Privacy Policy

WHO WE ARE

At Enigma Healthcare (hereafter referred to as “we”, “our”, “us”), we take your privacy and the protection of your personal information seriously. This Privacy Policy outlines how we collect, use, store, and protect your personal data in compliance with applicable laws and regulations, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this Privacy Policy carefully. By using our services, you agree to the practices described in this policy.

1. Information We Collect

We collect the following types of personal data to provide healthcare services and manage our relationship with you:

Personal Identification Information: Name, date of birth, gender, contact details (address, phone number, email).
Health Information: Medical history, diagnosis, treatment plans, medications, test results, and other healthcare-related data.
Financial Information: Payment details such as insurance information, credit/debit card information, or billing address (when applicable).
Communication Data: Correspondence between you and our clinic, including appointment scheduling and email exchanges.

We may also collect other data required to fulfil our medical duties and responsibilities, as required by law.

2. How We Use Your Data

We use your personal information for the following purposes:

Providing Healthcare Services: To assess, diagnose, and treat your medical conditions.
Appointment Management: To schedule, confirm, and remind you of appointments.
Billing and Payments: To process payments and insurance claims.
Medical Records Management: To maintain accurate medical records, including your treatment history and progress.
Legal and Regulatory Compliance: To comply with our obligations under healthcare law and regulations (including the Health and Social Care Act 2008, the Care Quality Commission (CQC) standards, and NHS guidelines).
Improving Services: To monitor and improve the quality of care provided to you.
Research Purposes: Health or Scientific research (any published data will always be anonymous).

3. Legal Basis for Processing Your Data

We process your personal data based on the following legal grounds under the UK GDPR:

Consent: We may process your data if you have provided explicit consent, such as agreeing to receive treatment or allowing us to share information with a third party.
Contractual Necessity: Processing is necessary for the performance of a contract (e.g., your treatment agreement with us).
Legal Obligation: We may need to process your data to comply with legal or regulatory requirements (e.g., keeping accurate medical records, complying with tax or insurance laws).
Vital Interests: In some cases, processing may be necessary to protect your health or life.
Public Task: We may need to process certain data to fulfil public health or regulatory duties (e.g., reporting to health authorities).

4. Sharing Your Data

We do not share your personal data with third parties except in the following situations:

With Third Party Healthcare Providers: For the purpose of providing treatment (pathology, histology histopathology), referrals, or when sharing information with other medical professionals involved in your care.
To Regulatory Bodies: We may share information with bodies like the General Medical Council (GMC), Care Quality Commission (CQC), NHS, or other relevant authorities, as required by law.
For Legal Compliance: In response to lawful requests from government bodies, law enforcement, or courts.
Service Providers: We may share your information with trusted third-party providers who assist us in business operations (e.g., IT support, insurance billing, or payment processors). These providers are contractually obligated to protect your data.

5. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. For example, medical records are kept for a minimum of 8 years from the date of the last treatment or longer if required by specific healthcare legislation.

6. Your Rights Under the UK GDPR

As a data subject, you have the following rights regarding your personal data:

Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: If you believe any of the data we hold about you is incorrect or incomplete, you can ask us to correct it.
Right to Erasure: In certain circumstances, you can request that we delete your personal data (e.g., if it is no longer necessary for the purposes for which it was collected).
Right to Restriction of Processing: You can request us to restrict the processing of your data in certain circumstances.
Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.
Right to Object: You can object to the processing of your data, particularly in cases where we rely on legitimate interests as the legal basis for processing.
Right to Withdraw Consent: If we rely on your consent for processing, you can withdraw your consent at any time.

To exercise any of these rights, please contact us using the details provided at the end of this policy.

7. Data Security

We take appropriate technical and organsational measures to protect your personal data from accidental loss, unauthorized access, or disclosure. These measures include encryption, secure storage, and access controls. However, no data transmission over the internet is completely secure, and while we strive to protect your personal information, we cannot guarantee its absolute security.

8. International Data Transfers

In general, we do not transfer your personal data outside the UK or the European Economic Area (EEA). If this changes, we will ensure that adequate safeguards are in place, such as standard contractual clauses or binding corporate rules, to protect your personal data in accordance with UK GDPR.

9. Cookies

Our website may use cookies to enhance your user experience. Cookies are small files that are stored on your device. You can manage or disable cookies through your browser settings. However, some features of our website may not function properly if cookies are disabled.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website and, where appropriate, notified to you by email or through other communication channels. The updated Privacy Policy will be effective as of the date it is published.

11. Contact US

If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us:

Clinical Director and Data Protection Officer
Katie Biddiss
Enigma Healthcare
Unit 2 Portal Business Park
Eaton Lane
Tarporley
Cheshire
CW6 9DL
Tel: 01829 863331
admin@enigmahealthcare.co.uk

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection matters. You can contact the ICO at: