Privacy Policy
Introduction
Welcome to the Privacy Policy for the practice of Mr Ijaz Sheikh (referred to as “the Practice,” “we,” “us,” or “our”).
Your privacy is paramount. We are committed to protecting the personal data you share with us and the sensitive patient data we collect while providing your care. This policy explains how we collect, use, and process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our website, completing our forms, or booking an appointment, you acknowledge the terms of this Privacy Policy.
Who We Are
The Data Controller responsible for your personal data is Mr Ijaz Sheikh and his associated practice.
Website: www.ijazsheikh.com
Contact for Data Protection Issues: [Insert Email Address for Data Queries, e.g., DataProtection@israt.dev]
Address: [Insert Practice Address]
The Data We Collect About You
We may collect, use, store, and transfer different kinds of personal data, which we have grouped as follows:
A. Identity & Contact Data
Identity: Full name, date of birth, gender, and marital status.
Contact: Home address, email address, and telephone number(s).
B. Special Category (Health) Data
This category includes sensitive personal data that requires greater protection:
Clinical: Details concerning your medical history, diagnosis, treatment plans, procedure records, test results, and correspondence with other healthcare providers (e.g., GPs or consultants).
Lifestyle: Information about your smoking/drinking habits, occupation, and other data relevant to your health.
C. Transaction & Financial Data
Details about payments to and from you, and other details of services you have purchased from us (we do not store full payment card details).
D. Technical Data (Website Only)
Internet protocol (IP) address, browser type and version, time zone setting, operating system, and information about how you use our website.
E. Usage Data
Information about how you use our services and website.
How Your Personal Data is Collected
We use different methods to collect data from and about you, including:
Direct Interactions (Forms & Bookings): You may provide us with your Identity, Contact, and Special Category Data by filling in patient registration forms, online booking forms (if applicable), consent forms, and during consultations.
Third Parties or Publicly Available Sources: We may receive personal data about you from third parties, such as:
Your GP or referring consultant.
Hospitals or clinics where your treatment was carried out.
Medical or health insurance providers (with your explicit consent).
The Legal Basis for Processing Your Data
We only process your personal data when we have a lawful basis to do so under the UK GDPR.
| Purpose for Processing | Type of Data |
|---|---|
| To provide medical care and treatment | Identity, Contact, Special Category |
| To communicate about appointments and care | Identity, Contact |
| Financial administration (invoicing and payments) | Identity, Financial |
| Responding to legal requests (e.g., subpoenas) | All Data Categories |
Note on Explicit Consent: Where the lawful basis is "provision of health or social care," explicit consent for that data processing is often implied by you seeking our services. However, we will seek your specific and explicit consent for marketing communications (e.g., newsletters) or sharing your data for non-essential purposes.
How We Use Your Data
We use the data we collect primarily to:
Provide Treatment: To administer, manage, and deliver the healthcare services you have requested, including creating and maintaining your clinical record.
Administration: To manage appointments, send reminders, process payments, and maintain accurate practice accounts.
Communication: To correspond with you, your GP, and other necessary specialists regarding your care and referrals.
Legal & Regulatory: To comply with our legal, professional, and insurance obligations.
Sharing Your Data
We will not sell or rent your personal data to any third party. We may share your data with the following parties, under strict contractual and confidentiality terms:
Other Healthcare Professionals: Your GP, consultants, laboratories, or hospitals, only to ensure continuity and safety of care.
IT & System Providers: External companies that host our practice management software and secure electronic patient records (EPR) systems.
Professional Advisers: Accountants, auditors, and legal advisers who assist in the operation of the practice.
Regulators & Legal Authorities: Where legally required, such as the Information Commissioner's Office (ICO) or under a court order.
Data Security & Retention
A. Data Security
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. This includes:
Secure, password-protected electronic records systems.
Encryption where appropriate.
Staff training on data protection and confidentiality.
B. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or professional requirements.
For patient medical records, we adhere to professional and regulatory guidelines regarding retention periods. For example, clinical records for adults are typically retained for [Insert UK Standard Retention Period, e.g., 8 years] after the last contact or treatment, or longer for minors and certain complex cases.
Your Legal Rights (The Data Subject Rights)
Under the UK GDPR, you have the following rights regarding your personal data:
The Right to Be Informed: To be informed about how your data is used (which this policy achieves).
The Right of Access: To request a copy of the personal data we hold about you (a Subject Access Request or SAR).
The Right to Rectification: To have incomplete or inaccurate data corrected.
The Right to Erasure ('Right to be Forgotten'): To ask us to delete or remove personal data where there is no good reason for us to continue processing it. Note: We are required to retain medical records for specific legal periods.
The Right to Restrict Processing: To ask us to suspend the processing of your personal data in certain scenarios.
The Right to Data Portability: To request the transfer of your data to you or a third party in a structured, commonly used, machine-readable format.
The Right to Object: To object to processing based on legitimate interests.
Rights in Relation to Automated Decision Making and Profiling: We do not currently use automated decision-making or profiling in a way that produces legal effects concerning you.
To exercise any of these rights, please contact the Data Protection point of contact listed in Section 2.
How to Complain
If you have any concerns about our use of your personal data, please contact us in the first instance so we can try to resolve the issue for you.
You also have the right to lodge a complaint with the UK supervisory authority for data protection matters:
The Information Commissioner’s Office (ICO)
Address: Wycliffe House, Water Ln, Wilmslow SK9 5AF
Website: https://ico.org.uk/
Changes to This Privacy Policy
We keep our Privacy Policy under regular review. Any changes will be posted on this page and, where appropriate, notified to you by email.
This Privacy Policy was last updated on: [Insert Date]