Privacy notice for website users

You are here:

This privacy notice sets out how Harley Street Specialist Hospital handles and protects information that you provide when using our website www.hssh.health

You may also want to read our website terms and conditions and patient privacy policy.

  1. About Us
    1. Medical Innovations Centre Ltd (Harley Street Specialist Hospital) is a registered company (no. 11986463). Our registered office at Fifth Floor, 11 Leadenhall Street, London, England, EC3V 1LP. Throughout this notice, the terms “Harley Street Specialist Hospital”, “we”, “us” or “our” are used.
    2. We are the data controller and are responsible for your personal data.
    3. We have appointed a data protection officer. If you have any questions about this privacy notice or our privacy practices, please get in touch using the contact details in section 11.
  2. About this privacy notice
    1. This privacy notice sets out how we will collect and process your personal data through your use of our website.
    2. You should read this notice carefully together with any other privacy or fair processing notice that we provide on our website.
  3. Information we collect about you
    1. Personal data means any information about an individual from which they can be identified.
    2. We collect, use, store and transfer different types of personal data about you, which we have summarised below.
      • Identity data
        This includes your full name, title or marital status.
      • Contact data
        This includes your email address and/or telephone number.
      • Technical data
        This includes your IP address, geographical location, browser type and version, operating system, referral source, length of visit and page views.
      • Communications data
        This includes your preferences for how we contact you.
      • Usage data
        This includes information about how you use our website and whether you have engaged with certain online campaigns that we are running.
      • Marketing data
        This includes your preferences for receiving marketing from us.
      • Profile data
        This includes feedback and opinions that you provide to us when responding to surveys.
      • Special categories of personal data
        This includes any information you provide to us via our website about your health and medical conditions, genetic and biometric data, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation. It also covers political views, or trade union membership. These types of information have additional safeguards under data protection legislation.
      • Aggregated and anonymous data
        This includes statistical or demographic data that may be derived from your personal data, but we cannot use it to directly or indirectly identify you.
  4. How we obtain your information
    1. You can provide us with information about yourself using the forms on our website. This is how we obtain most of the identity, contact, financial, transaction, communications, marketing, profile and special categories of personal data summarised above.
    2. Please be aware that we make use of automated technologies to collect technical and usage data about you. You should read our Cookies Notice for more information.
    3. We use third parties to power some of the functions on our website. They may provide us with transaction, technical and usage data information about you.
    4. We may match up information obtained via our website with other information that we hold about you. For example, if you are a registered patient and contact us through our website with a query about your bill.
  5. How we use your information
    1. We have summarised how we use your personal data below.
      • To deal with your query or request. Depending on the nature of your query, we may use your identity, contact, financial, transaction, payment, profile, or special category data to respond. We may process this information under the following legal grounds: performance of a contract, legitimate interest, consent or provision of medical care.
      • To administer and protect our business. We may process your identity, contact and technical data for troubleshooting, data analysis, testing, systems maintenance and reporting. This is necessary for our legitimate interests and in some cases to comply with our legal obligations.
      • To deliver relevant website content to you, understand the effectiveness of our website and improve our website, content and user experience.
      • We may process your identity, contact, usage, communications, profile and technical information. This is necessary for our legitimate interests.
      • To keep a note of your preferences on how you want to engage with Harley Street Specialist Hospital. We may process your identity, contact, usage communications and technical information. This is necessary for our legitimate interests.
    2. We may process your personal data on more than one legal ground, depending on the specific purpose for which we are using it.
    3. We will only use your personal data for the purposes for which we collected it or for another reason that is compatible. If you would like more information, please get in touch using the contact details in section 11.
  6. Sharing your information
    1. Depending on the purpose for which we obtained your information, we may need to share it, as relevant, with our:
      • Consultants
      • Suppliers and collaborators
      • Regulators, authorities or government bodies
      • Professional advisers, including insurers
    2. We will never share your information with third parties so that they can market their goods and services to you.
  7. Security
    1. We have put in place appropriate security measures to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
    2. We also limit access to your information to those employees, agents, contractors and other third parties who have a business need to know. They will only act on our instructions and they are subject to a duty of confidentiality.
    3. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
  8. Controlling your personal information
    1. 8.1. For issues relating to the access to your medical records please contact governance@HSSH.health.
    2. 8.2. The Data Protection Act 2018 gives you various rights in relation to your personal data. We have summarised these below.
      • Right to access
        This is known as a data subject access request. You can receive a copy of the personal data that we hold about you.
      • Right to request corrections
        You can correct any incomplete or inaccurate personal data that we hold about you.
      • Right to erasure
        You can ask us to delete or remove your personal data where:

        • There is no good reason for us continuing to process it.
        • You have successfully exercised your right to object to processing.
        • We may have processed your information unlawfully.
        • We are required to erase your personal data to comply with a local law.
        • We cannot always fulfil your request if there are specific legal reasons requiring us to retain your personal data.
        • We will explain these to you, if applicable, when responding to your request.
      • Right to object to processing
        You can object to our processing of your personal data if:

        • We are relying on legitimate interests and you feel it impacts on your fundamental rights and freedoms.
        • We may be able to demonstrate compelling overriding legitimate grounds for the processing.
        • We are processing for direct marketing purposes.
      • Right to request restriction of processing
        You can ask us to suspend processing of your personal data if:

        • You want us to establish the data’s accuracy.
        • Our use your personal data is unlawful, but you do not want us to erase it.
        • You need use to hold the data to establish, exercise or defend legal claims, even if we no longer require it.
        • You have objected to our use of your data, but we need to verify whether we have overriding legitimate interests to use it.
      • Right to request transfer
        You can request that we provide you or your chosen third party with your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information that you consented to us using or where we used the information to perform a contract with you.
      • Right to withdraw consent
        If you gave us consent to process your personal data, you can withdraw that consent at any time.
    3. If you have any questions about your rights or would like to exercise them, please contact our data protection officer using the contact details in section 11.
    4. We may need certain information from you to help us confirm your identity and verify your rights. This is a security measure to ensure we do not disclose personal data to someone that does not have the right to receive it.
    5. We aim to respond to all legitimate requests within 1 month. We will notify you if we believe it will take longer than this, for example if your request is complex or if you have made numerous requests.
    6. We do not generally charge a fee if you want to exercise any of your rights under the Data Protection Act 2018.
    7. If your request is clearly unfounded, repetitive or excessive we reserve the right to charge a reasonable fee or may refuse to comply with your request.
  9. Data Retention
    1. We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
    2. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
    3. To determine the appropriate retention period for personal data, we consider: the amount, nature and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure of your personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; and the applicable legal, regulatory, tax, accounting or other requirements.
  10. Third party links
    Our website contains links to third party materials, resources, websites, plug-ins and applications. These are outside of our control and you should check the privacy notices of all third parties carefully.
  11. Contact us
    If you would like to get in touch about this privacy notice, our privacy practices or to exercise your rights under the Data Protection Act 2018, please contact Our Caldicott guardian, caldicott@hssh.health.
  12. Complaints
    Please contact us if you have any concerns about our privacy practices, patientsatisfaction@hssh.health. We value the opportunity to respond to your query and will do our best to resolve an issue.
    You also have the right to raise a complaint with the Information Commissioner’s Office at any time using the contact details available at www.ico.org.uk.
  13. Downloading this privacy notice
    If you would like a copy of this privacy notice in full, please right-click while on this page and use the ‘Save as’ option provided by your browser.
  14. Updates to this privacy notice
    We may make changes to this privacy notice from time to time by updating this page. You should check back regularly to ensure that you have read and understand any changes.