Privacy Policy

Effective Date: 02/03/2026
Last Updated: 02/03/2026

 

    1. Who We Are

    Plymouth Private Practice (“we”, “us”, “our”) is a private medical practice based in Plymouth, Devon. We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

    Data Controller:
    Plymouth Private Practice
    202 Peverell Park Road
    Plymouth
    Devon
    PL3 4QE

    Email: info@plymouthprivatepractice.co.uk
    Telephone: 07821 919008

    ICO Registration Number: ZC099051

    We are registered with the Information Commissioner’s Office (ICO) as a data controller.

     

    1. What Information We Collect

    We may collect and process the following types of personal data:

    a) Information You Provide Directly

    • Full name
    • Date of birth
    • Address
    • Email address
    • Telephone number
    • Medical information (if submitted via contact forms or booking systems)
    • Payment details (processed securely via third-party payment provider)

    b) Website Usage Information

    When you visit our website, we may automatically collect:

    • IP address
    • Browser type and version
    • Pages visited
    • Time and date of visit
    • Referring website

    c) Special Category Data (Health Information)

    If you submit medical information through our website (for example, appointment forms or enquiry forms), this may include health data. Health data is classified as “special category data” under UK GDPR and is afforded additional protection.

     

    1. How We Use Your Information

    We use your personal data to:

    • Respond to enquiries
    • Arrange and manage appointments
    • Provide medical services
    • Process payments
    • Communicate important information about your care
    • Improve our website and services
    • Comply with legal and regulatory obligations

    We will only use your personal data where we have a lawful basis to do so.

     

    1. Lawful Basis for Processing

    Under UK GDPR, we rely on the following lawful bases:

    • Contract – where processing is necessary to provide medical services you have requested.
    • Legal obligation – where we are required to comply with the law.
    • Legitimate interests – to operate and improve our services and website.
    • Consent – where you have given clear permission (for example, for marketing communications).
    • Provision of healthcare (Article 9(2)(h)) – for processing health data necessary for medical diagnosis, treatment, and the management of healthcare services.

     

    1. How We Store and Protect Your Data

    We take appropriate technical and organisational measures to protect your personal data, including:

    • Secure encrypted systems
    • Password-protected access to records
    • Secure electronic medical record systems
    • SSL encryption on our website
    • Restricted access to sensitive information

    We retain personal data only for as long as necessary in accordance with legal, regulatory, and medical record retention requirements.

     

    1. Sharing Your Information

    We do not sell your personal data.

    We may share your information with:

    • Laboratories and diagnostic providers
    • Secure payment processors
    • IT and website service providers
    • Accountants or professional advisers (where required)
    • Regulatory bodies or law enforcement where legally required
    • Other healthcare professionals involved in your care (with your consent where appropriate)

    All third parties are required to respect the security of your data and process it in accordance with data protection law.

     

    1. Cookies

    Our website may use cookies to:

    • Improve user experience
    • Analyse website performance
    • Ensure website functionality

    You can manage or disable cookies via your browser settings. Where required, we will obtain your consent before placing non-essential cookies on your device.

     

    1. Your Rights Under UK GDPR

    You have the right to:

    • Request access to your personal data
    • Request correction of inaccurate or incomplete data
    • Request erasure of your data (where legally permitted)
    • Request restriction of processing
    • Object to processing
    • Request data portability
    • Withdraw consent at any time (where processing is based on consent)
    • Lodge a complaint with the Information Commissioner’s Office (ICO)

    Requests can be made via email at:
    info@plymouthprivatepractice.co.uk

     

    1. Complaints

    If you have concerns about how we handle your personal data, please contact us in the first instance using the details above.

    You also have the right to lodge a complaint with:

    Information Commissioner’s Office (ICO)
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF
    Website: https://www.ico.org.uk

     

    1. Third-Party Links

    Our website may contain links to external websites. We are not responsible for the privacy practices or content of third-party websites.