Privacy Policy

1. Introduction

This privacy policy explains how Dr Sunil Patel (“we”, “our”, “us”) collects, uses, stores, and protects your personal information when you use our website, book consultations, or receive medical care. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Dr Sunil Patel is the data controller responsible for your personal data. If you have any questions about this privacy policy or our data practices, please contact us through the booking form on our website.

3. Information We Collect

We may collect the following categories of personal information:

• Identity Data: Name, title, date of birth
• Contact Data: Email address, telephone number, postal address
• Health Data: Medical history, symptoms, diagnoses, treatment plans, investigation results, and other information provided during consultations (special category data under UK GDPR)
• Financial Data: Insurance details, payment information
• Technical Data: IP address, browser type, and usage data when you visit our website
• Communication Data: Records of correspondence and booking requests

4. How We Use Your Information

We process your personal data for the following purposes:

• Providing medical consultations and treatment
• Managing appointments and bookings
• Communicating with you about your care
• Corresponding with your GP or other healthcare professionals (with your consent)
• Processing payments and insurance claims
• Sending relevant health information and practice updates (with your consent)
• Complying with legal and regulatory obligations
• Improving our website and services

5. Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent: Where you have given us explicit consent, particularly for processing health data and marketing communications
• Contract: Where processing is necessary for the provision of medical services you have requested
• Legal Obligation: Where we are required to process data by law
• Vital Interests: Where processing is necessary to protect your vital interests in an emergency
• Legitimate Interests: For improving our services and website functionality

6. Data Sharing

We may share your personal data with:

• Other healthcare professionals involved in your care (with your consent)
• Hospital administration where consultations take place
• Insurance providers for billing purposes
• IT service providers who help us operate our website and systems
• Regulatory bodies as required by law

We will never sell your personal data to third parties.

7. Data Retention

Medical records are retained in accordance with NHS and professional body guidelines, typically for a minimum of 8 years after the last consultation (or longer for certain conditions). Non-medical data such as website analytics is retained for up to 2 years. You may request deletion of non-essential data at any time.

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data (subject to legal and medical record retention requirements)
• Restrict processing of your data
• Data portability
• Object to processing
• Withdraw consent at any time

9. Cookies and Website Analytics

Our website uses cookies and similar technologies to improve your browsing experience and analyse website traffic. We use Google Analytics to understand how visitors interact with our website. You can control cookie preferences through your browser settings.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption, secure hosting, access controls, and regular security reviews.

11. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

12. Contact and Complaints

If you have questions about this privacy policy or wish to exercise your data rights, please contact us through the booking form on our website. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.