Umid
The Barn Annexe, Andover Road, Micheldever Station, Winchester SO21 3AR
umid@umid.co.uk
Phone: 01962 435 090
Effective Date: January 2025
Introduction
At Umid, we are committed to protecting your privacy and ensuring that your personal data is handled securely and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how we collect, use, store, and protect your personal data and outlines your rights regarding your information.
What Information We Collect
We may collect the following types of personal data:
- Personal details: Name, date of birth, contact information (address, email, phone number).
- Health-related data: Medical history, diagnostic results, treatment records, prescriptions, referrals, and notes from consultations.
- Payment details: Information for processing payments (if applicable).
- Communication records: Emails, appointment reminders, or feedback provided by you.
This data includes special category data under UK GDPR, specifically health information.
Lawful Basis for Processing
We process your data under the following lawful bases as defined by the UK GDPR:
- Article 6(1)(b): Processing is necessary for the performance of a contract with you (e.g., providing healthcare services).
- Article 6(1)(c): Processing is necessary for compliance with a legal obligation (e.g., maintaining accurate medical records).
- Article 6(1)(f): Processing is necessary for our legitimate interests (e.g., managing our business).
- Article 9(2)(h): Processing of special category data is necessary for the provision of health or social care.
How We Use Your Information
We use your data to:
- Schedule and manage appointments.
- Provide appropriate medical care and treatment.
- Communicate with you regarding your care, including appointment reminders.
- Process payments and issue invoices (if applicable).
- Maintain accurate medical records for continuity of care.
Data Storage & Security
Your data is stored securely in compliance with UK GDPR guidelines. We implement appropriate technical and organisational measures to prevent unauthorised access, loss, or misuse of your information.
- Electronic records are stored in secure, encrypted systems with access controls.
- Paper records (if used) are kept in locked, access-controlled locations.
- Data retention: Records are retained for a minimum of 8 years after the last treatment (or longer if required by law) and securely deleted when no longer needed.
We have procedures in place for data breaches, including notification to the ICO within 72 hours when required.
Sharing of Information
We do not share your data with third parties without your explicit consent, except in the following circumstances:
- When required by law or regulatory bodies.
- When necessary for your treatment (e.g., referrals to specialists, communication with your GP).
- If you have provided consent to share information with insurers or third-party healthcare providers.
All third parties are vetted for GDPR compliance, and data-sharing agreements are in place.
We will never sell your data to third parties.
Your Rights
Under UK GDPR, you have the following rights regarding your data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request corrections to inaccurate or incomplete data.
- Deletion: Request that we delete your personal data, subject to legal and professional record-keeping obligations.
- Restriction: Ask us to restrict the processing of your data in certain circumstances.
- Objection: Object to us processing your data for specific purposes.
- Data portability: Request that we transfer your data to another provider where applicable.
- Complaints: Lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data rights have been violated.
To exercise your rights, please contact us at [Your Contact Email].
Contact Information
If you have any questions or concerns about this Privacy & Data Protection Policy, or if you wish to make a data request, please contact:
Umid
The Barn Annexe, Andover Road, Micheldever Station, Winchester SO21 3AR
umid@umid.co.uk
01962 435 090
Updates to This Policy
We may update this policy from time to time to reflect changes in legal requirements or our practices. We encourage you to review it periodically.
Acknowledgment & Consent
By continuing to use our services, you acknowledge that you have read and understood this Privacy & Data Protection Policy.
UMID