Privacy & Cookies Policy

1. Privacy Policy

1.1 Introduction

Medical Express Clinic is committed to respecting and protecting your privacy and complying with Data Protection Legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).

This policy refers to the GDPR and unless otherwise explicitly expressed, the GDPR refers to the UK GDPR pursuant to the Data Protection Act 2018, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.

This policy describes the personal data about you that we process and the legal basis for processing. It also describes your rights as a data subject.

1.2 About Us

"Medical Express Clinic" (and "we", "us", or "our") refers to Medical Express London Ltd (company number 05078684) with registered office at 117a Harley Street, London, W1G 6AT.

Medical Express Clinic is the controller of all personal data processed about you during the provision of our services to you.

1.3 Privacy Officer

1.4 How We Obtain Your Personal Data

Personal data that you provide to us by:

• Speaking to us in person
• Filling in forms on our websites
• Corresponding with us by telephone
• Corresponding with us by email
• Corresponding with us via WhatsApp
• Corresponding with us by letter

Personal data obtained from sources other than you:

• Your contact and medical details from your parent or guardian if you are under 18 years old
• Your contact and medical details from a family member or somebody else acting on your behalf
• Your contact and medical details from a physician referring you to us
• Diagnostic results of tests conducted at our partner laboratories
• Images resulting from scans of your body and other diagnostic procedures from our specialist service providers
• Radiologists' reporting of scans of your body and interpretations of other diagnostic procedures
• Clinical reports from medical professionals where you may be referred for services

1.5 The Personal Data That We Process About You

• Title, First name, Last name
• Date of Birth
• Home address, telephone number, Email address
• Marital status
• Height, Weight, Gender
• Answers to questions about your medical history and family medical history
• Contact details of your General Practitioner (GP)
• Financial details, such as details about your payments, bank or credit/debit card details or health insurance policy details
• Information about how you use our products and services, such as insurance claims
• Images resulting from scans of your body and Radiologists' reports
• Results and interpretations of other diagnostic procedures

1.6 Purpose and Legal Basis for Processing

We process your personal data and special category (medical) personal data solely to provide you with the service you have requested.

The lawful basis for processing your personal data is that it is necessary for the performance of our contract with you.

The lawful basis for processing your special category (medical) personal data is processing that is necessary for preventive or occupational medicine, the assessment of the working capacity of an employee, medical diagnosis, and/or the provision of health care or treatment (UK GDPR Article 9(2)(h)). We also rely on related conditions under the Data Protection Act 2018. We may also share your data with third parties where you have provided your explicit consent for a particular service or services (UK GDPR Article 9(2)(a)).

1.7 Retention of Personal Data

We are under a legal and ethical obligation to maintain records safely and securely for a minimum period as set out by the Department of Health (2006) Records management: NHS code of practice. The minimum retention period is currently 8 years.

1.8 Sharing Your Personal Data

We will share your personal data with:

• Medical professionals directly involved in your health assessment and diagnosis
• Third parties where you have provided your explicit consent
• Your employer (or their broker or agent) for service administration if they are paying for the service
• Any other organisation paying for the services (insurers, embassies, etc)
• Government authorities (e.g. Health Protection Agency for infectious diseases)
• Regulatory bodies such as the Care Quality Commission
• Third parties we work with to provide our services, such as specialist Consultants, diagnostic partners, insurers, and auditors

1.9 International Transfers

We will neither transfer nor process personal data outside the United Kingdom unless covered by UK adequacy regulations, standard contractual clauses, or specific exceptions in Data Protection Legislation.

1.10 Marketing and Preferences

We can only use your personal data to send you marketing material if we have your consent or a legitimate interest. You can remove that consent (opt-out) at any time by clicking 'unsubscribe' in our emails or contacting us.

1.11 Your Right to Lodge a Complaint

If you are not satisfied with the response you receive you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is: