Privacy Policy

Fair Processing Notice for Patients

Our Commitment to Your Privacy

At London Pain Clinic Group, we are fully committed to protecting your personal data and ensuring your privacy is respected at all times. This Fair Processing Notice explains how we collect, use, store and share your personal data when you make an enquiry or receive treatment at the clinic. All data is handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our Contact Details

London Pain Clinic Group
9 Harley Street
London
W1G 9QY

Tel: 020 7118 0250
Email: info@londonpainclinic.com

Data Protection Officer: Sapphire Consulting Group Ltd

What Personal Data Do We Collect and Why?

When You Make an Enquiry:

  • Name, email address, phone number

  • Details of your enquiry submitted through our website or by email

  • IP address or MAC address (automatically collected when you use our website)

If You Become a Patient:

  • Full name, date of birth, and contact information

  • Medical history and records, GP details, letters and clinical notes

  • Payment card details or insurance information

  • Communication records, including emails and appointment notes

We collect this information to:

  • Respond to your enquiries

  • Arrange and provide safe and effective medical care

  • Maintain accurate and legally required medical records

  • Manage payments and billing

  • Communicate with your GP or insurer (where appropriate)

Our Legal Basis for Processing Your Data

Under UK GDPR, we process your data on the following lawful grounds:

  • Consent – to respond to your enquiries

  • Contractual Obligation – to provide medical care once you become a patient

  • Legitimate Interests – to ensure the smooth, secure operation of our clinic and website

  • Provision of Health Care – for processing special category health data under Article 9(2)(h) of the UK GDPR

Use of Artificial Intelligence (AI) Tools

To improve clarity, quality and efficiency in clinical documentation, we may use secure AI tools to assist with drafting clinical letters and treatment summaries. These tools are used responsibly under strict data minimisation principles. Identifiable personal data is only shared if absolutely necessary and all outputs are reviewed by a clinician before being saved securely in our system.

How and Where We Store Your Data

We use secure platforms to protect your personal data, including:

  • Semble – our encrypted patient management system where clinical records and appointment information are stored

  • Gmail (Google Workspace) – for secure communication with patients, GPs, and insurers

  • Dropbox and Microsoft Office 365 – where appropriate, for internal document handling All systems are GDPR-compliant.

Who We Share Your Data With

We may share your data only when necessary for your care or for lawful operation of our clinic. This includes:

  • Our team of medical and administrative professionals

  • Phoenix Hospital Group (facilities provider)

  • Bushey Spire (facilities provider)

  • One Hatfield (facilities provider)

  • Circle Reading (facilities provider)

  • Your referring GP or specialist (with your knowledge)

  • Insurance companies (where applicable)

  • Semble (our secure electronic medical record system)

  • Gmail (for encrypted patient communications)

  • IT support and cloud service providers

  • Bookkeepers and accountants (financial data only)

  • Marketing professionals (only anonymised, non-clinical data, if applicable)

  • Legal authorities if required by law (e.g., court orders)

We will never sell or share your data for commercial purposes.

Do We Transfer Data Outside the UK?

Some of our cloud-based providers (e.g., Google, Microsoft, Dropbox) may store data on servers outside the UK. These transfers are protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) or UK IDTA agreements, ensuring lawful and secure processing in line with GDPR.

How Long Do We Keep Your Data?

  • Patients: Medical records are retained securely for 30 years, in line with UK medical guidelines.

  • Enquirers who do not proceed with treatment: Data is kept for 3 months.

  • Financial/insurance information: Held in line with legal and accounting obligations.

Your Rights Under UK GDPR

You have the right to:

  • Access your data and request a copy

  • Correct inaccurate or incomplete information

  • Request erasure of your data in specific circumstances

  • Object to processing or request restrictions

  • Withdraw consent (if consent is the lawful basis)

  • Request data portability (where processing is automated)

To exercise any of your rights, please contact us at info@londonpainclinic.com.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): www.ico.org.uk