Privacy Policy

1. Introduction

Health Screening Clinic ("we", "our", "us") is committed to protecting your privacy and ensuring the security of your personal and medical information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our services.

We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Personal Information

When you book an appointment or use our services, we may collect:

• Full name, date of birth, and gender
• Contact details (email address, phone number, postal address)
• Emergency contact information
• Payment and billing information
• GP or healthcare provider details

3.2 Special Category Data (Medical Information)

As a healthcare provider, we collect sensitive health data including:

• Medical history and current health conditions
• Test results and diagnostic information
• Medications and allergies
• Family medical history (where relevant)
• Lifestyle factors relevant to your health screening

3.3 Technical Information

When you visit our website, we automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on our website
• Referral source and search terms

4. How We Use Your Information

We use your personal data to:

• Process your appointment bookings and provide healthcare services
• Communicate test results and medical information
• Send appointment reminders and follow-up communications
• Process payments and manage your account
• Comply with legal and regulatory obligations
• Improve our services and patient experience
• Respond to your enquiries and provide customer support

5. Legal Basis for Processing

We process your data under the following legal bases:

• Contract: To fulfil our obligations when you book services with us
• Legal obligation: To comply with healthcare regulations and legal requirements
• Vital interests: In emergencies where your health may be at risk
• Legitimate interests: To improve our services and communicate with you
• Explicit consent: For marketing communications and sharing data with third parties

6. Data Sharing

We may share your information with:

6.1 Healthcare Partners

• Accredited laboratories for test processing
• Your GP or healthcare provider (with your consent)
• Specialist consultants for result interpretation

6.2 Service Providers

• Secure IT and cloud hosting providers
• Payment processors
• Communication service providers

6.3 Legal Requirements

We may disclose information when required by law, court order, or to protect the rights, property, or safety of our patients, staff, or others.

7. Data Security

We implement robust security measures to protect your data:

• End-to-end encryption for data transmission
• Secure, encrypted storage systems
• Strict access controls and authentication
• Regular security audits and penetration testing
• Staff training on data protection and confidentiality
• Physical security measures at our premises

8. Data Retention

We retain your data in accordance with legal and regulatory requirements:

• Medical records: Retained for a minimum of 8 years from your last appointment, or longer as required by medical regulations
• Financial records: Retained for 7 years for tax and accounting purposes
• Marketing preferences: Until you withdraw consent
• Website analytics: 26 months

9. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your data (subject to legal retention requirements)
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a portable format
• Right to object: Object to certain types of processing
• Right to withdraw consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, please contact us using the details provided below.

10. Cookies

Our website uses cookies to enhance your experience. We use:

• Essential cookies: Required for the website to function properly
• Analytics cookies: Help us understand how visitors use our site
• Functional cookies: Remember your preferences

You can manage cookie preferences through your browser settings.

11. International Transfers

Your data is primarily processed within the UK and European Economic Area (EEA). If we transfer data outside these regions, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

12. Children's Privacy

Our services are intended for adults. For patients under 18, we require consent from a parent or legal guardian. We take additional care to protect the privacy of minors.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated revision date. We encourage you to review this policy regularly.

14. Complaints

If you have concerns about how we handle your data, please contact us first. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

15. Contact Us

For any questions about this Privacy Policy or to exercise your rights, please contact us: