Opening soon — be the first to know when we launch
✓ You're on the list
Now accepting new patients · Evening & weekend appointments available · No GP referral required
The Manchester Women's Clinic

Legal

Privacy Policy

Last updated: January 2025  ·  The Manchester Women's Clinic

This is a draft privacy policy for review purposes. Before going live, this document should be reviewed by a solicitor and updated to reflect your actual registered company details, ICO registration number, third-party processors in use (booking system, email platform, analytics), and any specific data processing activities relevant to your practice.

1. Who we are

The Manchester Women's Clinic is a private medical clinic providing menopause, contraception and women's health services in Manchester. We are registered in England and Wales.

Data controller: The Manchester Women's Clinic
Address: [Clinic address, Manchester, M1 XXX]
Email: [email protected]
ICO registration number: [To be confirmed upon registration]

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).

2. Data we collect

Information you give us

  • Your name, date of birth, contact details (email address, phone number)
  • Medical history, symptoms, medications and clinical information provided during consultation
  • Appointment booking details and preferences
  • Payment information (processed securely — we do not store card details)
  • Correspondence you send us by email or through our website

Information we collect automatically

  • Website usage data (pages visited, time on site) via our analytics provider
  • Technical information such as browser type and IP address

Special category data

Medical information is classified as "special category" data under UK GDPR and receives the highest level of protection. We collect and process this data only as necessary to provide you with clinical care.

3. Why we collect your data

  • To book and manage your appointments
  • To provide clinical assessment, diagnosis and treatment
  • To issue prescriptions and referral letters
  • To communicate with you about your care
  • To maintain clinical records as required by medical and regulatory standards
  • To process payment for services
  • To improve our website and services (aggregated analytics only)

4. Lawful basis for processing

We process your personal data on the following lawful bases:

  • Contract: To fulfil our obligations under the appointment agreement
  • Legal obligation: To comply with our duties as a medical practice
  • Legitimate interests: To operate and improve our services
  • Vital interests / medical care: For special category health data processed in the context of clinical care (Article 9(2)(h) UK GDPR)
  • Consent: Where we have asked for and received your explicit consent (e.g. marketing communications)

5. Sharing your data

We do not sell your data. We do not share your personal data with third parties except in the following circumstances:

  • Your NHS GP: Only with your explicit consent, when you ask us to write to your practice
  • Referral specialists: Only with your explicit consent, when we arrange a referral on your behalf
  • Our booking system provider: [Semble / TBC] — who process appointment data on our behalf under a data processing agreement
  • Payment processing: Payment data is handled securely by our payment provider under their own privacy policy
  • Legal requirement: Where we are required to disclose information by law (e.g. serious safeguarding concerns or court order)

Where third-party processors are used, we ensure they operate under appropriate data processing agreements and comply with UK GDPR.

6. How long we keep your data

We retain clinical records in line with NHS and medical regulatory guidance — typically a minimum of 8 years from the date of last treatment for adult patients. Financial records are kept for 6 years as required by HMRC.

We will delete or anonymise your data when it is no longer required, unless we are legally obliged to retain it.

7. Your rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Ask us to correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to our legal and clinical obligations)
  • Restriction: Ask us to limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

Our website uses cookies to understand how visitors use the site. We use [Plausible Analytics / TBC], a privacy-first analytics provider that does not use tracking cookies or collect personally identifiable information. No cookie consent banner is required for this tool.

If you contact us via our website, your submission data may be stored temporarily by our form provider. We do not use advertising or tracking cookies.

9. Changes to this policy

We may update this privacy policy from time to time. The current version is always available on this page with the date it was last updated. Where changes are significant, we will notify patients directly.

For any questions about this policy, contact us at [email protected].