The Watermill Clinic is committed to protecting your privacy and handling your personal information lawfully, fairly and securely.
This Privacy Policy explains how we collect, use, store and share your personal information when you:
- visit our website;
- contact us with an enquiry;
- book an appointment;
- receive treatment or services from us; or
- otherwise interact with The Watermill Clinic.
This notice should be read alongside any separate patient privacy information, cookie notice, terms and conditions, and any forms or consent materials you receive when registering or booking with us.
1. Who we are
The Watermill Clinic is a private GP clinic based in Wickham, Hampshire.
| Data Controller: |
The Watermill Clinic Ltd |
| Registered address: |
The Watermill Clinic, Houghton Way, Wickham, Fareham PO17 5GU |
| Clinic address: |
The Watermill Clinic, Houghton Way, Wickham, Fareham PO17 5GU |
| Email: |
[email protected] |
| Telephone: |
01329 558933 |
| Data Protection Officer: |
Mr Ed Kennedy |
| CQC Registered Manager: |
Dr Alison Carey |
| Clinical Lead: |
Dr Anna Davies |
If you have any questions about this policy or how we use your personal information, please contact us using the details above.
2. The information we collect
We may collect and process the following information about you:
Personal information
- name, title, date of birth and sex;
- address, email address and telephone number;
- emergency contact details;
- next of kin details where relevant;
- GP details and other healthcare provider details;
- booking and appointment information;
- payment and billing information;
- correspondence with you.
Health and special category information
Because we are a medical clinic, we may also collect sensitive health information, including:
- medical history;
- current symptoms and reason for consultation;
- medications and allergies;
- examination findings;
- diagnoses and treatment plans;
- investigation requests and results;
- referrals and correspondence from other clinicians;
- safeguarding information where relevant;
- consent records.
Website and technical information
When you use our website, we may collect:
- IP address;
- browser type and device information;
- pages visited and time spent on the site;
- cookie preferences;
- analytics information.
3. How we collect your information
We collect information:
- directly from you when you contact us, register, book, complete forms or attend consultations;
- from parents or guardians where appropriate for children;
- from other healthcare providers involved in your care;
- from laboratories, hospitals, pharmacies or other clinicians;
- through our website and cookie tools;
- from our clinical systems and payment providers.
4. How we use your information
We use your personal information to:
- register you as a patient;
- provide medical advice, treatment and ongoing care;
- assess suitability for services, tests, procedures or prescriptions;
- arrange referrals, investigations and follow-up;
- communicate with you about your appointments and care;
- process payments and manage accounts;
- keep accurate clinical records;
- respond to complaints, incidents or concerns;
- comply with our legal, regulatory and professional obligations;
- monitor and improve the quality and safety of our services.
The Watermill Clinic operates regular governance reviews, audits, incident reporting and quality improvement processes, and these activities may involve reviewing relevant records where necessary.
5. Lawful bases for processing
Under UK data protection law, we rely on one or more of the following lawful bases:
- Performance of a contract – where we need your information to provide requested services.
- Legal obligation – where we must comply with legal or regulatory duties.
- Legitimate interests – where it is necessary for the operation, safety and improvement of our clinic, provided your rights do not override those interests.
- Vital interests – in urgent situations where necessary to protect someone’s life.
- Consent – where we ask for your permission for a specific purpose.
Because health information is special category data, we also rely on additional conditions for processing, including where processing is necessary for the provision of health care, medical diagnosis, treatment management, safeguarding, public health purposes, legal claims, or where you have given explicit consent.
6. The systems and providers we use
To run the clinic safely and efficiently, we use trusted third-party providers to support booking, records, diagnostics and documentation. These may include:
Semble
We use Semble as our clinical practice management system for functions such as appointment booking, patient records, invoicing, communications and payment administration. Payment card details are not stored by The Watermill Clinic directly but may be held securely by our payment and practice management providers in accordance with their own privacy policies.
Randox
We use Randox for laboratory and pathology services, including processing blood tests and other investigations where required for your care.
Heidi
We may use Heidi, a secure AI-powered clinical transcription tool, to assist with documenting consultations accurately and efficiently. Any use of Heidi is solely to support clinical note-keeping and your care. Information processed through such tools is handled confidentially.
Call recording systems
Telephone calls to or from the clinic may be recorded for training, quality assurance, patient safety, and to help us resolve complaints or concerns. Recordings are kept only as long as reasonably necessary.
We ensure that any third-party providers we use are subject to appropriate contractual, confidentiality and data protection obligations.
7. Who we may share your information with
We only share your information where necessary, lawful and proportionate.
This may include:
- clinicians and staff within The Watermill Clinic involved in your care;
- your NHS GP, with your consent or where clinically necessary;
- hospitals, specialists, laboratories and diagnostic providers;
- pharmacies and dispensing providers;
- software and IT providers supporting our systems;
- professional advisers, insurers or indemnity organisations where required;
- regulators, safeguarding bodies, courts, the police or other authorities where required by law.
Patient records are stored in a secure electronic patient record system, access is role-based, and audit trails are in place.
We do not sell your personal data.
8. How we store and protect your information
We take appropriate technical and organisational measures to keep your information secure. These include:
- secure electronic patient record systems;
- encryption where appropriate;
- access controls based on job role;
- audit trails;
- staff confidentiality obligations;
- mandatory GDPR training for staff;
- secure backups;
- procedures for incident reporting and breach management.
Any data breaches are reported to the ICO within 72 hours where required.
9. How long we keep your information
We keep records only for as long as necessary and in accordance with legal, regulatory and professional requirements.
Clinical records are retained in line with the NHS Records Management Code of Practice for Health and Social Care, which remains the main retention framework for health records in England.
The exact retention period will depend on the type of record and the circumstances. We may retain some information longer where needed for patient safety, safeguarding, legal claims or regulatory reasons.
10. Website cookies and analytics
Our website may use cookies and similar technologies to make the site work, improve performance, remember preferences and help us understand how visitors use the site.
These may include:
- strictly necessary cookies;
- analytics or performance cookies;
- functionality cookies;
- third-party cookies where relevant.
We will provide a cookie banner or consent tool where required. Consent for non-essential cookies must be clear and properly obtained, rather than buried within a general privacy policy.
You can also control cookies through your browser settings.
11. Marketing communications
We may send you service updates, health information or marketing communications only where we are allowed to do so by law.
You can opt out of marketing communications at any time by:
- clicking unsubscribe in emails; or
- contacting us directly.
We will not send marketing about services unrelated to your care without an appropriate lawful basis.
12. Children’s information
We provide care to children as well as adults. Where appropriate, we may collect information from parents or guardians and may communicate with them in relation to a child’s care, subject to legal and professional rules around capacity, consent and confidentiality.
13. Your rights
You have rights over your personal information, including the right to:
- request access to your information;
- request correction of inaccurate or incomplete information;
- request erasure in some circumstances;
- object to certain uses of your information;
- request restriction of processing in some circumstances;
- request transfer of certain information where applicable;
- withdraw consent where we rely on consent.
These rights are not absolute and may be limited where we must retain or use information for medical care, legal obligations, safeguarding or other lawful reasons.
To exercise your rights, please contact us using the details above.
14. Complaints
If you have concerns about how we handle your personal information, please contact us first so we can try to resolve the issue.
You also have the right to complain to the Information Commissioner’s Office:
15. External links
Our website may include links to third-party websites. We are not responsible for the privacy practices of those websites, and you should read their own privacy notices.
16. Changes to this policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page, and the updated version will apply from the date shown at the top.