Privacy Policy

1. Introduction

Walk in Clinic London ("we", "our", "us") is committed to protecting your privacy and ensuring the security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our clinic or use our services.

We are registered with the Care Quality Commission (CQC) and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable healthcare data protection regulations.

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when booking appointments or receiving services:

• Full name, date of birth, and gender
• Contact details (address, phone number, email)
• NHS number (if provided)
• Payment and billing information
• Emergency contact details

2.2 Medical Information

We collect medical information necessary to provide safe and effective healthcare:

• Medical history and current health conditions
• Current medications and allergies
• Test results and diagnostic reports
• Clinical notes and treatment records
• Vaccination records

2.3 Technical Information

When you visit our website, we automatically collect:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on site
• Referring website and clickstream data

3. How We Use Your Information

We use your information for the following purposes:

• Healthcare Provision: To provide, coordinate, and manage your healthcare services
• Appointment Management: To schedule, confirm, and send reminders for appointments
• Results Communication: To notify you of test results and follow-up requirements
• Billing: To process payments and maintain financial records
• Legal Compliance: To comply with legal obligations and regulatory requirements
• Quality Improvement: To monitor and improve the quality of our services
• Communication: To respond to enquiries and provide customer support

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

• Consent: You have given explicit consent for us to process your data for specific purposes
• Contractual Necessity: Processing is necessary to fulfil our contract with you (providing healthcare services)
• Legal Obligation: We must process your data to comply with legal requirements
• Vital Interests: Processing is necessary to protect your life or that of another person
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided this does not override your rights

5. Information Sharing and Disclosure

We may share your information with:

• Healthcare Professionals: Your GP or other healthcare providers (with your consent)
• Laboratory Services: Accredited laboratories for test analysis
• Specialist Services: Referral to specialists when clinically indicated
• Legal Authorities: When required by law or to protect vital interests
• Regulators: CQC and other regulatory bodies as required
• Service Providers: Trusted third parties who assist in operating our clinic (under strict confidentiality agreements)

We will never sell, rent, or trade your personal or medical information to third parties for marketing purposes.

6. Data Security

We implement robust security measures to protect your information:

• Encrypted data transmission (SSL/TLS)
• Secure electronic medical records system with access controls
• Regular staff training on data protection and confidentiality
• Physical security measures at our clinic premises
• Regular security audits and vulnerability assessments
• Incident response procedures for data breaches

7. Data Retention

We retain your medical records in accordance with NHS guidance and professional standards:

• Adult Records: Retained for a minimum of 8 years after last attendance
• Children's Records: Retained until the patient's 25th birthday, or 26 if the young person was 17 at conclusion of treatment
• Maternity Records: Retained for 25 years
• Financial Records: Retained for 7 years as required by HMRC

8. Your Rights

Under UK GDPR, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Request limitation on how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, please contact us at info@walkinclinic.london or call 020 71833649.

9. Cookies

Our website uses cookies to improve your browsing experience and analyse site usage. Cookies are small text files stored on your device. You can control cookie settings through your browser preferences.

We use essential cookies for site functionality and analytics cookies to understand how visitors use our website.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. Children's Privacy

For patients under 16 years of age, we require parental or guardian consent for healthcare services and data processing. We take extra care to protect children's information and comply with relevant safeguarding requirements.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website with a new "Last updated" date.

13. Complaints

If you have concerns about how we handle your personal data, please contact us first. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):