The Surrey Park Clinic is committed to protecting and respecting your privacy.
The Surrey Park Clinic understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with the data protection law in force in the UK (“Data Protection Laws”) and with all applicable clinical confidentiality guidelines including those published from time to time by the General Medical Council (GMC) and the Nursing and Midwifery Council (NMC).
For the purpose of Data Protection Laws, the data controller is The Surrey Park Clinic, with registered address at: 2 Stirling House, Stirling Rd, Guildford, Surrey, GU2 7RF.
When we refer to ‘we’, ‘us’ and ‘our’, we mean The Surrey Park Clinic.
We can assure you that every patient’s personal details are kept confidential at all times. Our information systems are fully compliant with the Data Protection Act and patients have access to any data stored relating to them, free of charge.
Letters sent to healthcare professionals which relate to you, will also be copied to you by post or email to ensure that you are fully informed at all times.
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.
Accordingly, we may hold and use personal data about you as a customer, a patient or in any other capacity, for example, when you visit one of our websites, complete a form, access our services or speak to us.
Personal data we collect from you may include the following:
Where you use any of our websites, we may automatically collect personal data about you including:
The data that we request from you may include special category data. This includes information that relates to the following:
We may collect personal data about you if you:
In the interests of training and continually improving our services, calls to The Surrey Park Clinic and its agents may be monitored or recorded.
What personal data we may receive from third parties and other sources?
We may collect personal data about you from third parties such as:
Set out below are some of the ways in which we process personal data although to do so lawfully we need to have a legal ground for doing so. We normally process personal data if it is:
Generally, we will only ask for your consent to processing if there is no other legal grounds to process. In these circumstances, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to process personal data you have the right to withdraw your consent at any time by contacting us using the details below and we will stop the processing for which consent was obtained.
To process special category data we rely on additional legal grounds and generally, they are as follows:
Processing of personal data which you have made public:
As stated above, one of the legal grounds for processing data is where it is in our legitimate interest to do so, taking into account your interest’s rights and freedoms. This allows us to manage the relationship that exists between you and us and can include the following reasons:
We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. We conduct assessments to ensure the ongoing security of our information systems.
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.
All information you provide to us is stored securely. Any payment transactions on our website will be processed securely by third party payment processors. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.
The transmission of information via the internet cannot be guaranteed as completely secure. However, we ensure that any information transferred to our websites is via an encrypted connection. Once we have received your information, we will use strict procedures and security features to minimise the risk of unauthorised access.
At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so understanding the risks associated with doing so.
Unless we explain otherwise to you, we will retain your personal data on the basis of the following guidelines:
In the usual course of our business we may disclose your personal data (which will be limited to the extent reasonably necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:
Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.
We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so.
External practitioners: If we refer you externally for treatment, we will share with the person or organisation that we refer you to, the clinical and administrative information we consider necessary for that referral. It will always be clear when we do this.
Your GP: If the practitioners treating you believe it to be clinically advisable, we may also share information about your treatment with your GP. You can ask us not to do this, in which case we will respect that request if we are legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your medical history, and we strongly advise against it.
Your insurer: We share with your medical insurer information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with us. We provide only the information to which they are entitled. If you raise a complaint or a claim we may be required to share personal data with your medical insurer for the purposes of investigating any complaint/claim.
The NHS: If you have asked us to refer you to the NHS for further treatment, we will share the details of your treatment with the part of the NHS that we will be referring you to, as necessary to perform, process and report back on that treatment.
Medical regulators: We may be requested – and in some cases can be required – to share certain information (including personal data and special category data) about you and your care with medical regulators such as the General Medical Council or the Nursing and Midwifery Council, for example if you make a complaint, or the conduct of a medical professional involved in your treatment is alleged to have fallen below the appropriate standards and the regulator wishes to investigate. We will ensure that we do so within the framework of the law and with due respect for your privacy.
From time to time we may also make information available on the basis of necessity for the provision of healthcare, but subject always to patient confidentiality.
In an emergency and if you are incapacitated, we may also process your personal data (including special category data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).
We will use your personal data in order to monitor the outcome of your treatment by us and any treatment associated with your care
We participate in national audits and initiatives to help ensure that patients are getting the best possible outcomes from their treatment and care. The highest standards of confidentiality will be applied to your personal data in accordance with Data Protection Laws and confidentiality. Any publishing of this data will be in anonymised, statistical form. Anonymous or aggregated data may be used by us, or disclosed to others, for research or statistical purposes.
In the interest in providing comparable clinical outcome and performance data to the public across independent sector providers in healthcare, we – like all independent hospital operators – are required by law to provide activity data, including some personal data, as set out in more detail below, for publication by The Private Healthcare Information Network (PHIN).
PHIN is responsible for collecting, processing and publishing information on the quality and cost of privately-funded healthcare in the UK. The publication of this information is intended to:
Providers must provide PHIN with details of each episode of care, including a summary of each record of treatment including; the dates when each patient was in hospital, what treatment was carried out and by whom.
Providers are also required to provide: patient satisfaction survey data, Patient Reported Outcome Measures (PROMS) – patient reported health improvements following treatment and details of any adverse events relating to the patients treated.
Certain personal data will be provided to PHIN, including patients post code of residence. PHIN securely submits such data and records to information authorities such as:
PHIN will only disclose records of care and personal data to the non-departmental bodies/authorities identified above, as required by law or where there is an overriding public interest, and /or to investigate or prevent fraud. Data Protection Laws give all individuals the right to make a ‘Subject Access Request’ to obtain a copy of any information that any organisation holds about them (as set out in more detail below). As PHIN cannot identify individuals from the data it holds, applicants would need to provide further proof of identity in order to access whether it is possible to access any information held. Further information about how PHIN uses information, including it’s Privacy Notice, is available at: www.phin.org.uk.
We may also use other companies to set cookies on our websites and gather cookie information for us – please refer to the information detailed below. From time to time we may also analyse Internet Protocol (IP) addresses or other anonymous data sources.
We encourage you to accept the cookies our website uses as they help us to improve the user experience for you and many others.
We use Google Analytics to monitor how our visitors use our website. For example to find out how many people are using the site and which content is the most popular. This information is then used to improve the user experience on our website.
We use a number of free third-party services to provide enhanced functionality on this site.
We use mailchimp to manage our email newsletter sign up form. Cookies are used by these services to track levels of usage.
To opt out of having cookies set by these services please see the relevant cookie and privacy policies on their respective websites.
We recommend you allow the cookies we set by this website as they help us provide a better service.
Under your browser’s settings you can also delete individual cookies or any cookies that your browser has stored.
You can find more information on how to delete and control cookies at ico.gov.uk/cookiesadvice or aboutcookies.org/?page=2
From time to time, we will send out email newsletters. If you have signed up on this website or visited the clinic, you are automatically added to our mailing list.
If you wish to opt-out of this service, you can do so by clicking the unsubscribe link at the bottom of any Surrey Park newsletter email.
The law gives you certain rights in respect of the personal data that we hold about you as well as information about what we do with it, who we share it with and how long we will hold it for. We may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs. The website of the Information Commissioner’s Office (http://www.ico.org.uk) has a wealth of useful information in respect of your rights in your personal data. In addition to your right to stop marketing, detailed above, below is a short overview of the most commonly-used rights.
If you want to exercise your rights in respect of your personal data, the best way to do so is to contact us by email on firstname.lastname@example.org or to write to us for the attention of the data protection officer at the address below. In order to protect your privacy, we may ask you to prove your identity before we take any steps in response to such a request.
Data Protection Officer, The Surrey Park Clinic, 2 Stirling House, Stirling Rd, Guildford, Surrey, GU2 7RF.
If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (http://www.ico.org.uk).
The Surrey Park Clinic
2 Stirling House