Westminster Medical Group is committed to protecting and respecting your privacy and all personal information entrusted to us. We are dedicated to safeguarding all such data and maintaining a system that meets our obligations under the new regulations and as permitted by applicable laws. To this end we fully comply with the General Data Protection Regulation (GDPR) which came into force on 25 May 2018, and any other national implementing laws, regulations and secondary legislation, as amended in the UK (‘Data Protection Laws’).
The personal information we hold about you when you enquire or become WMG patient or customer may include the following:
There is a number of different purposes for which we may store, process and use your information. We process your personal data for the execution of our medical services as well as to exercise or fulfill laws, and to perform contractual obligations arising from any contract entered into between you and WMG. We may use your personal data for example to:
We collect personal data if you:
With your prior consent, we may also collect personal information and medical records (including information about your diagnosis, hospital visits and medicines administered) from a number of different sources including hospitals, clinicians, GPs, mental health providers, dentists or directly from you in order to provide you with the best and safest treatment possible.
3.1 Methods of Processing
The data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The list of these parties is stated in Clause 5 ‘Disclosure of Data’, and its updated version may be requested from the Data Controller at any time.
3.2 Obtaining Consent
If you have given us your prior consent to the processing of personal data for specific purposes (e.g. photos, video recordings, etc.), the lawfulness of this processing is based on your consent. Processing shall only take place in accordance with the purposes set out in the consent. Consent can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent issued to us before the validity of the GDPR, respectively before May 25, 2018. The revocation of consent does not affect the legality of the data processed until the revocation.
3.3 Data Retention
In WMG we process and store your personal data as long as it is necessary for the performance of services and/or the fulfilment of our contractual and legal obligations. We have updated our retention policy to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed in accordance with our obligations. Your personal data is only kept for the time reasonably necessary to provide the service requested, or fulfil the relevant purposes outlined in this Private Policy. You can always request that the Data Controller suspend or remove the data, unless statutory retention requirements preclude this. Please see 4.4 ‘The Right to Erasure’ clause below.
The data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact our responsible Data Protection Officer.
The data protection law gives you certain rights in respect of the personal data that we hold about you. These include rights to know what information we hold about you and how it is used.
We provide easy-to-access information in the office of an individual’s right to access any personal information that Westminster Medical Group processes about them and to request information about:
4.1 The Right to Access
You are usually entitled to a copy of the personal information we hold about you and details about how we use it. Your information will usually be provided to you in writing unless otherwise requested. If you have made the request electronically, the information will be provided to you by electronic means where possible.
4.2 The Right to Withdraw Consent
In some cases, we may need your consent in order for our use of your personal information to comply with data protection legislation. See Clause 3.2 ‘Obtaining Consent’ above. Where we do this, you have the right to withdraw consent for the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4.3 The Right to Rectification
Our team take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can request WMG to update or amend it. If any of your personal data has changed, especially contact information such as email address, postal address and phone number please get in touch with us so we can ensure your personal data is kept up to date.
4.4 The Right to Erasure
Under Art. 17 GDPR the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay. In some circumstances, you have the right to request that WMG delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
You may exercise these rights at any time by contacting our assigned data protection team in writing for the attention of the Data Protection Officer at the address mentioned in Clause 9 ‘The Data Controller’. Please note that we may require you to verify your identity before allowing you to access your personal information.
Within our company, those entities gain access to your data, which need them to fulfill our contractual, statutory and regulatory obligations as well as to safeguard legitimate interests. In the usual course of our business, Westminster Medical Group may be required to disclose your personal information to a third party organisations, these may include:
When a third-party data processor is used, WMG will ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.
To ensure that WMG provide you with timely updates and reminders in relation to your treatment or appointment, we may communicate with you via SMS, social platforms and messengers and/or email, in each case where you have expressed a preference within your enquiry to be contacted by phone and/or email. We may use communication to contact you regarding patient satisfaction surveys which are for the purpose of improving our service or monitoring outcomes.
Westminster Medical Group already has a consistent level of data protection and security across our organisation, but we have introduced new measures to ensure compliancy.
We protect all personal data by ensuring that we have appropriate organisational and technical security measures in place to prevent unlawful processing of personal data and to prevent data being lost, destroyed or damaged. We conduct regular assessments to ensure the ongoing security and update of our information systems.
The transmission of information via the internet cannot be guaranteed as completely secure. However, we ensure that any information transferred to our websites is via an encrypted connection. Once we have received your information, we will use strict procedures and security features for prevention of unauthorised access.
We take security and confidentiality of your personal and medical information very seriously and take every reasonable measure to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and make every effort to prevent any unauthorised access to your sensitive information. In doing so, Westminster Medical Group complies with UK Data Protection Act 2018, and all applicable medical confidentiality guidelines issued by professional bodies including the General Medical Council.
Regarding data transmission to recipients outside of our company, it should be noted that we only transfer your personal information if it is required by law or if you have consented thereto.
Latest update: 18th January 2023.
To start an online assessment, or arrange a free consultation with our surgeons directly, simply fill out the form below.