Wimpole Clinic External Privacy Notice Last Updated: 21/01/2025 Privacy Policy – Wimpole Clinic Last updated: [Insert Date] 1. Introduction Wimpole Clinic (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us in compliance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. 2. Who we are Wimpole Clinic 3rd Floor, 2 Harley Street, London W1G 9PA – Head office Surgical Location 2nd Floor 18 – 22 Queen Anne Street, London W1G 8HU. – Surgical Location 214D Hagley Rd Birmingham B16 9PH. – Surgical Location 1 West Road, Ponteland, Newcastle upon Tyne, Ne20 9SU. – Surgical Location 124 Derby Rd, Long Eaton Nottingham Ng10 4LS. – Surgical Location 396 Wilmslow Road, Withington, Manchester, M20 3BN. – Surgical Location 13 Eaglesham Road, Clarkston, Glasgow, G76 7BU. – Surgical Location 17 – 19 Rutland Street, Leicester, LE1 1RB. – Consulting Location 25 Park Square Leeds, LS1 2PF. – Consulting Location 88 Rodney Street, Liverpool, L1 9AR. – Consulting Location 5 Westfields Park, Redland, Bristol, BS6 6LT. – Consulting Location 27 Middle St Brighton, BN1 1AL. – Consulting Location 13 Beaumont Street, Oxford, OX1 2LP. – Consulting Location 1 Mount Ephraim Road, Tunbridge Wells, TN1 1ET. – Consulting Location 5 & 6 City Business Centre, Hyde street, S023 7TA. – Consulting Location Certificate of Incorporation 8072544 Data Protection Officer: Operations Director Contact: derek@wimpoleclinic.com 3. What information we collect We may collect and process the following data about you: Identity Data: Name, date of birth, gender. Contact Data: Address, email, phone number. Medical Data: Relevant health information necessary for your consultation, treatment planning, or procedures. Financial Data: Payment card details or bank details for transactions. Technical Data: IP address, browser type, and browsing actions collected via cookies. Marketing and Communications Data: Your preferences in receiving marketing from us. 4. How we collect your information Directly from you (e.g. consultation forms, online forms, phone calls, emails) Through our website cookies (see our Cookie Policy) From third parties with your consent (e.g. referring GPs or specialists) 5. How we use your information We use your personal data: To provide you with consultations, treatments, and aftercare. To manage payments, fees, and charges. To communicate with you regarding appointments, follow-ups, and enquiries. To comply with legal and regulatory obligations. With your consent, to send you marketing communications. 6. Legal basis for processing We process your data under the following legal bases: Performance of a contract: To provide treatment and related services. Legal obligation: For compliance with applicable laws. Consent: For marketing communications and, where required, processing of special category data. Legitimate interests: To manage and improve our services. 7. Sharing your information We may share your personal data with: Our clinical and administrative team. Service providers acting as processors (e.g. IT systems, website hosting, payment providers). Regulatory bodies or law enforcement if required by law. Referring practitioners with your consent. We do not sell your data to third parties. 8. International data transfers If we transfer your data outside the UK, we will ensure it is protected by appropriate safeguards in compliance with UK GDPR. 9. Data security We have put in place security measures to prevent your personal data from being accidentally lost, used, or accessed unlawfully. Access is limited to authorised personnel. 10. Data retention We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including legal, accounting, and regulatory requirements. Medical records are retained in line with clinical guidelines (usually at least 8 years). 11. Your rights You have the right to: Request access to your personal data. Request correction of inaccurate data. Request erasure of your data in certain circumstances. Object to or restrict processing in certain circumstances. Request transfer of your data to another provider. Withdraw consent at any time where consent is relied upon. To exercise these rights, please contact Operations Director. 12. Complaints If you have concerns about our use of your personal data, you can lodge a complaint with the Information Commissioner’s Office (ICO) via www.ico.org.uk. 13. Changes to this policy We may update this policy from time to time. The latest version will always be available on our website. 14. Contact us If you have questions about this Privacy Policy, please contact: Data Protection Officer Wimpole Clinic 3rd Floor 2 Harley Street, London, W1G 9PA Email: derek@wimpoleclinic.com Phone: 02079351861