Please see the Copyright section at the end of this document
Information about Sportdoc London Limited
Company Name: Sportdoc London Limited
Place of registration: England and Wales
Companies House Number: 7350686
Arthur G Mead Limited
4th Floor Fitzrovia House
153-157 Cleveland Street
London W1T 6QW
Principal activities: Healthcare services
About our Privacy Notice
Sportdoc London Limited is committed to protecting your privacy and legal rights when dealing with your personal information. This privacy notice intends to provide clear and understandable details about the information we collect about you (or anyone you have provided us with information about, e.g. your child), how we use and protect it. It also provides information about your rights that relate to the data we process.
If you have any queries about this privacy notice, if you are not sure what something means, or if you wish to contact us about personal information we hold, please email us at:
Sportdoc London Limited is registered with the Information Commissioners Office, registration number Z3200823
The right to object
Please contact us in the first instance if you wish to object.
Definitions of terms within this Privacy Notice
Data Controller, Data Processor, Data Subject and Personal Data all have the meaning given
to them in the Act and GDPR.
Website or site means the Company’s website at http://sportdoclondon.co.uk
‘patient’ or ‘patients’ means people who attend or intend to use our services
‘patient or patient’s data’ means either Personal Data or Special Category data, as defined by the GDPR.
‘personal information’ means either Personal Data or Special Category data, as defined by the GDPR.
This Privacy Notice will apply to any person (also known as a ‘data subject’) who enquires about, uses or purchases our services. Please see the section ‘Scope of Healthcare Services’ for more information.
It also applies if you communicate with us in any manner, for the purpose of discussing current or past use of our services.
You may be reading a printed version of our privacy notice, which may not be the latest version. Please view the current privacy notice on our website or contact us using the contact details at the beginning of this Privacy Notice to request a copy of the Privacy Notice via email, in Adobe PDF format.
Scope of Health Care Services
Sportdoc London Limited provides the following health care services:
Musculoskeletal and Sports Medicine
Securing your personal information
Data protection laws require us to take appropriate technical and organisational measures to prevent unlawful access or processing of personal information, that the Data Controller for Sportdoc London Limited is responsible for implementing.
The level of technical safeguarding of data should be appropriate to the nature of information in question, and the harm that might result from its improper use, or from its accidental deletion or destruction.
The following list shows some of the technical and organisational measures we put in place to ensure the safety and integrity of your data.
• Our clinicians and administrative staff are trained in the appropriate handing of personal information and how to respond to a data breach
• We practice common sense cyber security requirements, such as locking screens when away, ensuring Windows / Mac OS updates are installed on release
• Where possible, we use two factor authentication for key systems
• We ensure passwords are changed regularly on our systems
• We don’t use systems aimed purely at consumers, such as Gmail personal, Dropbox personal and Hotmail
• We ensure we encrypt all our hardware that will store personal information, using industry standard encryption methods
• We use Egress Switch, which is an industry leading encryption technology, to communicate with you and other clinicians directly involved in your health care
• This technology enables us to manage any potential data breaches in a fast and efficient manner
• Our third-party providers of systems used to process your personal data are compliant with data protection laws and requirements, and also have effective data restore capabilities to ensure your data can be recovered
How we collect personal information from you
We collect personal information from you or any third parties that are acting on your behalf.
• We will collect personal and special category information from you, or other third parties. We will collect the information from the following sources:
o Your parent or guardian, if you are under 18 years of age
o A family member, or someone else acting on your behalf
o Your interpreter, acting on your behalf
o From yourself, either in face to face consultations, or via electronic communications such as email, via the telephone, or via postal communications
o When you have given explicit consent to subscribe to educational or marketing email correspondence
o Manually, when you fill in referral, assessment and other forms
o Via postal communications, via electronic or postal communications, or records completed by clinicians involved in your care, and their administrators
o When given directly by social services, carers, relatives and friends – over the phone or in person
o From providers of medical imaging and diagnostic testing involved in your care
o From your private medical insurance provider or referring Embassy
o In emergency situations by the social services, police or ambulance service staff
Categories of personal information that we process
Standard Personal information
which can include (but is not limited to) :
date of birth
next of kin or similar contact details
details of any complaints or grievances raised that relate to the provision of our services
financial details that relate to payments for our services
account details relating to your private medical insurance provider
Special Category information
The data we process includes personal information specifically relating to your:
• ethnic origin
• health, both physical and mental
• sex life
• sexual orientation
Special Category information relating to health can include (but is not limited to) clinical notes, examination findings, medical imaging data related to your care, diagnostic test results, correspondence and communications from other clinical professionals which relates to your current or past clinical care.
What we use your personal information for
We will process your personal information for reasons set out in this privacy notice. By law, we need to have a lawful basis or bases for processing your Standard personal information and a lawful basis or bases for processing your Special Category personal information. Additionally, for ‘Special Category’ personal information, we are required to identify a condition for processing this data (as well as a lawful basis).
These two types of information are discussed above in the section “Categories of personal information that we process”
For ‘Special Category’ information:
As we are a provider of health care services to you, and we have several reasons for processing your Special Category personal information. We would not be able to provide health care services to you unless we can process this information.
We undertake to process this information in line with Data Protection Laws as defined in the section “Definitions of terms within this privacy notice” within this document.
We process Standard Personal information about you if it is determined:
• It is in our Legitimate Interests. Details of what constitutes legitimate interests are detailed below.
• It is a Legal Obligation – this means we are required to process your standard personal information in order for us to comply with the law. Details of the Legal Obligation are detailed below.
• We have your Explicit Consent – this only applies when you’ve subscribed and opted in to receive our email newsletters, blogs and marketing offers, or you’ve provided consent to receive email newsletters, blog and marketing offers via our marketing consent form via an opt in checkbox.
We process Special Category information about you if it is determined:
• It is a Legal Obligation – this means we are required to process your standard personal information in order for us to comply with the law. Details of the Legal Obligation are detailed below. We also are required to define an additional condition or conditions to process your Special Category personal information.
The conditions under which we need to process your Special Category personal information are:
• Processing is necessary for the purposes of preventive or occupational medicine, for medical diagnosis or the provision of health care or treatment, including for the purposes of preventive or occupational medicine, on the basis of Union or Member State law or pursuant to contract with a health professional
• Processing is necessary for the establishment, exercise or defence of legal claims (for example, to process a legal claim against us, including your personal information provided to our regulatory body if lawfully requested)
Standard personal information – Legitimate Interests
The law requires us to our balance the processing of your Standard personal data against your interests, rights and freedoms. We conduct a legitimate interests assessment to ensure we ensure the Standard personal data we process does not override your interests, rights or freedom.
The legitimate interests we have identified that allow us to process your standard personal data are:
• To enable us to take sufficient information in order to record who you are when booking appointments
• To ensure we can email you with basic information about your appointments
• To manage our personal relationship with you, with respect to discussing invoices, requesting insurer authorisation codes
• To communicate with you if we need to cancel or rearrange appointments
If you book into our clinic as a potential patient and we hold no previous clinical records that relate to your direct care, and then you cancel the booking, we will no longer have a legitimate interest in processing your data. In most instances, we would delete any personal information that was used to make the booking.
Standard personal information – Legal Obligation
We process standard personal information to fulfil our legal obligation, which requires us to maintain complete records relating to the health care services we supply to you. These records maintain will require that we process a subset of your standard personal information, with the lawful basis being a Legal Obligation, as follows:
date of birth;
contact details (such as an email address or telephone number)
Please note, that whilst we initially use Legitimate Interests as a lawful basis for processing your data, once you attend clinic and we take any notes relating to your clinical care, we will then process your Standard personal information on the lawful basis of our Legal Obligation.
Special Category information – provision of health care or treatment on the basis of UK law
People directly involved in your healthcare that are designated by the Health Act 1999 or the Health Professionals Order 2001 are legally required by our regulatory body to record information about you, that relate to preventive or occupational medicine, for medical diagnosis or the provision of health care or treatment.
We are required to demonstrate we follow the legal requirements as listed in:
The Health and Social Care Act 2008 (Regulated Activities) Regulations 2014
PART 3, Section 2, Regulation 17 (c);
(c) maintain securely an accurate, complete and contemporaneous record in respect of each service user, including a record of the care and treatment provided to the service user and of decisions taken in relation to the care and treatment provided;
You as the patient are the “service user”.
Sharing your personal information
We sometimes need to share your information with other people or organisations for the purposes set out in this privacy notice. We will, where required, share the minimal amount of your personal data as appropriate the other people or organisations we are communicating with.
• Doctors, surgeons, clinicians and other health-care professionals, hospitals, clinics and other health-care providers
• People or organisations that we are required by law or our regulatory body to share your personal information with
• The police or other law enforcement agencies, where we are either required by law or a court order
• A parent or legal guardian if you are a minor
• Any person that you have authorised us to share information with.
Transferring information outside the boundaries of the EEA (European Economic Area)
Generally, we store your personal information on secure systems that reside within the EEA. Where we store systems that are outside of the EEA, we will ensure that there are suitable contractual or other safeguards in place to protect your data.
These measures may include data controller (us) to data processor contracts who we have checked have the required data protection law compliance, or ensuring your data is transmitted from the EEA to other global areas in a highly encrypted format, that is then stored on secure systems using “zero knowledge’ encryption. This means your data cannot be decrypted by a data processor.
How long we keep your personal information for
As we are mainly processing your personal information for provision of health care services, we have a legal obligation to process this data.
There are also industry standard guidelines (the UK NHS) that we follow, in accordance with our regulatory body guidelines; see link HERE.
Normally we will process or store your personal information for eight (8) years if you are an adult, but this can increase if there are specific circumstances. If you have any queries about how long we are processing your data for, please contact us.
We will also store information to ensure we can deal with any legal claims that arise from you using our services, and the data will be stored for as long as is required and advised by our legal counsel.
Your rights on us processing your personal information versus us storing your personal information are discussed in the section ‘Your rights’, below.
Any personal information that is used for marketing purposes, that has been provided using consent, will be erased in accordance with your rights if requested.
You have the following rights, however please note, that the rights are not absolute. The only absolute right you have is to request that we do not use your personal information for direct marketing.
Please do contact us if you are unsure about your rights as detailed below. We will always endeavour to help explain how your rights apply to the personal information we process, for our specified lawful reasons.
The right to be informed
We need to inform you the name and contact details of our organisation, which is at the top of this document.
You have the right to be informed about how we collect and use your personal data. We are obliged to provide this right to be informed in a clear and concise manner.
This privacy notice you are reading is designed to inform you how we collect and use your personal data.
The right of access
You have the right to confirmation that your information is being processed, and the right to view this information. This is known as a Subject Access Request or ‘SAR’, but you do not have to specify this term when requesting your personal information from us. You also have the right to request a copy of your personal data that we process.
We will need to identify you using reasonable means before we will start the process of collating your personal information.
Once we have identified you, we will reply to any requests for your personal information (SARs) within 30 days, unless we deem the request to be complex, or repetitive, where we will notify you that we may take an additional two months to provide your personal information.
We will not charge you to request information from us. However, we will charge a reasonable fee if the request for information is repetitive. If we’ve provided information to you and you wish to request it again, we ask that you contact us before hand to discuss what our reasonable fee is.
If the request is manifestly unfounded or excessive, in particular because they are repetitive, we might decide to:
• charge a reasonable fee taking into account the administrative costs of providing the information; or
• refuse to respond
Where we refuse to respond to a request, we will explain why to you, informing them of your right to complain to the ICO without undue delay and at the latest within one month of our refusal.
The right to rectification
You have the right to request rectification of your personal information. However, we only consider requests to correct factual information. Any clinical opinions will remain valid as they were the opinion at the time of being recorded. If it is later determined that a clinical opinion or diagnosis was then found to have changed, we will update your personal information to reflect this, but we will not change or remove the original clinical opinion.
The right to erasure
You have the right to request erasure of personal information.
If you have subscribed to any of our email educational or marketing correspondence, you have the right to request erasure from our email list, or you can click on the ‘unsubscribe’ link that appears in all emails we send. We will only use your personal information to send you marketing or educational material if you have given us your explicit permission.
We will consider all requests in conjunction with our legal obligation to retain information relating to your health care provided by us, as well as data protection law which clearly states when the right to erasure does not apply. Normally, this means we will not erase any information, unless it was not required for legal reasons. If we determine we cannot delete data, you still have the right to ask us to restrict processing of your personal data.
The right to restrict processing
You can request that we restrict processing of personal information. This means that we will stop actively processing it, and it will just be stored. Stopping processing will mean that we will not add any additional information to your existing information.
The right to data portability
You have the right to data portability for personal information that is processed using a lawful basis of consent.
Where we process data using the lawful basis of ‘legitimate interests’, or ‘legal obligation’, the right to data portability is not applicable. You still have to right to request this, however.
The right to object
You have the right to object if processing is based on legitimate interests, or if processing is being used for direct marketing.
Rights in relation to automated decision making and profiling
We do not make any kinds of automated decisions or perform any profiling with your personal information.
The right to lodge a complaint with a supervisory authority
We ask that you first contact us if you feel you wish to make a complaint. Please see the template letter and guidelines listed on the ICO website.
You can also contact the ICO directly:
This Privacy Notice has been created for Sportdoc London Limited by Private Practice Ninja Ltd.
Any redistribution or reproduction of part, or all of the contents, in any form, is prohibited, including by Sportdoc London Limited, who the limited use of this Privacy Notice is licenced to.
You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.