Privacy policy

Introduction

This privacy notice is prepared by Dr.Dropin UK Limited ("Dr.Dropin" or "we", or "us") and describes how we process personal data about you, the purpose of our processing activities, and the legal basis for our processing activities. Furthermore, this privacy notice provides you with information about your rights under applicable data protection legislation and other relevant information relating to our processing of your personal data.

Contact information

If you have any questions about this privacy notice, including how we process your personal data or would like to submit a request to exercise your rights, please contact us at:

Dr.Dropin UK Limited

By e-mail: hello@drdropin.uk

By post: 498-504 Fulham Road, London, SW6 5NH

How we collect and use your information

This privacy notice explains why we as a private medical practice collect information about our patients and how we use that information.

Dr.Dropin manages patient information in accordance with existing laws and with guidance from private medical practices that govern the provision of healthcare in England such as the Department of Health and the General Medical Council.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • GDPR
  • Data Protection Act 2018
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Health and Social Care Act 2012

As data controllers, clinicians have fair processing responsibilities under the GDPR & Data Protection Act 2018. In private practice, this means ensuring that your personal confidential data (PCD) is handled clearly and transparently, and in a reasonably expected way.

The Health and Social Care Act 2012 changed the way that personal confidential data is processed, therefore it is important that our patients are aware of and understand these changes, and that you have an opportunity to object and know how to do so.

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received. These records help to provide you with the best possible healthcare.

Health records may be processed electronically, on paper or a mixture of both; a combination of working private practices and technology are used to ensure that your information is kept confidential and secure. Records held by this private practice may include the following information:

  • Details about you, such as address and next of kin
  • Any contact the private practice has had with you
  • Notes and reports about your health
  • Details about treatment and care received
  • Results of investigations, such as laboratory tests, x-rays, etc.
  • Relevant information from other health professionals, relatives or those who care for you

The private practice collects and holds data for the sole purpose of providing healthcare services to our patients and we will ensure that the information is kept confidential. However, we can disclose personal information if:

  • It is required by law
  • You provide consent – either implicitly or for the sake of your own care, or explicitly for other purposes
  • It is justified to be in the public interest

Some of this information will be held centrally and used for statistical purposes. Where we hold data centrally, we take strict and secure measures to ensure that individual patients cannot be identified.

Information may be used for clinical audit purposes to monitor the quality of service provided, and may be held centrally and used for statistical purposes. Where we do this we ensure that patient records cannot be identified.

Improvements in information technology are also making it possible for us to share data with other healthcare providers with the objective of providing you with better care, these will require your consent.

When the private practice is about to participate in any new data-sharing scheme we will make patients aware by displaying prominent notices in the private practice and on our website at least four weeks before the scheme is due to start. We will also explain clearly what you have to do to ‘opt-out’ of each new scheme.

A patient can object to their personal information being shared with other health care providers but if this limits the treatment that you can receive then the doctor will explain this to you at the time.

Data retention

In principle, we do not store personal data longer than necessary to fulfil the purposes for which it was collected or otherwise processed. Information registered in electronic health records will generally be retained until it is no longer assumed that the information is necessary for the provisioning of healthcare services.

Website

Dr.Dropin uses cookies to be able to analyse the behaviour of the visitors of our website. The purpose of the analysis is the development and improvement of our website and our products, to ensure good functionality and optimization of the website, as well as to measure the effect of our online marketing or to target our advertising. Further information about which cookies we use, which data is processed, who processes the data and the purpose of processing, is available in our cookie notice.

Using this feature means that you agree to the use of cookies as required by the EU Data Protection Directive 95/46/EC. You have the option to decline the use of cookies on your first visit to the website.

Marketing

We may send you service updates, newsletters, or marketing materials based on your preferences or as required to provide information crucial to our service provision. You have the right to opt-out of these communications at any time.

We wish to be available for our customers and potential customers via social media platforms. We have therefore created profiles/pages at platforms such as Facebook and Instagram. The purpose of these pages is to make our services, contact information and opening hours easily available to our customers and potential customers. We process your personal data if you add a comment on our pages, like our pages or if you write a message to us. If you have a question that involves sharing sensitive personal data (such as data concerning health), please contact us directly so that we are able to assist you.

How we maintain the confidentiality of your records

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the GDPR & Data Protection Act 2018 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality.

All of our staff, contractors and committee members receive appropriate and regular training to ensure they are aware of their personal responsibilities and have legal and contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff have access to personal information where it is appropriate to their role and is strictly on a need-to-know basis.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.

We implement robust security measures to ensure the confidentiality, integrity, and availability of your data. We employ encryption, access controls, and regular security assessments to safeguard personal information from unauthorised access, alteration, or disclosure.

Sharing your information with third parties

At Dr.Dropin, we only share your information with third-party service providers necessary to deliver our services, such as healthcare professionals, IT support, or billing systems. We do not sell or share your data for marketing purposes. However, we may disclose information as required by law or to comply with legal processes, safeguarding our rights, property, or safety.

The following are examples of third parties that we may have to share your information with, subject to strict agreements on how it will be used:

  • NHS Trusts
  • Specialist Trusts
  • Independent Contractors such as dentists, opticians, pharmacists
  • Private Sector Providers
  • Voluntary Sector Providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Social Care Services
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police
  • Other ‘data processors’

Your rights

As a user, you hold the right to access, correct, or delete your personal data. If you wish to exercise these rights or inquire about the data we have, please contact us on hello@drdropin.uk. Please note that certain legal obligations may prevent immediate deletion or modification of specific data.

Should you have any concerns about how your information is managed, or wish to opt out of any data collection at the private practice, please contact Dr.Dropin at hello@drdropin.uk.

Patients have the right to change their minds and reverse a previous decision. Please contact us on hello@drdropin.uk if you change your mind regarding any previous choice.

Access to personal information

You have a right under the GDPR & Data Protection Act 2018 to access / view information the we hold about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:

  • give you a description of it
  • tell you why we are holding it
  • tell you who it could be disclosed to
  • let you have a copy of the information in an intelligible form

If you would like to make a ‘subject access request’, please contact the Registered Manager in writing. There may be a charge for this service. Any changes to this notice will be published on our website and on the private practice notice board.

The private practice is registered as a data controller under the GDPR & Data Protection Act 2018.

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

Notification

The GDPR & Data Protection Act 2018 requires private practices to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office website www.ico.org.uk. The private practice is registered with the Information Commissioners Office (ICO).

Data Controller

The Data Controller, responsible for keeping your information secure and confidential is Dr.Dropin’s Medical Director Dr. Hemal Shah. Any changes to this notice will be published on our website and displayed in prominent notices in the private practice.

The Private practice is registered as a data controller under the GDPR & Data Protection Act 2018.

Data processors

A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. For instance, the suppliers of our booking system or our patient record system are our data processors.

Dr.Dropin ensures that all of our data processors are subject to the same confidentiality obligations as the personnel employed by Dr.Dropin, and that our data processing agreements comply with the requirements set forth in the applicable data protection legislation.

Dr.Dropin primarily uses data processors that process personal data within the EU/EEA (i.e. the data processors are subject to equivalent data protection regulations as Dr. Dropin). Exceptionally, we may use data processors located outside of the EU/EEA.

In situations where we need to transfer your data outside the United Kingdom, we will ensure that the appropriate safeguards and security measures are in place, in accordance with the GDPR and other applicable regulations.

Privacy Review and Dissemination:

We may, from time to time, update this privacy notice, for example, due to changes in our processing activities, applicable data protection legislation or other legislation which may affect our processing of personal data. An updated version of this privacy notice will be published on our website if any revisions to the privacy notice are made.

This privacy notice is effective from the date stated initially.