The Wimpole Clinic – Privacy Notice
(Issued: 1st May 2018. Updated: 12th June 2020)
1. Who are we?
1.1 The Wimpole Clinic is registered with the Care Quality Commission (CQC) as an independent healthcare provider in England. We provide independent healthcare services in the form of the following regulated activities:
- Treatment of disease, disorder or injury
This includes private outpatient consultations in relation to hair restoration surgical treatments, physical examinations, prescribing of medicines and referrals to other healthcare specialists as necessary.
- Surgical procedures
This includes day case surgical treatments for hair restoration called called Follicular Unit Extraction (FUE) and Follicular Unit Transplant (FUT) using local anaesthetic.
- Diagnostic and screening procedures
These include blood and urine tests and referrals to other healthcare specialists where necessary.
1.2 The clinic staff and healthcare professionals who provide you with care and support about your health condition maintain records about your health. These records help the Wimpole Clinic to provide you with the best possible healthcare.
2. Protecting your data and GDPR
2.1 Protecting data has always been a priority for the Wimpole Clinic. However, with the General Data Protection Regulation (GDPR) coming into force on the 25 May 2018 we see this as an opportunity to reinforce our commitment to ongoing data protection management. We are improving our policies, processes and systems in line with the requirements of the GDPR as we continue to make data protection a priority.
3. GDPR: When is it coming in?
3.1 The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR will be enforced in the UK on 25 May 2018.
3.2 GDPR is only a part of the overall data protection framework. The Government has already introduced a Data Protection Bill into Parliament. Once the UK leaves the EU, the Bill will help ensure that the standards of the GDPR are enshrined in UK law, and it also extends data protection laws to areas which are not covered by the GDPR (such as law enforcement).
4. What we are doing to get ready for GDPR?
4.1 The Wimpole Clinic handles personal data and we are committed to meeting the requirements of GDPR. Steps that we have taken and are taking include: Analysing and improving our internal systems and processes.
Improving our privacy information in line with the new requirements. Training our staff on the new requirements and new internal procedures. Reviewing and updating all of our contracts where required.
5. How do we collect information from you?
5.1 We collect information when you register as a new patient at the Wimpole Clinic and we ask you complete a registration form and answer some questions about your personal health. Once you see a doctor during your appointment, the doctor will create a medical record about your personal health.
6. What type of information do we collect from you?
6.1 The personal information we collect includes your name, date of birth, home address, email address, contact telephone number, emergency contact details, and credit or debit card payment information. If you have attended the Wimpole Clinic for an appointment in the past, we will have a record of that previous contact.
6.2 The medical information our doctor collects is specifically about your personal health. This includes information about your past medical history, any current medicines you are taking, and a description of the health issue that you are experiencing. If you have any tests carried out such as blood tests or X-rays, we will keep the tests results in your healthcare record. If you have been referred to a healthcare specialist outside of the Wimpole Clinic, we will keep any correspondence from the specialist in your healthcare record.
7. How do we use your information?
7.1 The Wimpole Clinic collects and holds personal information for the sole purpose of providing a healthcare service to patients. Your personal information is used to identify you as a patient who has used the Wimpole Clinic independent healthcare service.
7.2 Your credit or debit card information is used to allow the Wimpole Clinic to receive payment for your appointment.
7.3 Your medical information is used by our doctor to recommend what is the best treatment for the health issue that you are experiencing.
7.4 We use patients’ healthcare records to audit and monitor the quality of the Wimpole Clinic service. For example, we may audit the records of patients who have had a particular treatment to see how well it has worked. When we carry out any audits, we never use any information that could identify a patient such as a name, address, or date of birth.
8. Who has access to your information?
8.1 The processing of your personal information and medical information is accessed only by the Wimpole Clinic staff. Every member of staff who works for the Wimpole Clinic has a legal obligation to keep information about you confidential. Our staff include medical practitioners, registered nurses, managers, administration and reception staff.
8.2 Your medical information may be shared with another healthcare specialist outside of the Wimpole Clinic if our doctor feels that you would benefit from seeing a health specialist. Such healthcare specialists may be based within the National Health Service (NHS) or at another independent healthcare provider. However, this will only be done after our doctor has explained this to you and only if you give your consent to do so.
8.3 We ensure that all information we hold is kept confidential. However, we are obliged to disclose personal information if it is required by law, or it is justified in the public interest.
8.4 Our external healthcare regulator, the Care Quality Commission (CQC), look at healthcare records as part of their inspection process of the Wimpole Clinic service.
8.5 We do not sell or rent your personal information to any third parties outside of the Wimpole Clinic. We do not share your information with any third parties for marketing purposes.
9. Consent and agreement
9.1 By agreeing to this privacy notice, you are giving the Wimpole Clinic permission to process your personal data specifically for the purposes identified. You are able to withdraw your consent at any time. Please contact
us if you wish to discuss this.
10. Access to your information and correction
10.1 You have the right to make a request to the Wimpole Clinic for a copy of the information that we hold about you. If you would like a copy of some or all of your personal information please ask us by writing, telephoning or emailing us
The Wimpole Clinic
22 Harley Street
London W1G 9PL
Tel: 020 7935 1861 Email: firstname.lastname@example.org
10.2 We want to make sure that your personal information is accurate and up to date and are very happy to remove or amend any information that you think is inaccurate.
10.3 If you would like a copy of the medical information we hold about you, we may need to ask you some additional questions about your reasons for requesting the information. Medical information is known as sensitive data under GDPR regulations.
11.1 When you give us your personal information, we take steps to ensure that it is treated securely. Any information we hold about you in paper format is held securely in locked filing systems. Any information we hold about you in electronic format is held securely on our computer system.
12. Use of ‘cookies’
13. Collection of Data (Advertising)
13.1 Our site uses technologies of third-party partners such as NextRoll to help us recognize your device and understand how you use our site(s) so that we can improve our services to reflect your interests and serve you advertisements about the products and/or services that are likely to be of more interest to you. Specifically, NextRoll/these partners collect information about your activity on our site(s) to enable us to:
- measure and analyze traffic and browsing activity on our site(s);
- show advertisements for our products and/or services to you on third-party sites;
- measure and analyze the performance of our advertising campaigns;
13.2 We may share data, such as hashed email derived from emails or other online identifiers collected on our site(s) with NextRoll/our advertising partners. This allows our partners to recognize and deliver your ads across devices and browsers. To read more about the technologies used by NextRoll/our partner and their cross-device capabilities please refer to NextRoll’s Privacy Notice.
13.3 Our partners such as NextRoll may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason, you can use the following third-party tools to decline the collection and use of information for the purpose of serving you interest-based advertising: