Privacy Policy

Privacy notice to our patients, users, suppliers, staff and any other individuals whom we have access to their personal data:

Privacy notice policy is to provide information about how the Centre will use or process personal data about individuals. Data Protection Law gives individuals rights to understand how their data is used.

Who is responsible for Data Management at the Women’s Wellness Centre?

CQC Registered manager and ultimately named individual are responsible for overall management of data

Why do we need to process personal data?

In order to carry out our duties towards our patients and individuals we need to process a wide range of personal data including medical records (past and current data) as part of our daily operation routine

What types of data processed at the Centre?

  • Personal data:
  • Names, addresses, telephone numbers, email addresses and other contact details
  • Medical records, consultation letters, pathology test results and ultrasound reports
  • Financial information recorded on our database
  • Correspondence with individuals and any relevant information
  • CCTV recordings
  • Consent forms

How we collect data?

  • New and existing patients registration forms
  • Consultations outcome
  • Ultrasound
  • Referral letters – external and internal
  • Insurance companies
  • Correspondence

Who has access to your personal data?

  • Staff employed by the Centre
  • Your doctor(s)
  • Your GP if you have provided us written consent or request to share your medical records with them
  • Healthcare regulatory body: Care Quality Commission (CQC)
  • Government authorities

Safeguarding and your personal data

We have a duty of care and have legal obligations towards all patients and visitors at the Centre. We share or refer patents personal data with Local Authority Designated Officer (LADO) or police if we believe it is necessary to report any concerns with regards to safeguarding.

Data transfer

We will not transfer your personal data with external organisations such as hospitals, GP, independent doctors without your written consent and request

Discarding, deletion or removal f personal data

We don’t discard, delete or remove your personal data without your consent

Processing your personal data by third parties

In accordance with Data Protection Law, some of the Centre’s processing activities are carried out on its behalf by third parties, such as IT systems, web developers or cloud storage providers. Wherever possible, this is subject to contractual assurances that personal data will be kept securely and only in accordance with Centre’s specific directions.

Legitimate interest

Legitimate interests are the most flexible lawful basis for processing, but we should not assume it will always be the most appropriate.

It is likely to be most appropriate where we use patients’ data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.

If we choose to rely on legitimate interests, we are taking on extra responsibility for considering and protecting people’s rights and interests.

There are three elements to the legitimate interest’s basis. It helps to think of this as a three-part test. We need to:

identify a legitimate interest;

show that the processing is necessary to achieve it; and Balance it against the individual’s interests, rights and freedoms.

The legitimate interests can be our own interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.

The processing must be necessary. If we can reasonably achieve the same result in another less intrusive way, legitimate interests will not apply.

We must balance our interests against the individual’s. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests are likely to override your legitimate interests.

We should keep a record of our legitimate interests assessment (LIA) to help us demonstrate compliance if required.

We must include details of our legitimate interests in our privacy information.

How long do we keep your personal data?

As a healthcare provider we are obliged to hold medical records for 8 years and ultrasound images and reports for 25 years

Your rights of access

Individuals have various rights under Data Protection Law to access and understand personal data about them held by the Centre and in some cases ask for it to be deleted or amended or have transferred to other or for the Centre to stop processing it, however this is subject to certain exemptions and limitations.

We are obliged to respond to your written request within 30 days if we were not able to provide the information and/or amendment should send you our written justification and notify you in writing.

Parental requests

Rules on subject access (SAR) are not the sole basis on which information requesters are handled and processed. Parents or guardians may not have statutory right to information, but they and other will often have a legitimate interest or expectation in receiving certain information about the child(ren) without their consent. The Centre may consider lawful grounds for sharing with or without reference to the child or legal guardian.


By law we are required to receive consent from individual as a mean to process personal data, any person may withdraw this consent at any time. However we keep the right to process your personal data based on lawful reason without your consent.

Data accuracy and security

The Centre will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible.

Individuals should notify the Centre of any significant changes to their personal information such as contact details

Transfer of personal data outside the EU

We will require written request from any person with regards to transferring data to another country outside the EU

Centre will not be able to take responsibility for any breach of data protection outside the EEA

This Policy

We will review and update this Privacy Policy from time to time. Any substantial changes that may affect your rights will be provided to you directly.

We used following Data Protection Laws to create this Privacy Policy:

  • The Data Protection Act 1998 and related statutory instruments (Until 25th May 2018)
  • The General Data Protection Regulation (From 25th May 2018)
  • The Data Protection Act 2018
  • The Protection of Freedomes Act 2012 (CCTV)
  • The Privacy and Electronic Communications Regulations 2011 (PECR) – to continue after 25th May 2018 until replaced by the ePrivacy Regulation –TBC

Queries and Complaints

If you believe the Centre has not complied with this privacy policy or acted otherwise than in accordance with Data Protection Laws, you should utilise the Centre’s Complaint Procedure to notify the compliance officer. You are also entitle to approach or lodge a complaint with the Information Commissioner’s Office (ICO) Helpline 03031231113

Cookies Policy  >
Request An Appointment
Same / Next day appointment available

The contents on this site is for information only, and is not meant to substitute the advice of your own physician or other medical professional.