1. Who We Are (Data Controller)

MedPlus Clinic is a private medical and dental clinic based in London.
We are the Data Controller for all personal data processed through our clinical services, administrative systems, CCTV systems, and website.

2. What Information We Collect

We may collect and process the following categories of personal data:

• Personal identification details (name, date of birth, address, contact details)

• Medical and dental records (special category health data)

• Appointment, consultation, and treatment information

• Payment and billing information

• Correspondence (email, phone, online enquiries)

• CCTV footage (where applicable)

• Website usage data and cookies

3. How We Use Your Information

Your personal data is used to:

• Provide safe and effective medical and dental care

• Manage appointments and clinical records

• Communicate with you regarding your care or enquiries

• Meet legal, regulatory, and professional obligations

• Improve our services and website performance

We only process data that is necessary, relevant, and proportionate.

4. Lawful Basis for Processing

Under UK GDPR, we process personal data using one or more of the following lawful bases:

• Healthcare provision (Article 6(1)(e) and Article 9(2)(h))

• Legal obligations (Article 6(1)(c))

• Legitimate interests in running a healthcare service

• Consent, where required (e.g. marketing communications)

5. Sharing Your Information

We only share personal data where legally permitted and necessary, including with:

• Healthcare professionals involved in your care

• Diagnostic laboratories

• Insurers or commissioners (where applicable)

• Regulatory bodies such as the Care Quality Commission (CQC) or NHS authorities

All data sharing is conducted securely and lawfully.

Data Subject Access Request (DSAR) – Your Right to Access Your Data

Under UK GDPR, you have the right to request access to the personal data we hold about you. This is known as a Data Subject Access Request (DSAR).

You may request:

• A copy of your personal data

• Information on how your data is used

• Correction of inaccurate or incomplete data

How to submit a DSAR:
Requests must be made in writing via email or post using the contact details below.
We may ask for proof of identity before processing your request.

We aim to respond to all valid DSARs within one calendar month, in line with UK GDPR requirements.

CCTV Privacy Notice – Use of CCTV at MedPlus Clinic

CCTV systems operate at MedPlus Clinic for the purposes of:

• Patient and staff safety

• Crime prevention and detection

• Protection of clinic property

CCTV footage is:

• Accessed only by authorised personnel

• Stored securely

• Retained for a limited period unless required for investigation

CCTV data is processed under our legitimate interests and legal obligations.

Website Tracking & Cookies Privacy Notice  – Website Usage Data

When you visit our website, we may collect limited technical data such as:

• IP address

• Browser type and device information

• Pages visited and time spent on the site

This data helps us:

• Improve website performance

• Monitor security

• Understand user engagement

Cookies are used only where necessary or with your consent, in line with UK cookie regulations. You can manage or disable cookies via your browser settings.

6. Your Data Protection Rights

You have the right to:

• Access your personal data

• Request correction or deletion

• Restrict or object to processing

• Withdraw consent (where applicable)

• Lodge a complaint with the Information Commissioner’s Office (ICO)

7. Data Security

We use technical and organisational safeguards to protect personal data against:

• Unauthorised access

• Loss or misuse

• Accidental disclosure

Access is restricted to authorised staff only, and all systems are regularly reviewed.

8. Data Retention

We retain personal data only for as long as necessary to:

• Fulfil healthcare obligations

• Meet legal and regulatory requirements

• Resolve complaints or disputes

Retention periods are reviewed regularly.

9. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us:

Email: [email protected]
Telephone: 020 8292 7485
Address:
175 Fore Street
London
N18 2XB