APLEY MEDICAL LTD

Privacy Policy

1. Who we are

Apley Medical Ltd provides private medical and surgical consultations. This notice explains how we use your personal information in accordance with UK GDPR and the Data Protection Act 2018.

2. What information we collect

We collect information necessary to provide safe and effective clinical care, including:

• Identification details (name, address, date of birth, contact details)
• Medical information (consultation notes, reports, test results, imaging, correspondence)
• Details of your GP and other clinicians involved in your care
• Referrals, appointment history and clinical communications
• Billing information (insurer, self-pay details)

We may also process special category data where necessary for medical diagnosis and treatment.

3. How and why we use your information

We use your data to:

• Provide medical assessment, diagnosis and treatment
• Coordinate care with your GP and other healthcare professionals
• Arrange investigations, referrals and follow-up
• Maintain accurate clinical records
• Comply with legal, regulatory and professional obligations
• Manage billing and administration
• Support audit, service evaluation and training (using anonymised data wherever possible)

We rely on the following legal bases:

• Provision of healthcare (Article 9(2)(h))
• Legitimate interests
• Legal and regulatory obligations
• Contractual necessity
• Consent, where specifically obtained (for example, certain communications)

4. Sharing your information

We share data only where necessary for your care or where legally required, including with:

• Your GP
• Treating clinicians and healthcare providers
• Diagnostics and imaging services
• Your medical insurer or paying agent
• Regulators where required

We do not sell or pass information to third parties for marketing.

5. How we keep your information secure

Information is held securely on encrypted systems with access restricted to those who need it. We have measures in place to detect, report and investigate data breaches where required.

6. How long we keep your information

We retain medical records in line with the Records Management Code of Practice 2021, based on Department of Health guidance. Retention periods vary by record type. If you require details, we can provide our full retention schedule.

7. Your rights

Under UK GDPR you have the right to:

• Access the information we hold about you
• Request correction of inaccurate data
• Request deletion where legally appropriate
• Request restriction of or object to certain types of processing
• Request transfer of information to you or another provider where feasible
• Withdraw consent, where consent is used as the lawful basis

Requests will usually be responded to within one month.

8. Contact us

If you have any questions about this notice or wish to exercise your rights, please contact:

Apley Medical Ltd
The Hangar
Hadley Park East
Telford
TF1 6QJ

9. Right to complain

You may raise concerns with the Information Commissioner’s Office (ICO): www.ico.org.uk / 0303 123 1113.

10. Updates to this notice

This notice may be updated periodically. The latest version will always be available on our website.