Privacy Notice

Last updated: 24th October 2024

Wellspring Private GP Clinic ("Wellspring") provides general medical services, including in-person consultations only. We are dedicated to protecting your privacy and handling personal data in line with current data protection laws.

Data Controller

Wellspring serves as the Data Controller for the personal information we collect and manage in relation to the healthcare services we provide. As the Data Controller, we determine how your personal data is processed, stored, and shared.

Data Protection and Incident Reporting

Wellspring takes privacy seriously and has appointed a Data Protection Officer (DPO) responsible for overseeing data protection, privacy, and security matters.

Contact for Data Protection Officer:

Dr. Uchenna Mkpadi
Email: wellspringprivategp@outlook.com

If you have any concerns about how your data is managed or wish to report a data breach, please contact our DPO using the contact information above.

Collection and Use of Personal Data

Wellspring collects and processes personal data to:

  • Provide medical consultations, treatments, and related healthcare services.

  • Meet legal and regulatory obligations, including identity verification.

  • Handle administrative tasks related to patient care.

How we collect information:
We collect personal information directly from you when you engage with us during consultations, phone calls, emails, or when you enter into a service agreement with us. In some cases, we may also receive personal data from third parties, such as other healthcare professionals, to assist in your care.

Legal Basis for Data Processing

All personal data must be processed based on a lawful basis. Wellspring processes your data under the following legal grounds:

  • Providing healthcare services: We need your personal data, such as contact details, to deliver medical consultations and treatments as per our service agreement.

  • Legal compliance: We are legally obligated to verify your identity for regulatory purposes, such as complying with Care Quality Commission (CQC) standards.

  • Marketing (with consent): We may use your contact information for marketing purposes, but only with your explicit consent.

  • Sensitive data: This includes health records and other special category data, which will be processed only when necessary for medical care or with your consent.

Sharing of Data and Third Parties

To ensure comprehensive care, we may share your personal data with selected third-party providers, such as:

  • Pathology and imaging service partners (for diagnostic purposes)

  • Medical professionals involved in your care (for referrals or collaborative treatment)

Any third parties we share data with are required to maintain confidentiality and implement appropriate data protection measures.

Data Transfers

Wellspring primarily stores and processes data within the UK. Should there be a need to transfer your data outside the UK, we will ensure that sufficient protections are in place, such as contractual safeguards or data encryption.

Data Security

We employ strong technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. These measures are regularly reviewed and updated to meet data protection standards.

Data Retention

We will retain your personal data for as long as it is needed to fulfil the purposes for which it was collected or to comply with legal and regulatory requirements:

  • Patient records: Retained for a period of 7 to 15 years after the completion of services, in line with legal and healthcare industry guidelines.

  • Marketing data: Kept for as long as we have your consent to use it for marketing purposes.

Your Rights Regarding Personal Data

You have several rights under data protection laws regarding the personal data we hold, including:

  • Access: Request a copy of the personal data we hold about you.

  • Correction: Request corrections to any inaccurate or incomplete information.

  • Erasure: Request the deletion of your personal data if there is no longer a valid reason for us to retain it.

  • Objection: You can object to the processing of your data for legitimate interests or direct marketing purposes.

  • Restriction: Request that we limit how we process your data in certain circumstances.

  • Data transfer: Request that we transfer your data to another provider.

To exercise any of these rights, please contact our DPO at wellspringprivategp@outlook.com or by post at our registered address.

Filing a Complaint

If you are dissatisfied with how we manage your personal data, you can submit a complaint to the Information Commissioner’s Office (ICO), the UK's data protection regulator:

Phone: 0303 123 1113
Website: https://ico.org.uk

Updates to this Privacy Notice

We may update this privacy policy from time to time to reflect changes in our services or legal requirements. Any significant changes will be communicated to ensure transparency.

This privacy notice outlines how Wellspring Private GP Clinic handles, protects, and uses your personal data when delivering in-person medical consultations and services.