Privacy Policy

1. Introduction

Sadiqi Medical Centre ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are registered with the Information Commissioner's Office (ICO) and comply with all applicable data protection legislation.

2. Information We Collect

We collect and process the following types of information:

Personal Information

• Full name
• Date of birth
• Contact details (address, phone number, email)
• NHS number (where applicable)
• Emergency contact information

Medical Information

• Medical history and conditions
• Current medications
• Allergies and adverse reactions
• Consultation notes and treatment records
• Test results and diagnostic information
• Procedure details and outcomes

Financial Information

• Payment details for private treatments
• Insurance information (where applicable)

3. Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: You have given explicit consent for us to process your personal data for medical treatment
• Contract: Processing is necessary for the performance of a contract with you
• Legal Obligation: We must comply with regulations governing medical record-keeping and patient care
• Vital Interests: Processing is necessary to protect your life or that of another person

4. How We Use Your Information

We use your information for the following purposes:

• Providing medical treatment, diagnosis, and care
• Managing appointments and clinic administration
• Processing payments for services
• Communicating with you about your care
• Maintaining accurate medical records
• Complying with legal and regulatory requirements
• Improving our services (using anonymised data)

5. Data Sharing

We may share your information with:

• Healthcare Professionals: Your GP or other medical professionals involved in your care (with your consent)
• Regulatory Bodies: CQC, GMC, or other regulatory authorities when required by law
• Laboratories: For processing blood tests and diagnostic samples
• Payment Processors: Secure third-party services for processing card payments

We will never sell your personal data to third parties. Any data sharing is done in accordance with UK GDPR and only when necessary for your care or required by law.

6. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encrypted storage of electronic medical records
• Secure, password-protected systems
• Restricted access to patient data (only authorised staff)
• Regular staff training on data protection
• Physical security measures at our clinic

7. Data Retention

We retain medical records in accordance with NHS guidelines and professional obligations:

• Adult patient records: Minimum 8 years from the date of last entry
• Child patient records: Until the patient's 25th birthday, or 8 years after death
• Financial records: 7 years for tax and accounting purposes

After the retention period, records are securely destroyed in accordance with data protection requirements.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate information
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time

To exercise any of these rights, please contact us using the details below. Please note that some rights may be limited due to our legal obligations to retain medical records.

9. Cookies and Website Data

Our website uses essential cookies to function properly. For detailed information about our use of cookies, please see our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on our website or contacting you directly.

11. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):