020 3322 5416 020 3322 9482

Privacy Policy

Data protection principles

In relation to your personal data, we will comply with data protection law as set out by General Data Protection Regulation (GDPR). This means the data held about you must be processed fairly; lawfully and in a clear and transparent way; collected only for valid reasons in your time as a patient; not used in any way that is incompatible with those purposes and how we have told you about; accurate and up to date; kept only as long as is necessary; processed only for what you have consented to; will not be lost or destroyed; is kept securely both in paper form ( locked storage), or electronically (password protected on appropriate secure servers and firewalls) with measures have been taken to prevent accidental loss or disclosure, alteration, unauthorised access, destruction or abuse.

From time to time information may be shared with others involved in your care at the clinic, only when appropriate.  This includes clinical and clerical staff.  Anyone with access to your records is properly trained in keeping your data secure and private in line with GDPR.

You will be required to give written consent before any of your information is released – eg to health insurers, referral letters etc.  In rare cases we may be required by law to release your records without consent; for example if a court order is presented, or there is an imminent risk to the life of yourself or others, or it is in the public interest.

We may also share your data with third parties as part of a clinic sale or restructure, or for other reasons to comply with a legal obligation upon us. We will always keep you informed of these.

We may need to share your data with persons outside of the UK and European Economic Area. It is likely that this would be regarding your care with practitioners in accordance with your wishes.  We will always gain your consent for this.

To ensure your privacy, unless we are certain we are communicating with you, we will not disclose information to anyone, by any means, without your prior consent.

Types of information we hold about you

These include your name, address, date of birth, email address, phone numbers, gender, marital status, personal medical/ health information, including past medical history, your examination and treatment at the clinic, letters of referral to or from our clinic regarding your treatment with us.

Special categories of data

More sensitive personal data require a higher level of protection eg information about your health. We only process this to ensure the care or care access you receive at the clinic is appropriate.


There is no obligation to give consent for any data processing and consent can be withdrawn without consequence at any time.

How long we keep your data for

We are required by the our regulator to keep your data for eight years after your last visit.

If we do need to keep your data for longer than eight years, we will consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us.

Your rights in relation to your data

You can access the data that we hold on you; for any inaccuracies to be corrected; to be informed (via this privacy notice; to ask us to delete your data from our systems; the right to restrict the processing of the data; the right to portability. For any of the above please contact the Data Controller (details below).


You will not have to pay a fee for data access. We may charge a reasonable fee for more than one request for copies of information, or if your request for access is clearly unfounded or excessive.

Making a complaint

If you have any concerns or queries about this Privacy Notice, please contact the data controller. If you need to make a complaint you can also contact the Information Commissioner’s Office (ICO).

The Data Controller
Broadgate Health Clinic Ltd
65 London Wall