Privacy Notes

At Holistic Gynaecology Clinic London, we prioritize both your health and the protection of your personal information. Our mission is to safeguard your details with the same level of care as we provide for your well-being.

Transparency and accessibility of information to patients are fundamental principles outlined in the Protection Act 1998 and the EU General Data Protection Regulations (GDPR). It is imperative that we demonstrate how these regulations will be implemented.

The following notice serves to inform you of your rights under the aforementioned legislation and outlines how Oval Medical Centre will utilize your information for lawful purposes to facilitate the delivery of your care and enhance your quality of life.

Data Controller

As your private gynaecology service provider, we are responsible for managing and controlling any personal data that we possess regarding you. Please contact:

Data Protection Officer:

Miguel Stucchi

By email at miguel.stucchi@holisticgynaecologylondon.co.uk

Data Controller:

72 Silvermere Road, Catford, London SE6 4QS.

 

Which details regarding you do we gather and retain?

We will gather the following types of information directly from you or from a third party involved in providing your care:

“Personal data,” which refers to any information pertaining to an identifiable individual who can be directly or indirectly identified from the data. This may include, but is not limited to, name, date of birth, gender, full address, contact number, email address, next of kin details, and NHS Number.

“Special category/sensitive data,” encompassing medical history such as details of appointments and interactions with you, prescribed medications, emergency appointments and admissions, clinical notes, treatments administered, investigation results, supportive care arrangements, social care status, racial or ethnic origin, genetic information, and sexual orientation.

Your healthcare records encompass information regarding your health and any previous treatment or care received (e.g., from hospitals, GP surgeries, community care providers, mental health care facilities, walk-in centers, social services). These records may exist in electronic form, on paper, or a combination of both. We employ a range of technologies and operational practices to maintain the security and confidentiality of your information.

 

From whom do we receive information?

While we may disclose your information to the aforementioned organizations, we also receive updates from them to maintain the accuracy of your medical records and to facilitate the provision of suitable care by our clinic and your physician. Additionally, we may receive data from the NHS regarding any healthcare services you are currently receiving from them.

What is the purpose behind the collection of this information?

We collect and retain your personal and sensitive data to facilitate the provision of the expected treatment. In order to deliver our services, we are required to process your information in compliance with prevailing data protection regulations.

 

In what manner is the information gathered?

The initial point of data collection typically involves patients themselves, who provide personal data during registration at the clinic. Special category data are collected by healthcare professionals, specifically doctors and nurses, only when deemed essential for administering the necessary treatment. Additionally, with patient consent and to facilitate required treatment, we may obtain data from third parties, including GP surgeries, hospitals, private clinics, and imaging centers.

Information is gathered either electronically through secure transfer or encrypted network connections. Subsequently, this data is stored in your electronic patient record.

 

What are the purposes for which we utilise this information?

Our primary objective is to provide you with the highest standard of care possible, ensuring that all personal and sensitive data remain current. Your records will be utilized to enhance the quality of care you receive. Additionally, we may leverage the data held to enhance our service, communicate with you regarding your health and well-being, and conduct clinical audits aimed at monitoring service quality.

 

With whom shall we share your information?

To facilitate the delivery and coordination of your health and care services, we may disclose information to the following providers:

– The Doctor Laboratory;

– Allianza Insurance;

– GP surgeries and NHS Hospitals.

Your information will be shared solely if deemed necessary for the provision of your care or to fulfill our statutory functions and legal obligations as your private healthcare provider.

 

Legal Grounds for Data Processing

Your information will undergo processing solely if it is deemed appropriate for the provision of direct care, improvement of healthcare services, and/or fulfillment of our lawful function and legal obligations under the General Data Protection Regulation (GDPR). This processing is necessary under Article 6(1)(d) of the GDPR, which pertains to protecting the vital interests of the data subject or another natural person, and Article 9(2)(h), which concerns the purposes of preventive or occupational medicine for assessing the working capacity of employees, medical diagnosis, the provision of health or social care treatment, or the management of health or social care systems and services.

How is the confidentiality of your records upheld?

We are dedicated to safeguarding your privacy and adhere strictly to the lawful collection and usage of information. Every staff member at the clinic is bound by legal obligations to maintain the confidentiality of your information. Our commitment to confidentiality is reinforced through annual training and awareness initiatives, restricting access to personal data to authorized personnel only, and sharing information solely with organizations and individuals possessing legitimate and legal grounds for access.

Furthermore, we ensure that information is retained for no longer than necessary.

 

Retention of Your Personal Data

Electronic patient records (EPRs) must be retained and preserved indefinitely, with no immediate plans for destruction or deletion.

 

Is it necessary for me to provide my consent?

The General Data Protection Regulation (GDPR) establishes stringent criteria for consent. Consent entails providing individuals with genuine autonomy and control over the use of their data. However, consent represents just one potential lawful basis for processing information. Hence, as your private healthcare provider, explicit consent may not always be required for every instance of processing and sharing your information, provided such actions align with the terms outlined in this notice.

Within the clinic, consent will be sought under the following circumstances:

When patients self-request protected health information.
When patients authorize the clinic to disclose health information to relatives.
When patients wish to have their health information transmitted via post/email.
Your consent will be duly recorded within your electronic patient record.

 

What are the implications if I choose not to provide consent or raise an objection?

You possess the prerogative to formally revoke your consent at any time for a specific instance of data processing, provided that consent serves as the legal foundation for the processing. For additional information and to raise your objection, kindly liaise with your GP Practice.

 

Accessing Your Personal Data

The Data Protection Act 1998 and the General Data Protection Regulation provide you with the opportunity to ascertain the information held about you, including details contained within your medical records, whether in electronic or physical form. This entitlement is commonly referred to as the “right of subject access.” Should you wish to access all or a portion of your records, you may request assistance from the administrative area, who will facilitate the process for you.

Your right and Your Personal Information

As we process your personal data, you are entitled to certain rights, including:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

Under the Data Protection Act 1998 and the General Data Protection Regulation, you have the right to access the information held about you, including details within your medical records, whether in electronic or physical form. This entitlement is commonly known as the “right of subject access.” Should you wish to access all or a portion of your records, you may request assistance from the receptionist, who will guide you through the process.

Please note that we may need to verify your identity, and therefore, we may request a copy of your passport, driving license, and/or recent utility bill.

If you believe any of the personal data we hold about you is inaccurate or incomplete, such as your name or address, please inform us promptly so that necessary amendments can be made, ensuring that our records for you remain accurate and up-to-date.

 

Mobile Telephone Number

If you furnish us with your mobile phone number, we may utilize it to dispatch reminders regarding your appointments or other health screening information. Kindly inform us if you prefer not to receive reminders on your mobile device.

Should you deem it necessary for your data to be erased, please direct your request to the Data Protection Officer, whose contact information is provided above.

If you wish for us to discontinue the storage or utilization of your data, please reach out to the Data Protection Officer, as their contact details are displayed above.

 

Complaints

Should you believe that we have not complied with current data protection legislation, either in responding to your request or in our general processing of your personal information, we kindly request that you first raise your concerns in writing to the Deputy Manager.

Miguel Stucchi

72 Silvermere Rd, SE6 4QS.

If you continue to be dissatisfied with our response, you may address your concerns to the Information Commissioner’s Office at:

Wycliffe House, Water Lane, Wimslow, Cheshire SK9 5AF –
Enquiry Line: 01625 545700 or online at www.ico.gov.uk