Your Gynae Health Logo
Make An Appointment

Privacy Policy

Your privacy matters to us. This Privacy Policy explains how Your Gynae Health (“we”, “us”, “our”, “the clinic”) collects, uses, stores and shares personal information about patients, website users and enquirers. We are committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable laws.

If you have any questions about this policy or how we use your information, please contact our Data Protection Officer (DPO):

Email: hello@yourgynaehealth.co.uk
Phone: 07460 553 196

1. Scope

This policy applies to all personal data we process in the delivery of clinical services and via our website, appointment systems, telephone lines and email. It covers information about patients, prospective patients, referrers, suppliers and visitors to our website.

2. What information we collect

We collect a range of information depending on the service requested and interactions with the clinic. Examples include:

Personal identification and contact

  • Name, date of birth, gender, address, phone and email.
  • Emergency contact details and next of kin (where provided).


Clinical and health information (special category data)

  • Medical history, medication, allergies, symptoms, examination findings, diagnoses and treatment plans.
  • Results of scans, blood tests, pathology, letters from other clinicians and pregnancy details.
  • Images, recordings or scans necessary for diagnosis and treatment.


Administrative and financial information

  • Appointment history, referrals, correspondence and clinic notes.
  • Payment and invoicing details, including insurance provider and policy details (where provided).
  • Records of consent and clinic forms that you sign.


Website and technical information

  • IP address, browser type, pages visited, device information and cookies (see section 10).
  • Contact form submissions, online booking data and other information you enter on our site.

3. How we use your personal data (purposes) and legal basis

We process personal data for the purposes set out below. Where we process special category data (health data), we rely on the UK GDPR rules allowing processing for healthcare and public interest, and on explicit consent where appropriate.


Purposes and legal bases

  • To provide clinical care and treatment: processing necessary for the provision of health or social care, and for the management of health or social care systems (legal basis: necessary for the provision of healthcare / public interest in public health).
  • To arrange appointments and follow-up: necessary for the performance of a contract / to take steps at your request.
  • To communicate with you: by phone, SMS or email about appointments, test results and clinical correspondence (legal basis: performance of contract / legitimate interests).
  • To process payments and insurance claims: to fulfil contractual obligations and for legal compliance (legal basis: necessary for contract / legal obligation).
  • To maintain medical records: fulfilling regulatory and professional obligations (legal basis: legal obligation and provision of health care).
  • For clinical audit, service improvement and quality assurance: legitimate interests to improve services (data will be anonymised where possible).
  • For legal, regulatory and public health reporting: where required by law, court order, or for safeguarding and public health purposes (legal basis: legal obligation).
  • Where we rely on consent: for marketing communications, participation in research or where we ask for explicit consent to process special category data for a particular purpose. You may withdraw consent at any time.

If you are unsure which lawful basis applies to a specific processing activity, contact us.

4. Who we share your information with

We only share personal data when necessary and with appropriate safeguards. Recipients may include:

  • Healthcare professionals and hospitals (e.g., radiology, pathology, NHS Trust colleagues) to provide coordinated care.
  • Referring GPs and clinicians for continuity of care.
  • Health insurers — when you ask us to claim via private medical insurance, we will share relevant clinical and invoice information with the insurer and, where requested, provide authorisation information. Please check your policy and contact us with your insurer details before booking.
  • Specialist consultants and multidisciplinary teams (e.g., colorectal or urology colleagues) are consulted when a referral is required.
  • Laboratories and imaging providers for diagnostic tests and reporting.
  • Regulatory bodies and courts, when required by law (e.g., the Care Quality Commission, the NHS, and courts).

We will not sell your personal data to third parties.

5. International data transfers

Some third-party service providers may process or store data outside the UK. Where this occurs, we will ensure appropriate safeguards are in place (for example, standard contractual clauses or other approved mechanisms) and that transfers comply with UK GDPR. Contact the DPO for details of specific transfers.

6. Retention periods

We retain records in accordance with professional guidance and legal requirements:

  • Medical records: generally retained for at least 8 years for adults. For children, records are usually kept until they reach age 25 (or as required by professional guidance). Specific clinical records (e.g., obstetric records, complex surgical notes) may be retained for longer as advised by professional bodies.
  • Financial and billing records: generally retained for at least 7 years for HMRC and audit purposes.
  • Imaging and test results: retained in line with clinical need and local policy.
  • Website and cookie data: retained for varying periods depending on the purpose (see the cookie policy).

If you wish to request deletion earlier, see “Your rights” (section 9). Please note we will retain information where necessary to comply with legal obligations, resolve disputes or enforce agreements.

7. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction or damage. Measures include encrypted systems, secure servers, access controls, staff training and regular security assessments. Access to medical records is strictly restricted to staff who need the information to provide care or administer services.

If you believe your data may have been compromised, contact us immediately.

8. How we use medical images and recordings

Clinical images (ultrasound images, scans) are part of your medical record. We may use anonymised images for audit, teaching, or professional development, but only with safeguards in place and with your explicit consent. Any recordings made for clinical purposes (e.g., telemedicine consultations) will be retained in line with clinical record-keeping policy.

9. Your rights

Under UK data protection law, you have rights in relation to your personal data. These include the right to:

  • Access the personal data we hold about you (subject access request).
  • Rectify inaccurate or incomplete data.
  • Request erasure (in certain circumstances) — note there are exceptions for clinical records and legal obligations.
  • Restrict processing where appropriate.
  • Object to processing based on legitimate interests (unless we have compelling grounds).
  • Data portability — request a copy of data in a machine-readable format where applicable.
  • Withdraw consent to processing where consent is the lawful basis. Withdrawing consent will not affect processing carried out before withdrawal.

To exercise any of these rights, contact our DPO at dpo@yourgynaehealth.co.uk or by post to the clinic address. We will respond in accordance with applicable law and within statutory timescales.

10. Cookies, analytics and website tracking

Our website uses cookies and similar technologies to enhance functionality and improve the user experience. Cookies may be used for:

  • Essential site functions (booking system, secure areas),
  • Analytics to understand site use, and
  • Optional marketing (only with consent).

 

You can manage cookie preferences through your browser or the cookie consent tool on the website.

11. Marketing communications

We will only send marketing communications (email, SMS or post) where you have consented to receive them or where we have another lawful basis. You can unsubscribe or opt out at any time using the links in our messages or by contacting us.

12. Children and vulnerable adults

We do not collect personal data from children under 16 without parental or guardian consent, except where permitted or required by law and clinical best practice. If you are acting on behalf of another adult or a child, we may ask for evidence of your authority to act on their behalf.

If you believe a child’s data has been provided without appropriate consent, contact us.

13. CCTV and on-site monitoring

If we operate CCTV on clinic premises, footage will be used for security and safety and retained for a limited period (for example, 28–31 days) unless required for an incident investigation. Signs will be displayed where CCTV is in operation. Requests for access to CCTV footage should be made in writing to the DPO; disclosure may be limited to protect third-party privacy.

14. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top shows when this policy was last revised. We encourage you to check back periodically. For material changes, we will notify patients via our website or other reasonable means.

15. Contact, complaints and further information

If you have questions, wish to exercise your rights or need further information:
Data Protection Officer
Email: hello@yourgynaehealth.co.uk
Phone: 07460 553 196
Address: The Harborne Hospital, Edgbaston, Mindelsohn Way, Birmingham B15 2TQ

16. Additional information for patients using private health insurance

If you intend to use private medical insurance to pay for treatment, we will need to share relevant clinical and invoicing information with your insurer to obtain authorisation and process claims. This will include details of diagnosis, proposed treatment and invoices. Please confirm your insurer and policy details before booking. We will only share the minimum information necessary for the purpose.

End of Privacy Policy