Privacy Policy

Privacy Notice

Our Privacy Notice

Last Updated: July 23

The Doctors Clinic Group Limited, part of the Spire Healthcare Group plc, t/a London Doctors Clinic respects your privacy and is committed to protecting your personal data. This privacy notice sets out important details about information (“personal data”) that The Doctors Clinic Group and the healthcare professionals responsible for your care will collect and hold about you, how we use your personal data and how we protect it.


It also provides information on your rights in relation to your personal data.
This Privacy Notice also outlines how personal data relating to patients referred to healthcare professionals for an assessment in connection with medico-legal proceedings will be collected and used.


This Privacy Notice applies to anyone who receives healthcare services at Spire (“care”) and describes how we handle your personal data regardless of the way you interact with us (for example, in person, by email, through our website, by phone and so on). Please take your time to read this Privacy Notice carefully.
Please take your time to read this Privacy Notice carefully.

 

About Us

We are The Doctors Clinic Group Limited and are a “data controller” for the information we hold about you. This means that we are responsible for deciding how we hold and use the personal information which we hold about you.

The Doctors Clinic Group Limited which is a company registered in England and Wales under the company number 08841773 and whose registered address is 3 Dorset Rise, London, EC4Y 8EN.
ICO Registration number: ZB274470

The Doctors Clinic Group limited is a subsidiary of Spire Healthcare Group PLC (“Spire”).

What personal data do we collect and use?

To provide you with treatment and services, we will collect and use personal data about you including:

  • your name, address and contact details
  • financial information, such as credit card details used to pay us
  • occupation
  • emergency contact details, including next of kin
  • background referral details
  • any images taken of you by the closed-circuit television (“CCTV”) systems we have installed at our clinics.

 

Special categories of personal data

We also collect and use more sensitive personal data (known as “special category data”) about you, such as information relating to your physical and mental health. Special category data must be handled even more sensitively than “standard” personal data. For example, if you are a patient we will need to use personal data about your health in order to provide your care. Your special category personal data will be managed in accordance with the law and this Privacy Notice and also all applicable professional standards including guidance from the General Medical Council and British Medical Association.


The special category personal data we hold about you includes the following:

  • details of your current or former physical or mental health. This may include personal data about any healthcare services you have received (both from us directly and other healthcare providers such as GPs, dentists or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered. This may also include details of previous healthcare services you have received from other healthcare providers in circumstances where medical negligence is alleged, or being investigated, against that third party provider. We provide further details below on the manner in which we handle such personal data.
  • details of care you have received from us including any images taken in relation to your care.
  • details of your nationality, race and/or ethnicity.
  • details of your religion.
  • details of any genetic data or biometric data relating to you.
  • data concerning your sex life and/or sexual orientation.

The confidentiality of your medical information is important to us. We make every effort to prevent unauthorised access to and use of information relating to your current or former physical and mental health. In doing so, Doctors Clinic Group complies with UK data protection law, including the Data Protection Act 2018, and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council and the Nursing and Midwifery Council.

 

Other people’s personal data

If you provide us with personal data about another person, you must inform that person about the contents of this Privacy Notice.

 

Changes to your personal data

In addition, if you change personal data which we already hold about you (for instance by changing a pre-populated form) then we will update our systems to reflect the changes, but our systems will also continue to hold the originally recorded personal data.

 

How do we collect your personal data?

Directly from you

We may collect your personal data directly from you when you:

  • enter into a contract with us for the provision of your care
  • use that care
  • have remote consultations with a healthcare professional including virtual or by telephone
  • complete enquiry forms on our website
  • send us a question including through our website, by email or by social media
  • correspond with us by letter, email, telephone (all incoming and outgoing calls from/to patients are recorded) or social media, including where you reference Spire in a public social media post
  • attend our clinics and are recorded on the CCTV systems we have installed.
  • take part in our marketing activities.

 

From other healthcare providers

Our patients will usually receive healthcare services from other organisations in addition to Spire, and so in order to provide you with the best care possible we may have to collect personal data about you from other healthcare organisations.

Medical records include personal data about your tests and diagnosis, clinic and hospital visits and medicines administered.

 

From other third parties

We may also collect your personal data from other sources, for example:

  • your employer (if they have been involved in directing you to us).
  • from other healthcare professionals and officers in the local authority/ social services department.
  • solicitors or other third parties acting on your behalf in connection with medico-legal proceedings.
  • your insurance policy provider.
  • credit reference agencies
  • debt collection agencies
  • government agencies

 

How will we communicate with you?

We are likely to communicate with you by telephone, SMS, email, and/or post. If we call the telephone number(s) which you have provided, and the call directs to a voicemail and/or answering service, we may leave a voice message on your voicemail and/or answering service.

In particular:

  • to provide you with timely updates and reminders about your care, we may send you SMS messages and/or email.
  • to provide you with your medical information (including test results and other clinical updates) and/or invoicing information, we may communicate with you by encrypted email.
  • the first time we send you any important encrypted email e.g. one that we are not also sending by post, or which requires you to take an action, we will try to contact you separately to ensure that you are able to access that encrypted email.
  • if we have your mobile number or your email address, we may use them to ask you to complete patient surveys which are for the purpose of improving our service or monitoring outcomes and are not a form of marketing.

We will provide you access to our online portal. This enables patients to view their appointments and access resources in relation to their treatment. Additional features will be developed over time.

 

Patient Surveys, Audits and Initiatives

We may contact you to ask you to participate in patient surveys regarding your care. We will usually send these surveys to you by email or SMS message. These surveys are not a form of marketing and they do not try to sell you any further products or services. They are solely to get your feedback on your experience, to improve the quality and safety of the healthcare services we offer to future patients. It is entirely up to you whether you participate in the surveys, and you can unsubscribe from receiving further survey requests. We use the responses you provide to make improvements to our services. You may also opt in to receiving a call back to discuss your responses.

 

How do we use your personal data?

We use (or “process”) your personal data for a number of different purposes but in all cases, we must have a legal basis for doing so. When we use “special category of personal data” such health data we must have a specific additional legal basis to do so.

We have set out below the different purposes for which we collect and use your personal data, along with the lawful bases on which we will rely.

Generally, we will rely on the following legal bases;

Contract:

  • We need to use your personal data to take steps so that you can enter into a contract with us and/or a healthcare professional to provide your care.
  • We need to use your personal data to provide your care in accordance with a contract between you and Spire and/or healthcare professional. We will rely on this for activities such as supporting your care and other benefits, supporting your doctor, nurse, carer or other healthcare professional and providing other services to you; and/or
  • We need to use your personal data to assist your investigation of potential medical negligence against another healthcare provider by registering you on Spire systems. The medico-legal assessment may be performed by one of our healthcare professionals, or it may simply be a diagnostic test performed by us.

 

Legitimate interests

  • We need to use your personal data for our legitimate business interest to process your personal data and such interest does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and helping with medical research.

 

Legal obligation

  • We need to use your personal data to comply with our legal or regulatory obligations.

 

Legal claims

  • We need to use your special category personal data to establish, exercise or defend our legal claims.

 

Consent

  • You have given us your consent to use your personal data for this purpose.
  • Generally, we will only ask for your consent to use your personal data if there is no other legal basis to use it. If we ask for your consent, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to use your personal data you have the right to withdraw your consent at any time by contacting our DPO (contact details can be found at the bottom of this document) and we will stop using your personal data for that purpose.

 

You will find details of the legal bases for each of our purposes below.

Purpose 1: To set you up as a patient on our systems
We have to carry out checks including carrying out fraud, credit, anti-money laundering and other regulatory checks for you to become a patient (which includes when you have a medico-legal assessment, or a diagnostic test). We cannot perform these checks without using your personal data.

Legal bases for using your personal data
Contract
: to take steps so that you can enter into a contract with us for the delivery of your care, and/or in connection with a contract for a healthcare professional to carry out a medico-legal assessment, or a contract for DCG to perform a diagnostic test.

Additional legal bases for using your special category personal data
Substantial public interest
: for reasons of substantial public interest; and
Legal claims: to establish, exercise or defend our legal claims.

 

Purpose 2: To provide your care and related services
Clearly, the reason you come to us is to receive care, and so we have to use your personal data for that.

Legal bases for using your personal data
Contract
:

  • to provide your care and related services; and
  • to fulfil our contract with you for the delivery of your care.

Additional legal bases for using your special category personal data
Health or social care
: to provide your care; and
Vital interests: to protect your vital interests where you are physically or legally incapable of giving consent, for example in an emergency if you are incapacitated.

 

Purpose 3: To settle your account
We will use your personal data to ensure that your account and billing is fully accurate and up-to-date

Legal bases for using your personal data
Contract
:

  • to provide your care and other related services; and
  • to fulfil our contract with you for the delivery of your care; and

Legitimate interests: for our legitimate business interest to ensure that we are paid for providing your care which does not overly prejudice you.

Additional legal bases for using your special category personal data
Health or social care
: to provide your care; and
Legal claims: establish, exercise or defend our legal claims.

 

Purpose 4: For internal clinical audit, National Clinical Audit, and product testing and improvement

Internal clinical audit
There may be a clinical audit of health records, including medical information, carried out by Spire to assess care standards and identify any improvements we could make, or as required by law.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations;

OR

Legitimate interests: for our legitimate business interest in making improvements and we have put appropriate safeguards in place to protect your privacy so that this use does not overly prejudice you.

Additional legal bases for using your special category personal data
Substantial public interest
: for reasons of substantial public interest; and
Health or social care: for the management of health or social care systems and services.

National Clinical Audits
We may share your personal data with National Clinical Audits, Clinical Outcome Review Programmes and other national quality improvement projects. We may also share your personal data with other audit programmes set up by professional associations that we think we should participate in.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations;

OR

Legitimate interest: for our legitimate business interest in:

  • helping with medical research; and
  • making improvements,

and we have put appropriate safeguards in place to protect your privacy so that this use does not overly prejudice you.

OR

Consent: You have given us or the organisation collecting your personal data your consent to use your personal data for this purpose.

Additional legal bases for using your special category personal data
Substantial public interest
: for reasons of public interest for statistical and scientific research purposes.

 

Product Testing and Improvement

We may need to use your medical records to test the quality and effectiveness of new systems that we implement to improve the care and treatment we provide or assist in the management of our clinical services.

 

Legal bases for using your personal data

Legitimate interests: for our legitimate business interest in making improvements in our systems and services which have been appropriately assessed and where we have put safeguards in place to protect your privacy so that this use does prejudice your privacy rights.

Purpose 5: Liaising with other healthcare professionals about your care and updating others (such as your emergency contact)
We may need to share your personal data with the individuals that you ask us to update about your care.

Also, other healthcare professionals or organisations may need to know about your care for them to provide you with safe and effective healthcare services, and so we may need to share your personal data with them.

Details on these professionals or organisations are set out in the Third parties section below.

Legal bases for using your personal data
Contract
: to provide your care and other related services; and

Legitimate interests: for our legitimate business interest in ensuring that other healthcare professionals who are routinely involved in your healthcare services have a full picture of these services.

Additional legal bases for using your special category personal data
Health or social care
: to provide your care
Substantial public interest: for reasons of substantial public interest; and
Legal claims: to establish, exercise or defend our legal claims.

 

Purpose 6: Investigating and responding to concerns, complaints or claims, complying with our legal or regulatory obligations and defending or exercising our legal rights
We are subject to a wide range of legal and regulatory responsibilities which we cannot list fully here and we may be required by law or by regulators to provide personal data.

We may also have to consider and/or discuss with appropriate third parties your care in the context of concerns over a healthcare professional’s performance or clinical competence.

If we and our healthcare professionals are the subject of legal actions or complaints, then we need to access your personal data to fully investigate and respond to those actions.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations; and
Legitimate interests: for our legitimate interests in ensuring that you, and others, receive safe care and treatment.

Additional legal bases for using your special category personal data
Health or social care
: for others to provide informed healthcare services to you;
Health or social care: to provide your care or treatment or the management of health or social care systems; and

Legal claims: to establish, exercise or defend our legal claims.

 

Purpose 7: Providing improved quality, training and security (for example, recording or monitoring phone calls to our contact numbers) and conducting pre and post treatment surveys
We are a quality-conscious organisation, always looking to learn from our patients’ experiences to improve our services for the purposes of patient safety and quality. We will use your personal data to identify where we can make these improvements, such as by reviewing recorded phone calls to assess whether we can learn any lessons and contacting you to hear your valuable thoughts on the Spire experience.

Legal bases for using your personal data
Legitimate interests:
for our legitimate business interest to improve our quality, training and security which does not overly prejudice you.

Additional legal bases for using your special category personal data
Health or social care:
to manage the healthcare services we deliver, including carrying out surveys (which are not a form of marketing) in order to identify and carry out any necessary improvements.

 

Purpose 8: Managing our business: retaining patient records, reviewing CCTV images, maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (eg tax, financial, legal or public relations advice)
We do not need to use your special categories of personal data for this.

Legal bases for using your personal data
Legal obligation
: to comply with our legal or regulatory obligations; and
Legitimate interests: for our legitimate business interest in managing our business operations, which does not overly prejudice you.

Additional legal bases for using your special category personal data
Not applicable.

 

Purpose 9: Advising you of other services offered by Spire and selected third party partners (“Marketing”)
As a business, we need to carry out marketing but we will only send you information about products or services which may be of interest to you and only where you have specifically given us your consent to do so.

We may also provide your personal data to market research agencies to collect your feedback which will be used to develop better products and services for you.

We do not need to use your special categories of personal data for this.

If you no longer wish to receive marketing emails sent by us, you can click on the “unsubscribe” link that appears in all of our emails, otherwise you can always contact our DPO (contact details can be found at the bottom of this document.) to update your contact preferences.

If you no longer wish to receive non-website based marketing information or for us to provide your personal data to market research agencies, please also contact our DPO.

Legal bases for using your personal data
Legitimate interests
: We need to use your personal data for our legitimate business interest in marketing our services to our existing patients to increase sales, which does not overly prejudice you; and
Consent: You have given us your consent to use your personal data for this purpose.

Additional legal bases for using your special category personal data
Not applicable.

If we relied on legitimate interests in using your personal data, you can object to us using your personal data for this purpose, and we may have to stop doing so. If you would like to object then please contact our DPO (contact details can be found at the bottom of this

 

Aggregated Data

We also collect, use and share anonymised and aggregated data (“Aggregated Data”) such as statistical or demographic data for our own internal and marketing purposes. Aggregated Data is be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

 

Who do we share your personal data with?

We will share your personal information with third parties where we have a lawful basis for doing so. The types of organisations with whom we share your personal data are as follows:

  • healthcare providers and multi-disciplinary teams including our parent company, Spire Healthcare, for the purposes of facilitating onward clinical referrals for further care and treatment;
  • other medical service providers involved directly with your care including laboratory services, imaging centre or specialists to whom you have requested a referral;
  • delivery services we will share certain minimum information about you with collection delivery services including courier services and the Royal Mail in order to deliver/collect products or tests that you have ordered from us;
  • your employer, if your employer provides GP Services as an employee benefit for you, we may tell your employer you have attended an appointment. We will not share any personally identifiable data or medical details without your explicit consent to do so (e.g. for pre-employment medicals);
  • Regulators / Safeguarding authorities / Commissioners: We also share your personal data with these public bodies where we are required to do so by law;
  • The Police and other law enforcement agencies: In limited circumstances we may be required to share your personal data with the police for the prevention and detection of crime;
  • IT service providers: we may use external IT providers who may have access to your personal data from time to time as is necessary to perform their services;
  • Legal representatives: we may share your personal information with any individual who has authority to act on your behalf such as those granted power of attorney;
  • anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or care;
  • third parties who assist in the administration of your care, or may be responsible for paying for the cost of your care, such as insurance companies
  • Internal group employees: we may share your personal data with properly authorised employees within Spire where it is necessary to meet our legal/regulatory obligations or is otherwise necessary for our legitimate interests including our clinical governance, audit or IT security requirements.
  • If we sell part of our business, then we will need to share your data with the new owner. The transfer of data (this could include your personal data – name, address, contact details, etc along with health data ie appointment bookings, medical notes and medical imaging) will be managed in secure manner, and minimises the disruption to current or previous patients and to ensure that Doctors Clinic Group, Spire Healthcare, and the new owner, are able to fully comply with our legal obligations regarding the retention medical records and to ensure continuity of care.

 

International data transfers of your personal data

We work with international medical assistance providers and travel insurers who refer patients to us who need to see a doctor while in London. These patients sign a consent form to have data passed back to the Medical Assistance Provider/ insurer. NB These patients are usually not UK residents.

For patients who are not referred to us by a medical assistance provider, we will not transfer data outside of the EEA.

Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
  • We ensure we have specific contractual clauses in place to safeguard your data.

Please contact us at [email protected] if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.

 

For how long do we hold your personal data?

We will only retain your personal information for as long as reasonable necessary to fulfil the purposes for which we have collected it or to fulfil another lawful purpose (as described above).

When we no longer have a lawful purpose for holding your data, we will securely destroy your personal information in accordance with our data retention policy.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us at [email protected]

 

Your Rights

You have certain rights in relation to your personal data that we hold about you. These include rights to know what personal data we hold about you and how it is used. We will use and hold your personal data in accordance with our obligations and these rights.

You may ask to exercise these rights at any time by contacting our DPO (contact details can be found at the bottom of this page). You will not usually be charged for exercising your rights.

These rights do not always apply in all cases, and we will let you know how we will be able to meet your request. If we cannot meet your request, we will explain why.

If you make a large number of requests or it is not reasonable for us to meet a request then we do not have to respond. Alternatively, we can charge for responding.

 

The right to access your personal data

You have the right to request details and a copy of the personal data we hold about you and details about how we use it. We must confirm whether we have personal data about you, and we also need to provide you with a copy of your personal data.

We will usually provide you with your personal data in writing, unless you request otherwise. If you have made the request electronically (eg by email) the personal data will be provided to you electronically where possible.

In some cases we may not be able to fully comply with your request, for example if your request involves another person’s personal data and it would not be fair to that person to provide it to you.

 

The right to rectification

You have the right to have inaccurate personal data about you corrected or removed.

 

The right to erasure (“right to be forgotten”)

You have the right to request that we delete certain personal data we hold about you. However, there are exceptions to this right. For example, we can refuse to delete your personal data if we need to keep for tasks which are in the public interest, or for establishing, exercising or defending legal claims.

 

The right to restrict processing

You have the right to ask us to restrict our use your personal data. We do not have to comply with all requests to restrict our use of your personal data. For example, if we need to use it for tasks which are in the public interest or for establishing, exercising or defending legal claims.

 

The right to data portability

You have the right to ask us to transfer your personal data to you or to someone else in a format that can be read by computer.

 

The right to object to marketing

You have the right to ask us to stop sending you marketing messages at any time and we must comply with your request.

 

The right not to be subject to automatic decisions

You have the right to not be subject to automatic decisions (i.e. decisions that are made about you by computer without any human input) in relation to your care or other processes that have a legal or similarly significant effect on you.

Please see the section on Automated decision making for details about when we may make automatic decisions about you.

If you have been subject to an automated decision and do not agree with the outcome, you can challenge the decision by contacting our DPO (contact details can be found at the bottom of this page).

 

The right to withdraw consent

You have the right to withdraw any consent you have given us to use your personal data.

 

The right to object to other uses of your personal data

You have the right to object to us using your personal data in a particular way (such as sharing it with third parties), and we must stop using it in that way unless specific exceptions apply. This includes, for example, if it is necessary to defend a legal claim brought against us, or it is otherwise necessary for the purposes of your ongoing healthcare services.

 

The Information Commissioner’s Office (“ICO”)

You can complain to the ICO if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.

More information can be found on the ICO website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.

 

External Websites

We may from time to time include on our websites links to and from the websites of other organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies and notices before you submit any personal data to these websites.

 

Our Data Protection Officer and how to contact us

We have a Data Protection Officer (DPO) who is responsible for ensuring the Spire group of companies (as outlined in the ‘About Us’ section) comply with their data protection obligations.

Our DPO can be contacted by:

  • Telephone: 020 7427 9071
  • Email:[email protected]
  • Post: Data Protection Officer, Spire Healthcare, 3 Dorset Rise, London, EC4Y 8EN

If you have any questions about this Privacy Notice or would like to exercise any of your rights set out in this Privacy Notice, please contact our DPO.

Updates to this Privacy Notice

We may update this Privacy Notice from time to time to ensure that it remains accurate.

This Privacy Notice was last updated on 12 July 2023.

 

More information on how we use Cookies can be found in our cookie policy