Privacy Policy

I respect your privacy and am committed to protecting your personal data. I have a legal duty to explain how I collect and process your personal data.

Purpose of this privacy notice

This privacy notice will inform you as to how I look after your personal data, your privacy rights and how the law protects you. Please note this website is not intended for children and I do not knowingly collect data relating to children. Personal data or information means any data about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

It is important you read this privacy notice together with any other privacy notice or fair processing notice I may provide on specific occasions when I am collecting or processing personal data about you so that you are fully aware of how and why I am using your data.

Controller

I, Hasan Tahir, Medical Consultant, am the controller and am responsible for your personal data. Changes to the privacy notice and your duty to inform us of any changes

It is important that the personal data I hold about you is accurate and current. Please keep me informed if your personal data changes at any point while under my care.

What information do I collect about you?

I may collect, use, store and transfer different kinds of personal data including the following:

  • Identity Data - includes name, maiden name, last name, username, or similar identifier, title, date of birth, gender, marital status, employment status
  • Contact Data – includes billing address, delivery address, telephone numbers and email address
  • Clinical Data- related to your current and past medical problems, other individuals involved in your care, treatment and medications, test results including Scans, X Rays and Operations, hospital stays and ANY other relevant information to enable me to deliver effective medical care.
  • Details of all appointments, visits, emails, telephone calls.
  • Financial data, including medical insurance details, payment card details, bank accounts details,
  • Transaction Data- details about payments to and from you and other details of products and services you have acquired from me.
  • Instructions from lawyers or their representative’s in relation to the preparation of any medical reports/reviews for you, including but not limited to third party information that is provided in relation to you (which they should only provide with your consent) for the purposes of providing the medical report/review.
  • Profile Data- includes purchases or orders made by you, your interest, preferences, feedback and survey responses.
  • Usage Data – includes information about how you use this website, products or services
  • Marketing and Communications Data- includes your preferences in receiving marketing from us and our third parties and your communication preferences.

I may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. This can be derived from your personal data but is not considered personal data in law as this data does not reveal your identity.

How is your personal data collected?

This can be by direct communications, post, phone, email or otherwise, or with your consent, by other indirect means. I can also collect data when you give me feedback, enter a survey, subscribe to my services or publications and request marketing to be sent to you.

I may also receive personal data about you from various third-party sources, including contact, financial and transaction data from providers of technical, payment and delivery services. I may also receive Identity and Contact Data from publicly available sources such as Companies House or the Electoral register.

How is your personal information used?

  • Your data will be used as part of your medical record with me as a means of managing your medical condition, to provide on-going medical care to you, and where instructed, to assist in the preparation of medico-legal reports.
  • Where I need to perform the contract, we are about to enter into, or have entered with you.
  • Where it is necessary for my legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests).
  • Where I need to comply with a legal or regulatory obligation.
  • I may process your personal data for more than one lawful ground, depending on the specific purpose for which I am using your data. Please contact me if you need details about the specific legal ground I am relying on to process your personal data.

Change of Purpose

I will only use your personal data for the purpose it was collected, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If information is to be used for an unrelated purpose, I will notify you and I will explain the legal basis which allows us to do so. Please note, I may process your personal data without your knowledge or consent, where this is required or permitted by law.

Maintaining Confidentiality and Disclosure of your personal data

I adhere to the General Data Protection Regulations (GDPR) as well as guidance issued by the Information Commissioner’s office (ICO). I am committed to maintaining confidentiality and protecting the information I hold about you. I will require all third parties to respect the security of your personal data and to treat it in accordance with the law. WI will not allow our third-party service providers to use your date for their own purpose and only permit them to use your personal data for specified purposes and in accordance with our instructions.

International Transfers

Whenever I transfer your personal data out of the EEA, I will ensure a similar degree of protection is afforded to it.

Data security

I have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, I will limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

I have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where I am legally required to do so.

Your rights to access, correct, erasure of your personal data and to restrict the use of personal information we hold, transfer personal information to a third party, object to processing personal data and/or withdraw consent to us processing your personal information Under certain circumstances you have a right to access the information I hold about you and to advise me of any inaccurate data that is held. You can also request erasure of your personal information where there is no good reason for me to continuing to process it. In certain circumstances, you may also object to or request a restriction of processing of your personal information, request a transfer of your personal information to a third party or withdraw your consent for me to process your personal information. In all cases, please note that I may not be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of the request.

No fee to access your personal data

Generally, you will not have to pay a fee to access your personal data (or to exercise any of the other rights). Requests for personal data may take up to one month. If it is any longer, I will advise you. However, you may be charged a reasonable fee if I consider your request unreasonable, repetitive or excessive. I will need to confirm your identity as part of our security measures to ensure personal data is not disclosed to someone who has no right to receive it.

How long is the information stored for?

Your medical records and all personal information will only be retained for as long as necessary to fulfil the purpose for which it was collected and processed, including for any legal, accounting or reporting requirements. To determine the appropriate retention period for personal date, I will consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which I am to process your personal data and whether I can achieve those purposes through other means, and the applicable legal requirements.

Opt- Out

You can ask me or third parties to stop sending you marketing messages at any time.

Failure to provide personal data

Where I need to collect personal data by law, or under the terms of a contract I have with you and you fail to provide that data when requested, I may not be able to perform the contract we have or are trying to enter into with you, (for example to provide you with goods or services). In this case, I may have to cancel a product or service you have with me, but will notify you at the time if this is the case.

Third Party Links

This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not control and am not responsible for their privacy statements. Therefore, I encourage you to read the privacy notice of every website you visit.

Complaints

In the unlikely event that you are unhappy with any element of my data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’. However, I would appreciate the chance to deal with your concerns before you approach the ICO so please do contact me in the first instance.

Privacy Policy Update

This privacy policy will be regularly reviewed and any updates will be published on this website.

Controller/Contact Details

Your personal information will be held by me. If you have any questions in relation to this Privacy Notice or if you would like to contact me, please email hasan.tahir@nhs.net or telephone 0207 12345 96