Privacy Policy

This Privacy Policy explains how we collect, use, store and share personal data in accordance with UK GDPR, the Data Protection Act 2018 and PECR where applicable.

Personal data means information that can identify a living person. Some of the information we process is special category health data, which requires additional protection.

We only collect and use information that is relevant and necessary for safe clinical care, appointment management, communication, payment administration, service improvement, governance and legal or regulatory compliance.

Nottingham Ear Clinic is the data controller for personal data processed in relation to our services.

Data Protection Lead: Nottingham Ear Clinic
Address: 200 Derby Road, Stapleford, Nottingham, NG9 7AY
Telephone: 0115 837 2252
Email: care@nottinghamearclinic.co.uk
Website: www.nottinghamearclinic.co.uk

Depending on the service you use, we may collect identity data, contact details, date of birth, appointment and booking information, payment records, clinical notes, symptoms, medical history, medication history, allergies, procedure records, aftercare advice, communication records, feedback and complaint correspondence.

For ear and hearing care, we may also record clinical findings such as otoscopy or video-otoscopy findings, ear images or video recordings where clinically useful, hearing screening information, swab information, prescription records, onward referral information and relevant correspondence with other healthcare professionals.

Payment card information is handled by our payment or booking provider. We do not intentionally store full card details on our own systems.

We process personal data where it is necessary to provide booked services, manage appointments, fulfil legal or regulatory obligations, maintain safe records, respond to enquiries and support the safe running of the clinic.

Where we process health information, this is usually because it is necessary for the provision of healthcare, clinical assessment, treatment, medical record keeping, safeguarding, governance or related healthcare administration.

Where consent is required, for example for certain marketing communications or use of identifiable images for non-clinical purposes, we will ask for your explicit permission.

We may use your information to book and manage appointments, confirm identity, conduct clinical assessments, provide treatment and aftercare, communicate appointment details, issue invoices, manage payments, maintain clinical records, respond to enquiries, investigate incidents or complaints, support safeguarding and improve service quality.

Your clinical information may be used to support safe decision-making, document findings, explain results and decide whether treatment, follow-up, audiology input, prescription advice or onward referral may be appropriate.

We may also use information for audit, training, service improvement and clinical governance, provided this is done appropriately and confidentially.

Where clinically appropriate or legally required, we may share relevant information with healthcare professionals involved in your care, including your GP, NHS services, hospital teams, audiologists, laboratories, imaging providers, insurers where authorised, regulatory bodies such as the Care Quality Commission, professional advisers and IT or system providers who support our services.

Information is shared only where there is a lawful basis and where it is necessary, proportionate and relevant. We do not sell or broker your personal data.

We will not share your information with third parties for marketing purposes without your explicit consent.

We use appropriate technical and organisational measures to protect personal information from loss, misuse, unauthorised access, alteration or disclosure.

Access to records is restricted to staff and clinicians who need information to provide care, manage bookings, administer accounts, support governance or meet legal and regulatory requirements.

Where external providers process data on our behalf, they are expected to be bound by confidentiality and appropriate data processing arrangements.

Clinical records for adult patients are usually retained for 8 years after the end of the care relationship or contract, unless a longer period is required for legal, regulatory, governance, safeguarding or dispute-related reasons.

When information is no longer required, it is securely deleted or destroyed in accordance with our data protection responsibilities.

Under data protection law, you may have rights to access your data, request correction of inaccurate information, request erasure where applicable, restrict processing where applicable, object to certain processing, request data portability where applicable and withdraw consent where processing relies on consent.

Some rights may be limited where we must retain information for clinical, legal, safeguarding, regulatory or governance reasons. If we cannot comply fully with a request, we will explain why.

You may request a copy of personal information we hold about you. To protect confidentiality, we may require identification before releasing information.

We may ask for one photographic ID, such as a passport or driving licence, plus a supporting document such as a recent utility bill.

Requests can be sent to care@nottinghamearclinic.co.uk or made in writing to the clinic. We normally respond within one calendar month. Where a request is complex or numerous, this may be extended by up to two further months in accordance with UK GDPR.

CCTV may operate within clinic premises for safety, security and crime prevention. CCTV is positioned in non-clinical, non-private areas only and is not used in consultation or treatment rooms.

During ear examinations, clinical images or video recordings may be taken using equipment such as video-otoscopy. These may be used to document findings in your clinical record, explain findings to you, support clinical decision-making or request advice from an appropriately qualified clinician where required.

Clinical images or recordings will not be used for marketing purposes without your explicit permission. You may decline clinical image or video recording; please tell your clinician if you do not consent.

If a personal data breach occurs, we will assess the risk and take appropriate action. Where required, we will notify the Information Commissioner’s Office within statutory timescales.

If a breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay and provide information on recommended steps where appropriate.

If you are concerned about how your personal data has been handled, please contact us first so we can review and respond to your concern.

You also have the right to complain to the Information Commissioner’s Office:

Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk