Privacy Policy

1. Introduction

At The Somerville Clinic, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information in accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

2. The information we collect

   We may collect and process the following personal information about you:

   1. Contact Details: Name, address, phone number, email address.
      Health Information: Medical history, treatment records, and any other information you provide during consultations.

   2. Administrative Information: Insurance information where relevant, invoice data, communication records, consent forms.

   3. Other Information: Any other personal information you provide to us
      Website data (if applicable): Cookies, IP address, and usage data through analytics tools (see section on cookies).

   4. We collect information directly from you during consultations, through online forms, and via our website. We also collect information from third parties, such as other healthcare providers, with your consent. All such data is processed by Semble on our behalf in accordance with applicable data protection laws and subject to appropriate safeguards.

   5. Financial information. We may collect, use, and process certain financial information where necessary for payment processing, fraud prevention, and accounting purposes This may include payment details (such as billing information and transaction records). All such data is processed by Semble on our behalf in accordance with applicable data protection laws.

      
      

3. Use of Artificial Intelligence in Patient Reporting
   We may use artificial intelligence tools to record, transcribe and summarise clinical reviews to assist our healthcare professionals in drafting and structuring patient reports. These tools are used solely to support clinical documentation and do not replace professional medical judgment. All outputs generated with the assistance of AI are reviewed and verified by a qualified clinician to ensure accuracy, appropriateness, and compliance with applicable data protection and confidentiality obligations.

   
   

4. How We Use Your Information / Purposes of processing
   We use your personal information for the following purposes:

   • Provision of Care: To provide you with medical care and treatment.

   • Administration: To manage appointments, billing (via invoices), and communication.

   • Legal Obligations: To comply with legal and regulatory requirements.

   • Improvement of Services: To improve our services through audits and feedback.

   • Liaise with your GP or other healthcare providers (with your consent).

   • Maintain accurate clinical and administrative records.

   • Meet legal and regulatory obligations.

   • Process payments and invoices.

   
   

5. Legal Basis for Processing
   Our legal basis for processing your personal information includes:

   • Consent: You have given clear consent for us to process your information for a specific purpose.

   • Contract: The processing is necessary for a contract we have with you.

   • Legal Obligation: The processing is necessary for us to comply with the law.

   • Vital Interests: The processing is necessary to protect someone’s life.

   • Public Task: The processing is necessary for us to perform a task in the public interest or for our official functions.

   • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party.

   • We process your data under the following lawful bases:

   • Provision of healthcare (Article 9(2)(h) UK GDPR)

   • Contractual necessity (Article 6(1)(b))

   • Legal obligation (Article 6(1)(c)

   • Consent (Article 6(1)(a)), when required — e.g., sharing information with third parties not directly involved in your care.

   
   

6. How we protect your information
   We take appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

   • Secure storage solutions

   • Access controls

   • Regular security audits

   
   

7. How We Store Your Information
   Your data is stored securely in:

   • Encrypted electronic systems and/or locked physical files.

   • Cloud-based software compliant with UK data protection standards.

   We retain your records for a minimum of 7 years after your last contact (or until age 25 for children), in line with NHS and professional guidelines.

   
   

8. Sharing Your Information

   We will only share your information when:

   • It is necessary for your care (e.g., with your GP or other professionals).

   • We are required by law (e.g., safeguarding concerns, court orders).

   • You have given explicit consent.

   We do not sell or share your data with third parties for marketing purposes. We do not routinely transfer your personal information outside the UK or Europe. If we do, we will ensure appropriate safeguards are in place to protect your information.

   
   

9. Your Rights

   • Access to Information: You have the right to request access to the personal information we hold about you.

   • Correction and Deletion: You have the right to request correction of any inaccurate information and deletion of your personal information where appropriate.

   • Restriction of Processing: You have the right to request that we restrict the processing of your personal information.

   • Data Portability: You have the right to request the transfer of your personal information to another organization.

   • Objection to Processing: You have the right to object to the processing of your personal information in certain circumstances.

   • Withdrawal of Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.

   
   

10. Retention of information
    We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

    
    

11. Changes to our privacy policy
    We may update this Privacy Policy from time to time. Any changes will be posted on our website, and where appropriate, notified to you by email

    
    

12. Contact us
    If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at info@somervilleclinic.com

    
    

13. Complaints
    If you are not satisfied with how we handle your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
    Website: https://ico.org.uk/
    Phone: 0303 123 1113

    
    We are committed to safeguarding your privacy and ensuring that your personal information is protected. Thank you for trusting The Somerville Clinic with your healthcare needs.