Private Medical Clinic is dedicated to safeguarding your privacy and upholding the highest standards of data protection. We acknowledge the trust you place in us by providing your personal information and recognise the importance of protecting and respecting your privacy. In full compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act in effect in the UK (“Data Protection Laws”), we adhere to established clinical and medical guidelines, including those periodically issued by the General Medical Council, specified Royal Colleges, and the Nursing and Midwifery Council.
Should you have any inquiries or concerns regarding the information contained in this policy or our approach to handling your data, please do not hesitate to contact us at firstname.lastname@example.org.
Collection of Personal Information
In this policy, the term “personal data” denotes information that can identify you as an individual or has the potential to do so. We may gather this information directly from you or from a third party, including but not limited to family members, legal guardians, insurance companies, healthcare professionals, clinical referrers, and others.
To provide you with our services, we may accumulate information about you through various interactions with us, including visiting our website, digitally completing an enquiry form, or communicating with us via post, email, or telephone. Depending on the services you receive from us, this may encompass sensitive personal data related to your health.
Personal data collected from you may encompass the following:
- Details provided by you when you make an enquiry, become a customer or patient, or apply for a job, including your name, address, and contact information (such as email address and phone number).
- Records of referrals, quotes, and other contact information and correspondence we have had with you.
- Information regarding the services or treatment you have received from us, doctors we have referred you to, or third parties who have referred you to us.
- Data obtained from customer surveys, promotions, and competitions in which you have participated.
- Recordings of phone calls with you that we either receive or make.
- Health-related notes and reports, including information about clinic and hospital visits and administered medications.
- Patient feedback and treatment outcome information provided by you.
- Information regarding complaints and incidents.
- Data you provide when making payments to us, such as financial or credit card information.
We may also obtain information about you from the following sources:
- Family members or representatives acting on your behalf.
- Doctors, healthcare professionals, hospitals, clinics, and other healthcare providers.
- NHS organisations that commission our services or doctors to whom we refer you for your care.
- Service providers collaborating with us in relation to your treatment, such as your insurance company or referring general practitioner/consultant/other doctors.
- Fraud detection and credit reference agencies.
- Publicly available sources, such as the edited electoral register or social media.
Patients Under 18 Years
There may be instances when we need to collect and process personal data regarding a child under 18 years of age, especially if requested by their parent or guardian for treatment. In such cases, we will ensure that we obtain consent from the parent or guardian and only collect and process the relevant and necessary personal data to facilitate the provision of treatment. We will not use the child’s personal data for any unrelated purpose without prior notification to the parent or guardian, clear specification of the legal basis for processing, and obtaining consent. If the child’s personal data needs to be transferred to a third party assisting with the treatment, we will communicate this to the parent or guardian beforehand and ensure that the third-party processor implements appropriate measures to safeguard the personal data.
Automatic Collection of Personal Data
When you use our website, we may automatically gather personal data about you, including:
- Technical information, such as the Internet Protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone settings, browser plug-in types and versions, operating system, and platform.
- Information related to your website visit, encompassing the full URLs, clickstream data to, through, and from our site (including date and time), products you viewed or searched for, page response times, download errors, duration of visits to specific pages, page interaction information (e.g., scrolling, clicks, and mouse-overs), and methods used for navigating away from the page.
Lawful Basis of Processing
We typically process personal data concerning our customers and individuals receiving our services when we are either under a contract or in the process of negotiating one. Such processing is necessary for the execution of the contract or when specific steps are requested before entering into a contract.
Additionally, we may process limited personal data of contacts for the legitimate interests of our clinic. We possess a legitimate interest in maintaining contact with our customers and contacts, which may encompass sending targeted emails regarding updates about our business. We have weighed this legitimate interest against the rights of the individual and do not consider it unreasonable, as individuals at all times have the right to request the erasure of their personal data.
Categories of Personal Information
We process two categories of personal information and data about you:
- Standard personal demographic information (e.g., your name, contact details, address).
- Special categories of information (e.g., gender, date of birth, medical history, clinical information, ethnicity to assist us in tailoring our care, and information about credit financing and criminal history to enable anti-fraud and credit rating checks).
Collection of Personal Data
We may collect personal data about you when you:
- Visit our website.
- Enquire about our services or treatments (please note that, for training and service improvement purposes, calls to Private Medical Clinic and its agents may be monitored or recorded).
- Register as a customer or patient with us or book any of our services or treatments, including those provided by doctors to whom we refer you.
- Complete forms or surveys for us.
- Engage in transactions on our website.
- Participate in competitions, promotions, or other marketing activities.
- Make online payments.
- Contact us via email, telephone, or social media.
- Engage in interactive features provided through our websites and digital media.
- Are referred to us for treatment by a third-party referrer (e.g., insurance company, NHS organisation, medical consultant, or GP).
Health Information Collected During the Provision of Treatment or Services
Sensitive personal data, including information related to your health, will only be disclosed to third parties involved in your treatment or care with your explicit consent. If you become our patient, you will be asked for consent to share information with doctors, other medical professionals, and insurance companies.
Where applicable, such information may also be disclosed to individuals or organisations responsible for covering your treatment expenses or their agents. It may additionally be shared with external service providers and regulatory bodies (unless you object), specifically for the purposes of clinical audits aimed at ensuring the highest standards of care and record-keeping.
Medical Professionals Working With Us
If the healthcare professionals treating you believe it to be clinically advisable, we may share information about your treatment with your GP. You have the option to decline this, subject to legal permissions. However, it is important to recognise that withholding comprehensive medical history from your GP can pose serious risks to your health, and we strongly discourage it.
We may share information about your treatment, its clinical necessity, and its cost with your medical insurer, but only if they are covering all or part of your treatment with us. We will only provide the information to which they are entitled. If you raise a complaint or a claim, we may be required to share personal data with your medical insurer for the purpose of investigating such matters.
If you are referred to us for treatment by the NHS, we will share details of your treatment with the NHS entity that referred you to us, as necessary to perform, process, and report on that treatment.
We may be requested, and in some cases, obligated, to share specific information (including personal data and sensitive personal data) about you and your care with medical regulators, such as the General Medical Council or the Nursing and Midwifery Council. This may occur, for instance, if you lodge a complaint, or if the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate. We will ensure that we adhere to the legal framework and respect your privacy in such cases.
We participate in audits and initiatives aimed at ensuring that patients receive the best possible outcomes from their treatment and care. Your personal data will be treated with the utmost confidentiality in line with Data Protection Laws and confidentiality standards. Any data publication will be in anonymised, statistical form. Anonymous or aggregated data may be used by us or shared with third parties for research or statistical purposes.
Use of Your Personal Data
We process your personal information for several legitimate interests, including but not limited to:
- Managing your care and treatment.
- Maintaining communications in our relationship with you.
- Conducting marketing analysis.
- Engaging in clinical research and developing products/services.
- Facilitating the exercise of rights for claim handling.
Sensitive personal data related to your health will only be disclosed to those involved in your treatment or care or in alignment with UK laws and guidelines from professional bodies or for the purpose of clinical audits (unless you object). Further details regarding the use of health-related personal data are provided below:
- Facilitating our obligations to you arising from any contract between you and us, including the provision of services or treatments, billing, accounting, audit, credit or payment card verification, and anti-fraud screening.
- Providing information, products, or services requested by you.
- Supplying information about products or services that we offer and believe may interest you. Unless you have consented to receive electronic marketing communications from us (by checking the relevant box on the data collection form), we will only contact you electronically (via email or SMS) with information on products and services similar to those previously purchased or inquired about from us.
- Informing you of changes to our products or services.
- Managing our relationship with you, our business, and third parties providing products or services on our behalf (e.g., confirming that you have received a service you are covered for, validating invoices, etc.).
- Providing healthcare services on behalf of a third party (e.g., your employer).
- Ensuring efficient claims handling and investigating complaints (e.g., soliciting information from your consultant/practitioner to ensure accurate data and monitor treatment and care quality).
- Keeping our records up to date.
- Supplying marketing information within legal limits.
- Developing and executing marketing activities and presenting information tailored to your interests based on our understanding of your preferences, for statistical research and analysis to enhance products, services, websites, and apps, or to develop new ones.
- Conducting market research in progress.
- Assessing our performance, both clinically and non-clinically.
- Exercising our rights, defending against claims, and complying with applicable laws and regulations affecting us and our affiliated third parties.
- Participating in or being subject to sales, purchases, mergers, or takeovers involving all or part of the Private Medical Clinic business.
- Responding to requests when we have a legal or regulatory obligation to do so.
- Verifying the accuracy of your information and the quality of your treatment or care, including auditing medical and billing information for insurance claims and as part of any claims or litigation process.
- Supporting your doctor, nurse, or other healthcare professional.
- Evaluating the quality and/or type of care you have received (including offering you the opportunity to complete customer satisfaction surveys) and addressing any concerns or complaints you raise, ensuring they are appropriately investigated.
- Ensuring that content from our website is presented effectively for you and your computer.
Security of Your Personal Data
We safeguard all personal data in our possession by implementing suitable organisational and technical security measures to prevent unauthorised access or unlawful processing of personal data and to prevent data loss, destruction, or damage. Any personal data you provide to us will be retained only as long as necessary for the purpose for which it was collected and in accordance with all Data Protection Laws. Data protection regulations are harmonised throughout the European Economic Area (EEA), comprising EU member states, Norway, Iceland, and Liechtenstein. Countries outside the EEA generally do not offer the same level of personal information protection as those within the EEA. While we do not anticipate a need to transfer your data outside Europe, in the unlikely event that such a situation arises, we will keep you informed and ensure the existence of appropriate procedures to facilitate such transfers.
All information provided to us is securely stored. Payment transactions on our website are processed securely by third-party payment processors. We do not retain any form of personal financial or payment information ourselves. Upon request, we may occasionally transfer personal information to you via email, or you may opt to send information to us via email. It is important to note that email is not a secure method of information transmission, and if you choose to send or receive such information via email, you do so at your own risk.
Disclosure and Sharing of Your Personal Data
We may disclose your personal data under various circumstances as part of our regular business operations. This disclosure may include sharing your personal data with contracted organisations that support the delivery of our services. The following parties are examples of those with whom we may share your personal data:
- Contracted Medical and Clinical Staff: We may share your data with medical and clinical practice staff who are part of our contracted team. This is essential for the delivery of our services and treatments.
- Business Partners and Suppliers: In the course of our contractual agreements with you, we might need to share your data with business partners and suppliers who play a role in the delivery of services.
- IT Systems and Support Providers: To ensure the secure storage and management of your information, we may share your data with organisations providing IT systems and support services.
- Third-Party Debt Collectors: In cases where debt collection is necessary, we may share your data with third-party debt collectors.
- Third-Party Service Providers: For purposes like information storage and confidential destruction, we might share your data with third-party service providers.
- Third-Party Marketing Companies: If you consent to it, we may share your data with third-party marketing companies. However, this sharing will only concern products and services that we provide.
When we work with third-party data processors, we ensure that they adhere to contractual restrictions regarding confidentiality and security, in addition to complying with Data Protection Laws. Additionally, there are situations where we may disclose your personal data to third parties, such as:
- Business Transactions: If we buy or sell any business or assets, your data may be disclosed as part of such transactions.
- Legal Obligations: We may disclose your data to comply with legal requirements, such as responding to legal authorities in the context of claims or legal proceedings.
How Long We Keep Your Personal Information
The duration for which we retain your personal information is determined by several factors, including:
- The length of time you’ve been a patient and the level of service provided to you.
- The reasonable duration needed to demonstrate compliance with our obligations to you.
- Time limits for making claims.
- Legal requirements or recommendations from regulators, professional bodies, or associations.
- Relevant legal proceedings.
Here are specific retention periods for certain types of information:
- Patients: We retain your Personal Data for at least 6 years after the contract has ended to ensure compliance with the contract. Limited Personal Data may be kept for a longer period, as it serves our legitimate business interest in providing ongoing services.
- Enquiries: Limited Personal Data, including contact details, may be kept for up to six months to address follow-up questions related to enquiries.
- Marketing: We only send marketing information if you consent to it at the time of making an enquiry or becoming a patient. You can unsubscribe at any time.
- Recruitment: If you apply for a job with us, your information will be kept for a maximum of 12 months if you are not successful.
For more information about data retention, you can contact us at email@example.com
Non-Personal Information and Cookies; Other Websites
When you visit our website, cookies are used to enable various features and gather information. We may also use other companies to set cookies on our website and collect cookie-related data. Additionally, we may analyse Internet Protocol (IP) addresses or other anonymous data sources.
Cookies: Cookies are text files that contain small amounts of information downloaded to your device when you visit a website. They are sent back to the website on subsequent visits and help the website recognise your device. Cookies serve various functions, including improving user experience and ensuring relevant online advertisements.
- Category 1: These are essential for using our websites’ features and services, and your consent is not required for their use.
- Category 2: These collect information about how visitors use the website to improve its functionality. They do not identify individual users and are used for analytical purposes.
- Category 3: These allow the website to remember user preferences and provide personalised features.
- Category 4: These are used for targeted advertising and may be shared with advertising networks.
Other Websites: Our website may contain links to partner networks’ and affiliates’ websites. These websites have their own privacy policies, and we are not responsible for their policies. Please review their policies before sharing any personal data.
We may send you information about our products and services via mail, email, phone, or SMS if you’ve consented to it. You can opt out at any time by emailing firstname.lastname@example.org. We request a reasonable notice period to update our systems.
Privacy Notice for Call Recording
We use phone call recordings at Private Medical Clinic and collect personal data during these recordings. The data collected includes digital recordings of telephone conversations, telephone numbers of both parties, and any personal data disclosed during calls, such as names and contact details. Call recordings are stored securely on a server hosted by our phone provider, accessible only to senior members of the management team with authorised access.
These call recordings serve various purposes:
- Quality monitoring of staff performance.
- Resolution of complaints.
- Identification of training needs.
- Compliance with quality standards.
We may share call recordings with Investigating Officers to address complaints or issues. Under Data Protection legislation, we may disclose call recordings, including personal data, without explicit consent in certain situations, including law enforcement, safeguarding investigations, regulation and licensing, criminal prosecutions, and court proceedings.
Legal Basis for Processing Personal Data
Our processing of personal data is based on the legal grounds provided by data protection legislation. These include:
- Contractual obligation
- Legal obligation
- Legitimate interests, provided they do not override your interests and fundamental rights
Retention of Personal Data
Call recordings are held securely for no more than 28 days, unless required for investigations, legal reasons, or safeguarding concerns.
Your Rights in Relation to Your Information
You have several rights concerning your personal data, including:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to object
- Right to data portability
- Right to withdraw consent
- Right in relation to automated decisions
To exercise your rights, please contact email@example.com
Data Protection Contacts
Private Medical Clinic
You also have the right to make a complaint to the Information Commissioner’s Office (ICO). The ICO is the local privacy supervisory authority in the UK. Their contact information is provided above.