Privacy & Cookies Policy

1.1 Introduction

1.1.1 Medical Express Clinic is committed to respecting and protecting your privacy and complying with Data Protection Legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).

1.1.2 This policy refers to the GDPR and unless otherwise explicitly expressed, the GDPR refers to the UKGDPR pursuant to the Data Protection Act 2018, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019

1.1.3 This policy describes the personal data about you that we process and the legal basis for processing. It also describes your rights as a data subject.

1.2 About Us

1.2.1 "Medical Express Clinic" (and "we", "us", or "our") refers to Medical Express London Ltd (company number 05078684) with registered office at 117a Harley Street, LONDON, W1G 6AT.

1.2.2 Medical Express Clinic is the controller of all personal data processed about you during the provision of our services to you.

1.3 Privacy Officer

Medical Express Clinic's Privacy Officer is:
Stephen Lingam
Medical Express Clinic
117a Harley Street
LONDON, W1G 6AT
(t) 020 74991991
(email) info@medicalexpressclinic.co.uk

1.4 How we obtain your personal data

1.4.1 Any personal data that you provide to us by:

• speaking to us in person;
• filling in forms on our websites;
• corresponding with us by telephone;
• corresponding with us by email;
• corresponding with us via WhatsApp;
• corresponding with us by letter.

1.4.2 Personal data obtained from sources other than you:

• Your contact and medical details from your parent or guardian if you are under 18 years old;
• Your contact and medical details from a family member or somebody else acting on your behalf;
• Your contact and medical details from a physician referring you to us;
• Diagnostic results of tests conducted at our partner laboratories;
• Images resulting from scans of your body and other diagnostic procedures from our specialist service providers;
• Radiologists' reporting of scans of your body and interpretations of other diagnostic procedures from our specialist service providers;
• Clinical reports from medical professionals where you may be referred for services.

1.5 The personal data that we process about you

1.5.1 We process the following personal data about you:

• Title, First name, Last name
• Date of Birth
• Home address, telephone number, Email address
• Marital status
• Height, Weight, Gender
• Answers to questions about your medical history and family medical history
• Contact details of your General Practitioner (GP)
• Financial details, such as details about your payments, bank or credit/debit card details or health insurance policy details;
• Information about how you use our products and services, such as insurance claims;
• Images resulting from scans of your body and Radiologists' reports;
• Results and interpretations of other diagnostic procedures.

1.5.2 If you are a corporate customer or have been introduced to Medical Express Clinic by a company which has a commercial relationship with us, we also process:

• Company name and address
• Name, Telephone number, and Email address of company contact

1.6 Purpose for the processing and the lawful basis for the processing

1.6.1.1 We process your personal data and special category (medical) personal data solely to provide you with the service you have requested.

1.6.2.2 The lawful basis for processing your personal data is that it is necessary for the performance of our contract with you.

1.6.2.3 The lawful basis for processing your special category (medical) personal data is processing that is necessary for preventive or occupational medicine, the assessment of the working capacity of an employee, medical diagnosis, and / or the provision of health care or treatment (UK GDPR Article 9(2)(h)). We also rely on related conditions under the Data Protection Act 2018. We may also share your data with third parties where you have provided your explicit consent for a particular service or services (UK GDPR Article 9(2)(a)).

1.6.2.5 Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal data include:

• to manage our relationship with you, our business and third parties who provide services for us;
• to provide healthcare services on behalf of a third party (for example, your employer);
• to make sure that diagnostic imaging services are handled efficiently and to investigate complaints;
• to keep our records up to date and to provide you with marketing as allowed by law;
• for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones;
• to monitor how well we are meeting our clinical and non-clinical performance expectations through patient feedback surveys;
• to enforce or apply our website terms of use, our policy terms and conditions or other contracts;
• to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us.

1.7 Retention of personal data

1.7.1 We are under a legal and ethical obligation to maintain records safely and securely for a minimum period as set out by the Department of Health (2006) Records management: NHS code of practice. The minimum retention period is currently 8 years.

1.8 Sharing your personal data

1.8.1 We will share your personal data with:

• Medical professionals directly involved in your health assessment and diagnosis.
• Third parties where you have provided your explicit consent.
• Your employer (or their broker or agent) for service administration if they are paying for the service.
• Any other organisation paying for the services (insurers, embassies, etc).
• Government authorities (e.g. Health Protection Agency for infectious diseases).
• Regulatory bodies such as the Care Quality Commission.
• Third parties we work with to provide our services, such as specialist Consultants, diagnostic partners, insurers, and auditors.

1.9 Processing by organisations other than Medical Express Clinic

1.9.1 We share your data with various third parties to support you with your healthcare, including providers of scanning, x-ray, imaging, blood screening, and other Consultants. We share your data for these services as part of our contract with you.

1.10 International Transfers

1.10.1 We will neither transfer nor process personal data outside the United Kingdom unless covered by UK adequacy regulations, standard contractual clauses, or specific exceptions in Data Protection Legislation.

1.13 Marketing and preferences

1.13.1 We can only use your personal data to send you marketing material if we have your consent or a legitimate interest.

1.13.2 You can remove that consent (opt-out) at any time by clicking 'unsubscribe' in our emails or contacting us.

1.16 Your right to lodge a complaint

If you are not satisfied with the response you receive you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
(t) 0303 123 1113 | (e) casework@ico.org.uk