purpose it was collected, in accordance with our Data Retention Policy and the Records Management Code of Practice 2021:

  • Client and business contact data: 3 years after the end of our relationship
  • Financial records: 7 years (HMRC legal obligation)
  • Prospective client data: 2 years from last contact, unless you ask us to remove it sooner

When data reaches the end of its retention period it is securely deleted from all systems.

6. How We Keep Your Data Safe

We have appropriate technical and organisational measures in place to protect personal data against unauthorised access, loss, or misuse — including encryption, access controls, and regular staff training. As a healthcare consultancy, we complete the NHS Data Security and Protection Toolkit (DSPT) self-assessment annually. We review our security measures regularly.

7. Your Rights

Under UK GDPR you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — ask us to correct inaccurate or incomplete data
  • Right to erasure — ask us to delete your data (where no legal obligation to retain it applies)
  • Right to restriction — ask us to limit how we use your data
  • Right to portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Rights related to automated decision-making — we do not make automated decisions about individuals

To exercise any of these rights, contact our DPO: zhiqian.huang@logantod.net

We will respond within one month. There is no charge for exercising your rights.

8. Cookies

Our website logantod.net does not use cookies that track or identify individual visitors. If this changes in the future, this policy will be updated and a cookie banner will be added to the website.

9. Complaints

If you are unhappy with how we have handled your personal data, please contact us first at zhiqian.huang@logantod.net and we will do our best to resolve it.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

10. Changes to This Policy

We review this privacy policy annually. When we make significant changes we will update the date at the top of this page. The current version is always available at logantod.net/privacy-policy.