Privacy Policy

This Privacy Policy sets out details of the information that Harley Street Physicians and the clinicians responsible for your diagnostics, outpatient appointments and treatment may collect from you, and how that information may be used. Please take your time to read this Privacy Policy carefully.

In this Privacy Policy we:

Provide you with a detailed overview of how we will manage your data, from the point at which it is collected and onwards.
Provide all the details on how we use your information, and how we will comply with the law in doing so.
Set out your rights in respect of your personal information, and how to exercise these rights. For example, you can seek access to your medical information, object to us using your information in particular ways and request rectification of any inaccurate information.

We are always open to improvement; if you have any feedback on this Policy please contact our Data Protection Lead (contact details shared below).

About us

In this Privacy Policy we use “we” or “us” or “our” or “Harley Street Physicians” to refer to the Maltz Medical Centre Limited company who is using your personal information, and the clinicians who provide your diagnostics, outpatient appointments and treatment.

Maltz Medical Limited, 58 Harley Street, London, W1G 9QP. Registered in England No. 02704461

How to contact us

The Data Protection Lead helps ensure that Harley Street Physicians complies with data protection law. Our Data Protection Lead has responsibility for data protection compliance in respect of Harley StreetPhysicians.

The Data Protection Lead can be contacted by:

Post: Data Protection Lead, Harley Street Physicians, 19 Harley Street, London WIG 9QJ

If you would like further information about any of the matters in this Privacy Policy or if you have any other questions about how we collect, store or use your personal information, please contact us using the details above.

1. Your personal information

As a patient of Harley Street Physicians, the personal information we hold about you may include the following:

Name
Contact details, such as postal address, email address and telephone number (including mobile number)
Financial information, such as credit card details used to pay us
Occupation
Emergency contact details, including next of kin
Background referral details

Special Categories Personal Information

As a patient of Harley Street Physicians, we will hold information relating to your medical treatment. This is known as a special category of personal data under the law, meaning that it must be handled even more sensitively. The special categories of personal information we hold about you may include the following:

Details of your current or former physical and/or mental health. This may include information about any healthcare you have received (both from Harley Street Physicians directly and other healthcare providers such as GPs, dentists or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered. Further details on the way in which we handle such information are included below.

Special Categories Personal Information (continued)

Details of services you have received from us
Details of your nationality, race and/or ethnicity
Details of your religion
Details of any genetic data or biometric data relating to you
Data concerning your sex life and/or sexual orientation

2. How we collect your information

We may collect personal information from a number of different sources including (but not limited to):

GPs
Other hospitals, both NHS and private
Clinicians (including their medical secretaries)
Dentists
Mental health providers
Commissioners of healthcare services

Directly from you:

Personal information may be collected directly from you when:

You enter into a contract with Harley Street Physicians for the provision of healthcare services
You use those services
You complete enquiry forms on the Harley Street Physicians website
You submit a query to us including through our website, by email or by social media
You correspond with us by letter, email, telephone
You sign-up to our newsletter on our website
You take part in our marketing activities

From other healthcare organisations:

Our patients usually receive healthcare from other organisations in addition to Harley Street Physicians. In order to provide you with the best service possible we may need to collect personal information about you from other organisations. This may include:

Medical records from your GP
Medical records from your clinician (including their medical secretaries)
Medical records from the NHS or any private healthcare organisation
Medical records from your dentist

From third parties:

As detailed, it is often necessary to seek information from other healthcare organisations. We may also collect information about you from third parties when:

You are referred to us for the provision of healthcare services
We liaise with your private medical insurance policy provider
We liaise with your current or former employer, health professional, embassies, solicitors, medico legal companies or other treatment or benefit provider
We deal with experts (including medical experts) and other service providers about services you have received or are receiving from us
We liaise with debt collection agencies
We liaise with Government agencies, including the Ministry of Defence, the Home Office and HMRC

3. How we communicate with you

We are likely to communicate with you by telephone, SMS, email, post and fax. If we contact you using the telephone number(s) which you have provided (landline and/or mobile), and if our call is directed to a voicemail and/or answering service, we are likely to leave a voice message on your voicemail and/or answering service as appropriate.

However, please note:

To ensure that we provide you with timely updates and reminders in relation to your healthcare (including basic administration information and appointment information), we may communicate with you by SMS and/or unencrypted email (where you have provided us with your email address) in each case using the SMS number and/or email address you have provided on your patient registration form.
To provide you with your medical information (including test results and other clinical updates) and/or invoicing information, we may communicate with you by email where you have provided us with your email address on the patient registration form.
If we have your mobile number or your email address we may in future use this method of communication to contact you regarding patient surveys which are for the purpose of improving our service or monitoring outcomes and are not a form of marketing.
We are not relying on your consent to process your personal data in order to correspond with you about your diagnostics, outpatient appointments or treatment. As set out further below, we process your personal data for these purposes on the basis that the personal data is necessary to provide you with healthcare services.

4. How we use Patient Feedback Surveys

As detailed above, we may ask you to participate in surveys regarding your appointment with Harley StreetPhysicians. The surveys may be provided post-treatment in hardcopy at our facility Reception, sent by email or SMS, or completed online via the Harley Street Physicians website.

This is not a form of marketing and the surveys do not try to sell you any further products or services; our intention is solely to gather information relating to your experience of Harley Street Physicians, for the purposes of improving the quality and safety of the services we offer to future patients. It is necessary for us to process your personal data in order to contact you with these surveys, on the basis of our appropriate business needs and to improve the quality of the healthcare services we offer.

Participation in the Patient Feedback Surveys is entirely voluntary. You may decide not to complete the surveys and, if sent by email or SMS, you will have the option to unsubscribe from receiving further survey invitations. You may also be given the opportunity to proactively opt into receiving a call back to further discuss your survey responses.

5. How your information is used

We may ‘process’ your information for a number of different purposes, which is essentially the language used by the law to mean using your data. Each time we use your data we must have a legal justification to do so. The particular justification will depend on the purpose of the proposed use of your data. When the information that we process is classed as “special category of personal information”, we must have a specific additional legal justification in order to use it as proposed.

Generally, we will rely on the following legal justifications, or ‘grounds’:

Taking steps at your request so that you can enter into a contract with Harley Street Physicians to receive healthcare services from us.
For the purposes of providing you with healthcare pursuant to a contract between you and Harley Street Physicians. We will rely on this for activities such as supporting your medical treatment or care and other benefits, supporting your doctor, nurse, carer or other healthcare professional and providing other services to you.
We have an appropriate business need to process your personal information and such business need does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and monitoring outcomes.
We have a legal or regulatory obligation to use such personal information.
We need to use such personal information to establish, exercise or defend our legal rights.
You have provided your consent to our use of your personal information.

Appropriate business needs

Where we refer to use for our appropriate business needs, we are relying on this legal ground. Special categories of personal information include information about you as a patient of Harley Street Physiciansare:

Health
Sex life
Sexual orientation
Ethnicity
Political opinions
Religious or philosophical beliefs
Genetic or biometric information

The right to object to other uses of your personal data

As a patient of Harley Street Physicians, you have a range of rights in respect of your personal data, as set out in detail in the section entitled “Your rights”. This includes the right to object to Harley StreetPhysicians using your personal information in a particular way (such as sharing that information with third parties), and we must stop using it in that way unless specific exceptions apply.

Legal grounds for our processing purposes

1. To set you up as a patient on Harley Street Physicians’ systems including carrying out fraud, credit, anti-money laundering and other regulatory checks

Legal ground:

Taking the necessary steps so that you can enter into a contract with us for the delivery of healthcare.

2. To provide you with healthcare and related services

Legal grounds:

Providing you with healthcare services
Fulfilling our contract with you for the delivery of healthcare

Additional legal grounds for special categories of personal information:

We need to use your data in order to provide healthcare services to you as appropriate
The use is necessary to protect your vital interests where you are physically or legally incapable of giving consent

3. For account settlement purposes

We will use your personal information in order to ensure that your account and billing is fully accurate and up-to-date

Legal grounds:

We are providing you healthcare and other related services
Fulfilling our contract with you for the delivery of healthcare
We have an appropriate business need to use your information which does not overly prejudice you

Additional legal grounds for special categories of personal information:

We need to use the data in order to provide healthcare services to you
The use is necessary in order for us to establish, exercise or defend our legal rights

4. Communicating with you and resolving any queries or complaints that you might have.

Patients may raise queries, or even complaints, with Harley Street Physicians. We take these communications very seriously. Our approach is to resolve such matters fully and properly, and we will need to use your personal information in order to do so.

Legal grounds:

We are providing you with healthcare and other related services
We have an appropriate business need to use your information which does not overly prejudice you

Additional legal grounds for special categories of personal information:

The use is necessary for the provision of healthcare or treatment pursuant to a contract with a health professional
The use is necessary in order for us to establish, exercise or defend our legal rights

5. Communicating with any other individual that you ask us to update about your care and updating other healthcare professionals about your care.

 

Other healthcare professionals or organisations may also need to know about your treatment in order for them to provide you with safe and effective care, and so we may need to share your personal information with them.

 

Legal grounds:

 

We are providing you with healthcare and other related services
We have a legitimate interest in ensuring that other healthcare professionals who are routinely involved in your care have a full picture of your treatment

 

Additional legal ground for special categories of personal information:

 

We need to use the data in order to provide healthcare services to you
The use is necessary for reasons of substantial public interest under UK law
The use is necessary in order for us to establish, exercise or defend our legal rights

 

6. Complying with our legal or regulatory obligations, and defending or exercising our legal rights

 

As a healthcare provider, we are subject to a wide range of legal and regulatory responsibilities which we cannot list fully here. We may be required by law or by regulators to provide personal information; in which case we will have a legal responsibility to do so. From time to time, Harley Street Physicians and its clinicians are also the subject of legal actions or complaints. In order to fully investigate and respond to those actions, it is necessary to access your personal information as relevant.

 

Legal grounds:

 

The use is necessary in order for us to comply with our legal obligations

 

Additional legal ground for special categories of personal information:

 

We need to use the data in order for others to provide informed healthcare services to you
The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems
The use is necessary for establishing, exercising or defending legal claims

6. Who we share your information with

From time to time, we may share your personal information within Harley Street Physicians or with the third parties included below for the purposes described in this Privacy Policy:

Your clinician (including their medical secretaries)
A doctor, nurse, carer or any other healthcare professional involved in your treatment
Other members of support staff involved in the delivery of your care, like receptionists and porters
Anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or carer
NHS organisations, including NHS Resolution, NHS England, Department of Health
Other private sector healthcare providers
Your GP
Your dentist
Third parties who assist in the administration of your healthcare, such as private medical insurance companies, embassies, solicitors, medico legal companies or other treatment or benefit providers
Private Healthcare Information Network
National and other professional research/audit programmes and registries, as detailed under Purpose 6 above
Government bodies, including the Ministry of Defence, the Home Office and HMRC
Our regulators, like the Care Quality Commission, Health Inspectorate Wales and Healthcare Improvement Scotland
The police and other third parties where reasonably necessary for the prevention or detection of crime
Our insurers
Debt collection agencies
Credit referencing agencies
Our third-party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers

We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax and telephone.

7. What marketing activities we carry out

We may also use your personal information to provide you with information about products or services which may be of interest to you where you have provided your consent for us to do so.

If you no longer wish to receive marketing emails sent by us, you can click on the “unsubscribe” link that appears in all of our emails, otherwise you can always contact us using the details set out at the top of the page to update your contact preferences.

If you no longer wish to receive non-website-based marketing information or for us to provide your information to market research agencies, please contact our Data Protection Lead.

8. How long we keep personal information for

The GDPR requires that personal data should not be held for longer than is necessary for the purpose for which it is being processed. We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations.

It is a fundamental requirement that all of Harley Street Physicians’ records are retained for a minimum period of time for legal, operational and / or safety reasons. The length of time for retaining records will depend on the type of record. Please find below a summary of the various types of data we may hold about you and how long each will be kept.

Medical Records

Type of record

Start of retention period

Minimum retention period

Comments

Records relating to human fertilisation where the individual has undergone fertility treatment and the Registered Manager is unable to confirm whether or not that patient has given birth to a child as a result of the treatment

Conclusion of treatment

50 years

In line with the Human Fertilisation and Embryology Act 1990 (HFEA)

All other medical records

Conclusion of treatment

30 years

Standard in healthcare and has been determined with patient safety in mind

Non-Medical Records

Type of record

Start of retention period

Minimum retention period

Comments

Act, Outlook and Midexprorecords (our patient management systems)

Date of last visit

30 years

In line with medical records detention

Credit card details where there is no outstanding debt on patient’s account

Receipt of credit card details

6 years

For instance, when credit card details are taken at registration

Credit card details where there is outstanding debt on patient’s account

Discharge of debt

6 years

Debtor records cleared

Close of financial year in which debt is cleared

6 years

Debtor records not cleared

Retain until cleared

Invoices to patients regarding their treatment

Close of financial year to which the invoice relates

6 years

Booking tool for managing patients

Creation

6 years

Patient enquiries via email

Receipt

6 years

Complaints case file

Closure of incident

30 years

In line with medical records retention

Fraud case files

Case closure

6 years

Litigation case files

Case closure

30 years

In line with medical records retention

Subject Access Requests (SAR) and disclosure correspondence

Closure of SAR

3 years

Subject Access Requests (SAR) where there has been a subsequent appeal

Closure of Appeal

6 years

Accident Forms

Creation

10 years

Serious Untoward Incidents

Creation

30 years

Outpatient clinic lists

Creation

2 years

9. How we use and protect your personal information provided when using our website

Harley Street Physicians is committed to ensuring that your privacy is protected when you provide personal information on our website www.harleystreetphysicians.co.uk

Should we ask you to provide certain information by which you can be identified when using our website, you can be assured that it will only be used in accordance with the below statements.

What we may collect on our website

We may collect the following information:

name and job title
contact information including email address
demographic information such as postcode, preferences and interests
other information relevant to customer surveys and/or offers

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

Internal record keeping
We may use the information to improve our products and services
We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by clicking on the “unsubscribe” link that appears in all of our marketing emails, or by contacting us using the details set out at the top of the page.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about our services or third parties which we think you may find interesting if you tell us that you wish this to happen.

10. Your rights

Under data protection law you have certain rights in relation to the personal information that Harley StreetPhysiciansholds. These include rights to know what information we hold about you and how it is used. You may exercise these rights at any time by contacting us using the details at the beginning of this Privacy Policy.

There will not usually be a charge for handling a request to exercise your rights.

If we cannot comply with your request to exercise your rights we will usually tell you why.

There are some special rules about how these rights apply to health information as set out in legislation including the Data Protection Act (current and future), the General Data Protection Regulation as well as any secondary legislation which regulates the use of personal information.

If you make a large number of requests or it is clear that it is not reasonable for us to comply with a request then we do not have to respond. Alternatively, we can charge for responding.

Your rights include:

The right to access your personal information

You are usually entitled to a copy of the personal information we hold about you and details about how we use it. Your information will usually be provided to you in writing, unless otherwise requested. If you have made the request electronically (e.g. by email) the information will be provided to you encrypted by electronic means where possible.

Please note that in some cases we may not be able to fully comply with your request, for example if your request involves the personal data of another person.

You are entitled to the following under data protection law.

Under Article 15(1) of the GDPR we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you the following, as outlined in this Privacy Policy:

The purposes for which we use your personal information
The types of personal information we hold about you
Who your personal information has been or will be shared with, including in particular organisations based outside the EEA.
If your personal information leaves the EU, how we make sure that it is protected
Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for.
If the personal data we hold about you was not provided by you, details of the source of the information
Your right to ask us to amend or delete your personal information
Your right to ask us to restrict how your personal information is used or to object to our use of your personal information
Your right to complain to the Information Commissioner’s Office

We also need to provide you with a copy of your personal data.

The right to rectification

We take reasonable steps to ensure that the information we hold about you is accurate and complete. If at any point you do not believe this is the case, you can ask us to update or amend your personal information.

The right to erasure (also known as the right to be forgotten)

We may update this Privacy Policy from time to time to ensure that it remains accurate and the most up-to-date version can always be found at: https://harleystreetphysicians.co.uk/privacy-policy/

In the event that there are any material changes to the manner in which your personal information is to be used then we will provide you with an updated copy of this Privacy Policy.

In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.

The right to restriction of processing

In some circumstances, we must “pause” our use of your personal data if you ask us to. We do not have to comply with all requests to restrict our use of your personal information. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.

The right to data portability

In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.

The right to object to marketing

You can ask us to stop sending you marketing messages at any time and we must comply with your request.

The right to withdraw consent

In some cases, we need your consent in order for our use of your personal information to comply with data protection legislation.

We have explained in the section entitled “What are the purposes for which your information is used?” where we rely on your consent in this way. Where we do this, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting Harley Street Physicians’ Data Protection Lead.

Email: drmaltz@harleystreetphysicians.co.uk
Post: Data Protection Lead, Harley Street Physicians, 19 Harley Street, London W1G 9QJ

The right to complain to the Information Commissioner’s Office

You can complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.

More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to ensure that it remains accurate. In the event that these changes result in any material difference to the way in which we process your personal data then we will provide you with an updated copy of the Policy.

This Privacy Policy was last updated on January 2020.

Maltz Medical Limited, 58 Harley Street, London, W1G 9QP. Registered in England No. 02704461