Our mission statement on our data page sets out how we collect the minimum of data. New legislation from the EU now requires us to publish a full policy. Here it is:
Privacy Policy
GENERAL DATA PROTECTION REGULATION (GDPR) PRIVACY NOTICE
BACKGROUND:
Anaesthesia Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our patients and will only use personal data in ways that are described here and in a way that is consistent with our obligations and your rights under the law.
1. Information About Us
Anaesthesia Ltd is registered in England under company number 4431379, and our registered address is 25 Melcombe Regis court, Weymouth St, London W1G 8NS
Data Protection Officer: Dr Aubrey Bristow
Email address: anaesthesia@unconsciousness.net
We are regulated by General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”)
2. What Does This Notice Cover?
This privacy policy explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
3. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, medical records including digital and radiology data and reports, correspondence from and to other doctors/healthcare workers/hospitals and other online identifiers.
The personal data that we use is set out in Part 5, below.
4. What Are My Rights?
Under the GDPR, you have the following rights, which we will work to uphold:
1. The right to be informed about our collection and use of your personal data. This document should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
2. The right to access the personal data we hold about you.
3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us to find out more.
4. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases. However we do not currently use any automated means.
5. Rights relating to automated decision-making and profiling. We do not use your personal data in this way and this element does not apply.
We are required to keep medical notes for all treatment and so you do not have the right to request erasure. Equally was cannot provide treatment without keeping records so consent cannot be voluntary.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 11.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
You have the right to complain to the Information Commissioner’s Office (ICO) which can be found at https://ico.org.uk/. It has enforcement powers and can investigate compliance with data protection law.

5. What Personal Data Do We Collect?
• Your name, address and contact details, including email address and home and mobile telephone numbers, date of birth and gender
• Your previous and current medical health records whether provided by referrers or other third parties
• Your financial information if you are a ‘self-pay’ patient or paying us directly in any way for any element of our invoice or the financial information of the company or individual who is responsible for the payment of invoices/bills relating to your care (e.g. insurer or sponsor)
• Information about your marital status, next of kin, dependants nominated and/or emergency contacts
• Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments
• Information about medical or health conditions of your family
• Information received in response to any surveys or, complaints or claims

We may collect this information in a variety of ways. For example, data might be collected through registration and admission forms; from pre-admission forms, preassessment questionnaires, or online web forms completed by you at the start of your treatment; from correspondence with you; through the admission and registration process or through consultations, examinations and meetings or other assessments; by recordings of monitors, laboratory and radiology results and the investigations and examinations of other doctors or healthcare workers together with any records they make in the course of their care.
In some cases, the organisation may collect personal data about you from third parties, such as insurer providers, referrers, sponsors, hospitals and other consultants.
6. How Do You Use My Personal Data?
• To support the provision of your healthcare
• To decide how best to provide treatment to you
• As necessary to support the healthcare contract with you and to allow us to receive [full] payment for those services
• To keep your records up-to-date
• As necessary for our own legitimate interests or those of other persons and organisations
• For good governance, accounting, and managing and auditing our clinical and business operations
• To monitor emails, calls, other communications, and activities on our networks and systems
• For market research, analysis and developing statistics for improving clinical performance; and
As necessary to comply with a legal obligation:
• When you exercise your rights under Data Protection Laws and make requests
• For compliance with legal and regulatory requirements and related disclosures
• For establishment and defence of legal rights
• For activities relating to the prevention, detection and investigation of crime
• To verify your identity, make credit fraud prevention and anti-money laundering checks; and to investigate complaints, legal claims and data protection or clinical incidents.
Based on your consent
• If you ask us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf; or otherwise agree to disclosures;
• When we process any special categories of personal data about you at your request (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation).
You are free at any time to ask us to stop collecting data, but the consequence would be that we could not continue to provide healthcare services to you

7. How Long Will You Keep My Personal Data?
Information will be kept in in accordance with the retention periods outlined in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care (2016). Information may be held for longer periods where the following apply:
• Retention in case of queries. We will retain your personal data as long as necessary to deal with any queries you may have
• Retention in case of claims. We will retain your personal data for as long as you might legally bring claims against us
• Retention in accordance with legal and regulatory requirements. We will retain your personal data after you have received healthcare services based on our legal and regulatory requirements.

8. How and Where Do You Store or Transfer My Personal Data?
We will only store or transfer your personal data in the UK. This means that it will be fully protected under the GDPR.
9. Do You Share My Personal Data?
We will not share any of your personal data with any third parties for any purposes except under the following limited circumstances.
• Consultants/doctors, other healthcare professionals and hospitals who provide treatment to you
• Other healthcare providers where we feel this will enhance the quality of your care
• Sub-contractors and other persons who help us to provide healthcare products and services to you
• Companies and other persons providing services to you as part of your extended care
• Our legal and other professional advisors, including our auditors
• Fraud prevention agencies, credit reference agencies, and debt collection agencies
• Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators)
• The Information Commissioner’s Office (ICO)
• Courts, to comply with legal requirements, and for the administration of justice and collection of debts
• In an emergency or to otherwise protect your vital interests
• To protect the security or integrity of our business operations and other patients
• Payment systems and providers
• Anyone else where we have your consent or as required by law
10. How Can I Access My Personal Data?
• If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
• All subject access requests should be made in writing and sent to the email or postal addresses shown above. These must be accompanied by two identity documents; one a photo ID such as a passport or driving license, and the other showing your address and dated within the last three months.
• We will respond to your subject access request within 14 working days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of progress.

11. How Do I Contact You?
Please use the address or email given above
12. Changes to this Privacy Notice
We may change this privacy policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Information relating to any changes will be made available on our website www.anaesthesia.limited

About the author

Dr Aubrey Bristow is a consultant anaesthetist in central London. These articles are his personal views and reflect individual issues of interest to patients. They are not a comprehensive review of the subject nor a substitute for a consultation with your anaesthetist.