Patient
Privacy Policy

What is a patient privacy policy?

Under data protection law you, as a patient of The Elphick Clinic Limited, have specific rights. To communicate these rights to you in a clear and concise manner, we are providing you with this privacy notice.

Who we are

The Elphick Clinic Limited, 47c Crown Road, St Margarets, Middlesex, TW1 3EJ

Telephone: 020 8891 2653
Email: enquiries@elphickclinic.com

For the purposes of processing your personal data we are the controller.

Data protection officer

As we record and use sensitive data we take the protection of this data very seriously. We have therefore appointed a Data Protection Officer, Paul Banfield, who is your first point of contact for any matters regarding your personal data we process.

Telephone: 020 8891 2653
Email: gdpr@elphickclinic.com
Postal address is as given above.

The personal data we process and what we do with it

We record and use the following categories of personal data which may include: name, address, telephone numbers, email address, date of birth, health insurance details, patient notes: (diagnosis, medical history and treatment records), medical records: (scan reports, GP letters). We may use your personal data to remind you of appointments, but you can opt-out of this service at any time.

Sharing your personal data

We only share your personal data with your explicit consent, where, for example we need claim treatments via a private health insurance provider or request MRI scans to be taken. Where third parties are used by us to store your personal data such as a practice management program, we ensure they are compliant with the data protection law.

Retaining your personal data

Whilst you are a patient at The Elphick Clinic we will continue to store and use your personal data. If you are an adult patient we will retain your personal data for 8 years after your last treatment. If you are a child patient we will retain your personal data until your 25th birthday (or 26th birthday if you are 17 at the time of your last treatment). Limited information will be retained within our accounts system indefinitely to maintain the integrity of the data.

Your rights

As we process your personal data, you have certain rights. These are rights of access, rights of rectification, a right of erasure and a right to restrict processing.

  • You may request a copy of your data at any time. Please make such a request in writing or by email to the Data Protection Officer, whose details are shown above. Please provide the following information: your name, address, telephone number, email address and details of the information you require.

  • If you believe any of the personal data we hold on you is inaccurate or incomplete, please contact us directly and any necessary corrections to your data will be made without undue delay.

  • If you believe we should erase your data, please contact the Data Protection Officer, whose details are shown above.

  • Where you have provided explicit consent for us to use your data you have a right to withdraw this consent at any time.

Data breaches

Should your personal data that we control be lost, stolen or otherwise breached, where there constitutes a high risk to your rights and freedoms, we will contact you without delay. We will give you the contact details of the Data Protection Officer who is dealing with the breach, explain to you the nature of the breach and the steps we are taking to deal with it.

Should you wish to complain

You can contact the ICO via their website should you wish to make a complaint about the way we are processing your personal data.

Automated decision making and profiling

We do not use any system which uses automated decision or profiling in respect of your personal data.