Privacy policy
This Privacy Policy sets out details of the information that UME Health and the clinicians responsible for your diagnostics, outpatient appointments and treatment may collect from you, and how that information may be used. Please take your time to read this Privacy Policy carefully.
In this Privacy Policy we:
- provide you with a detailed overview of how we will manage your data, from the point at which it is collected and onwards.
- provide all the details on how we use your information, and how we will comply with the law in doing so.
- set out your rights in respect of your personal information, and how to exercise these rights. For example, you can seek access to your medical information, object to us using your information in particular ways and request rectification of any inaccurate information.
We are always open to improvement; if you have any feedback on this Policy please contact our Data Protection Lead (contact details shared below).
About us
In this Privacy Policy we use “we” or “us” or “our” or “UME Health” to refer to the UME Health company who is using your personal information, and the clinicians who provide your diagnostics, outpatient appointments and treatment.
UME Health, 17 Harley Street, London WIG 9QH Company Registration No. 0C318561.
How to contact us
The Data Protection Lead helps ensure that UME Health complies with data protection law. Our Data Protection Lead has responsibility for data protection compliance in respect of Harley Street Medical Centre.
The Data Protection Lead can be contacted by:
- Email: linsee.richards@umegroup.com
- Post: Data Protection Lead, UME Health, 17 Harley Street, London WIG 9QH
If you would like further information about any of the matters in this Privacy Policy or if you have any other questions about how we collect, store or use your personal information, please contact us using the details above.
1. Your personal data and clinicians
As a patient of UME Health, your diagnostics, outpatient appointments and treatment may be provided by a clinician who is a medical practitioner. For reference purposes, we refer to them simply as ‘clinicians’ throughout this Privacy Policy. These clinicians make decisions about what information is collected about you, and may maintain their own set of medical records in relation to the services that they provide you as their patient. They are a Data Controller with regards to your personal information which they hold within those records; meaning they must comply with the General Data Protection Regulation (GDPR) and relevant guidance when handling your personal information. To the extent relevant to their practice, you can expect clinicians and their medical secretaries to handle your information in line with this Privacy Policy. This includes using your personal information as set out in more detail below.
- Clinicians who work with UME Health (including their medical secretaries) are expected to handle your personal data in accordance with the principles set out within this Privacy Policy. This means that whenever they use your personal data, they will only do so as set out in this Privacy Policy.
- Clinicians who work with UME Health (including their medical secretaries) may process your personal information at a non-Harley Street Medical Centre site (medical or non-medical).
Should you have any concerns about the way your clinician has handled your personal information please contact the Data Protection Lead.
2. Your personal information
As a patient of UME Health, the personal information we hold about you may include the following:
- Name
- Contact details, such as postal address, email address and telephone number (including mobile number)
- Financial information, such as card payment receipts and billing address
- Occupation
- Emergency contact details, including next of kin
- Background referral details
Special Categories Personal Information
As a patient of UME Health, we will hold information relating to your medical treatment. This is known as a special category of personal data under the law, meaning that it must be handled even more sensitively. The special categories of personal information we hold about you may include the following:
- Details of your current or former physical and/or mental health. This may include information about any healthcare you have received (both from UME Health directly and other healthcare providers such as GPs, dentists or hospitals (private and/or NHS)) or need, including about clinic and hospital visits and medicines administered. Further details on the way in which we handle such information are included below.
Special Categories Personal Information (continued)
- Details of services you have received from us
- Details of your nationality, race and/or ethnicity
- Details of your religion
- Details of any genetic data or biometric data relating to you
- Data concerning your sex life and/or sexual orientation
3. How we collect your information
We may collect personal information from our patients from a number of different sources including (but not limited to):
- GPs
- Other hospitals, both NHS and private
- Clinicians (including their medical secretaries)
- Dentists
- Mental health providers
- Commissioners of healthcare services
Directly from you:
Personal information may be collected directly from you when:
- You enter into a contract with UME Group for the provision of healthcare services
- You use those services
- You make an online payment via the UME Group website
- You complete enquiry forms on the UME Group website
- You submit a query to us including through our website, by email or by social media
- You correspond with us by letter, email, telephone
- You sign-up to our newsletter on our website
- You take part in our marketing activities
From other healthcare organisations:
Our patients usually receive healthcare from other organisations in addition to UME Group. In order to provide you with the best service possible we may need to collect personal information about you from other organisations. This may include:
- Medical records from your GP
- Medical records from your clinician (including their medical secretaries)
- Medical records from the NHS or any private healthcare organisation
- Medical records from your dentist
From third parties:
As detailed, it is often necessary to seek information from other healthcare organisations. We may also collect information about you from third parties when:
- You are referred to us for the provision of healthcare services
- We liaise with your private medical insurance policy provider
- We liaise with your current or former employer, health professional, embassies, solicitors, medico legal companies or other treatment or benefit provider
- We deal with experts (including medical experts) and other service providers about services you have received or are receiving from us
- We liaise with debt collection agencies
- We liaise with Government agencies, including the Ministry of Defence, the Home Office and HMRC
4. How we communicate with you
We are likely to communicate with you by telephone, SMS, email, post and fax. If we contact you using the telephone number(s) which you have provided (landline and/or mobile), and if our call is directed to a voicemail and/or answering service, we are likely to leave a voice message on your voicemail and/or answering service as appropriate.
However, please note:
- to ensure that we provide you with timely updates and reminders in relation to your healthcare (including basic administration information and appointment information), we may communicate with you by SMS and/or unencrypted email (where you have provided us with your email address) in each case using the SMS number and/or email address you have provided on your patient registration form.
- to provide you with your medical information (including test results and other clinical updates) and/or invoicing information, we may communicate with you by email where you have provided us with your email address on the patient registration form.
- If we have your mobile number or your email address we may in future use this method of communication to contact you regarding patient surveys which are for the purpose of improving our service or monitoring outcomes and are not a form of marketing.
- We are not relying on your consent to process your personal data in order to correspond with you about your diagnostics, outpatient appointments or treatment. As set out further below, we process your personal data for these purposes on the basis that the personal data is necessary to provide you with healthcare services.
5. How we use Patient Satisfaction Surveys
As detailed above, we may ask you to participate in surveys regarding your appointment with UME Group. The surveys may be provided post-treatment in hardcopy at our facility Reception, sent by email or SMS, or completed online via the UME Group website.
This is not a form of marketing and the surveys do not try to sell you any further products or services; our intention is solely to gather information relating to your experience of UME Health, for the purposes of improving the quality and safety of the services we offer to future patients. It is necessary for us to process your personal data in order to contact you with these surveys, on the basis of our appropriate business needs and to improve the quality of the healthcare services we offer.
Participation in the Patient Satisfaction Surveys is entirely voluntary. You may decide not to complete the surveys and, if sent by email or SMS, you will have the option to unsubscribe from receiving further survey invitations. You may also be given the opportunity to proactively opt into receiving a call back to further discuss your survey responses.
6. How your information is used
We may ‘process’ your information for a number of different purposes, which is essentially the language used by the law to mean using your data. Each time we use your data we must have a legal justification to do so. The particular justification will depend on the purpose of the proposed use of your data. When the information that we process is classed as “special category of personal information”, we must have a specific additional legal justification in order to use it as proposed.
Generally we will rely on the following legal justifications, or ‘grounds’:
- Taking steps at your request so that you can enter into a contract with UME Health and/or clinician to receive healthcare services from us.
- For the purposes of providing you with healthcare pursuant to a contract between you and UME Health and / or clinician. We will rely on this for activities such as supporting your medical treatment or care and other benefits, supporting your doctor, nurse, carer or other healthcare professional and providing other services to you.
- We have an appropriate business need to process your personal information and such business need does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and monitoring outcomes.
- We have a legal or regulatory obligation to use such personal information.
- We need to use such personal information to establish, exercise or defend our legal rights.
- You have provided your consent to our use of your personal information.
Appropriate business needs
Where we refer to use for our appropriate business needs, we are relying on this legal ground.
Special categories of personal information include information about you as a patient of Harley Street Medical Centre are:
- Health
- Sex life
- Sexual orientation
- Ethnicity
- Political opinions
- Religious or philosophical beliefs
- Genetic or biometric information
The right to object to other uses of your personal data
As a patient of UME Health, you have a range of rights in respect of your personal data, as set out in detail in the section entitled “Your rights”. This includes the right to object to Harley Street Medical Centre using your personal information in a particular way (such as sharing that information with third parties), and we must stop using it in that way unless specific exceptions apply.
Legal grounds for our processing purposes
- To set you up as a patient on UME Health's systems including carrying out fraud, credit, anti-money laundering and other regulatory checks
Legal ground:
- Taking the necessary steps so that you can enter into a contract with us for the delivery of healthcare.
- To provide you with healthcare and related services
Legal grounds:
- Providing you with healthcare services
- Fulfilling our contract with you for the delivery of healthcare
Additional legal grounds for special categories of personal information:
- We need to use your data in order to provide healthcare services to you as appropriate
- The use is necessary to protect your vital interests where you are physically or legally incapable of giving consent
- For account settlement purposes
We will use your personal information in order to ensure that your account and billing is fully accurate and up-to-date
Legal grounds:
- We are providing you healthcare and other related services
- Fulfilling our contract with you for the delivery of healthcare
- We have an appropriate business need to use your information which does not overly prejudice you
Additional legal grounds for special categories of personal information:
- We need to use the data in order to provide healthcare services to you
- The use is necessary in order for us to establish, exercise or defend our legal rights
- Communicating with you and resolving any queries or complaints that you might have.
Patients may raise queries, or even complaints, with Harley Street Medical Centre. We take these communications very seriously. Our approach is to resolve such matters fully and properly, and we will need to use your personal information in order to do so.
Legal grounds:
- We are providing you with healthcare and other related services
- We have an appropriate business need to use your information which does not overly prejudice you
Additional legal grounds for special categories of personal information:
- The use is necessary for the provision of healthcare or treatment pursuant to a contract with a health professional
- The use is necessary in order for us to establish, exercise or defend our legal rights
- Communicating with any other individual that you ask us to update about your care and updating other healthcare professionals about your care.
Other healthcare professionals or organisations may also need to know about your treatment in order for them to provide you with safe and effective care, and so we may need to share your personal information with them.
Legal grounds:
- We are providing you with healthcare and other related services
- We have a legitimate interest in ensuring that other healthcare professionals who are routinely involved in your care have a full picture of your treatment
Additional legal ground for special categories of personal information:
- We need to use the data in order to provide healthcare services to you
- The use is necessary for reasons of substantial public interest under UK law
- The use is necessary in order for us to establish, exercise or defend our legal rights
- Complying with our legal or regulatory obligations, and defending or exercising our legal rights
As a healthcare provider, we are subject to a wide range of legal and regulatory responsibilities which we cannot list fully here. We may be required by law or by regulators to provide personal information; in which case we will have a legal responsibility to do so. From time to time, UME Health and its clinicians are also the subject of legal actions or complaints. In order to fully investigate and respond to those actions, it is necessary to access your personal information as relevant.
Legal grounds:
- The use is necessary in order for us to comply with our legal obligations
Additional legal ground for special categories of personal information:
- We need to use the data in order for others to provide informed healthcare services to you
- The use is necessary for reasons of the provision of health or social care or treatment or the management of health or social care systems
- The use is necessary for establishing, exercising or defending legal claims
7. Who we share your information with
From time to time, we may share your personal information within UME Health or with the third parties included below for the purposes described in this Privacy Policy:
- Your clinician (including their medical secretaries)
- A doctor, nurse, carer or any other healthcare professional involved in your treatment
- Other members of support staff involved in the delivery of your care, like receptionists and porters
- Anyone that you ask us to communicate with or provide as an emergency contact, for example your next of kin or carer
- NHS organisations, including NHS Resolution, NHS England, Department of Health
- Other private sector healthcare providers
- Your GP
- Your dentist
- Third parties who assist in the administration of your healthcare, such as private medical insurance companies, embassies, solicitors, medico legal companies or other treatment or benefit providers
- Private Healthcare Information Network
- National and other professional research/audit programmes and registries, as detailed under Purpose 6 above
- Government bodies, including the Ministry of Defence, the Home Office and HMRC
- Our regulators, like the Care Quality Commission, Health Inspectorate Wales and Healthcare Improvement Scotland
- The police and other third parties where reasonably necessary for the prevention or detection of crime
- Our insurers
- Debt collection agencies
- Credit referencing agencies
- Our third party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers
We may communicate with these third parties in a variety of ways including, but not limited to, email, post, fax and telephone.
8. What marketing activities we carry out
We may also use your personal information to provide you with information about products or services which may be of interest to you where you have provided your consent for us to do so.
If you no longer wish to receive marketing emails sent by us, you can click on the “unsubscribe” link that appears in all of our emails, otherwise you can always contact us using the details set out at the top of the page to update your contact preferences.
If you no longer wish to receive non-website based marketing information or for us to provide your information to market research agencies, please contact our Data Protection Lead.
9. How long we keep personal information for
The GDPR requires that personal data should not be held for longer than is necessary for the purpose for which it is being processed. We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations.
It is a fundamental requirement that all of UME Health's records are retained for a minimum period of time for legal, operational and / or safety reasons. The length of time for retaining records will depend on the type of record. Please find below a summary of the various types of data we may hold about you and how long each will be kept.
Records relating to human fertilisation where the individual has undergone fertility treatment, and the Registered Manager is unable to confirm whether or not that patient has given birth to a child as a result of the treatment, are retained for a minimum of 50 years in line with the Human Fertilisation and Embryology Act 1990 (HFEA).
All other medical records are kept for a minimum retention period of 30 years. This is standard in healthcare and has been determined with patient safety in mind.
If you wish to find out more details about our data retention, please contact our Data Protection Lead.
10. How we use and protect your personal information provided when using our website
UME Health is committed to ensuring that your privacy is protected when you provide personal information on our website umehealth.co.uk
Should we ask you to provide certain information by which you can be identified when using our website, you can be assured that it will only be used in accordance with the below statements.
What we may collect on our website
We may collect the following information:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- other information relevant to customer surveys and/or offers
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping
- Reconciling online payments for our services
- We may use the information to improve our products and services
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail. We may use the information to customise the website according to your interests.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by clicking on the “unsubscribe” link that appears in all of our marketing emails, or by contacting us using the details set out at the top of the page.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about our services or third parties which we think you may find interesting if you tell us that you wish this to happen.
11. Your rights
Under data protection law you have certain rights in relation to the personal information that UME Health holds. These include rights to know what information we hold about you and how it is used. You may exercise these rights at any time by contacting us using the details at the beginning of this Privacy Policy.
There will not usually be a charge for handling a request to exercise your rights.
If we cannot comply with your request to exercise your rights we will usually tell you why.
There are some special rules about how these rights apply to health information as set out in legislation including the Data Protection Act (current and future), the General Data Protection Regulation as well as any secondary legislation which regulates the use of personal information.
If you make a large number of requests or it is clear that it is not reasonable for us to comply with a request then we do not have to respond. Alternatively, we can charge for responding.
Your rights include:
The right to access your personal information
You are usually entitled to a copy of the personal information we hold about you and details about how we use it. Your information will usually be provided to you in writing, unless otherwise requested. If you have made the request electronically (e.g. by email) the information will be provided to you encyrpted by electronic means where possible.
Please note that in some cases we may not be able to fully comply with your request, for example if your request involves the personal data of another person.
You are entitled to the following under data protection law.
Under Article 15(1) of the GDPR we must usually confirm whether we have personal information about you. If we do hold personal information about you we usually need to explain to you the following, as outlined in this Privacy Policy:
- The purposes for which we use your personal information
- The types of personal information we hold about you
- Who your personal information has been or will be shared with, including in particular organisations based outside the EEA.
- If your personal information leaves the EU, how we make sure that it is protected
- Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for.
- If the personal data we hold about you was not provided by you, details of the source of the information
- Your right to ask us to amend or delete your personal information
- Your right to ask us to restrict how your personal information is used or to object to our use of your personal information
- Your right to complain to the Information Commissioner’s Office
We also need to provide you with a copy of your personal data.
The right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. If at any point you do not believe this is the case, you can ask us to update or amend your personal information.
The right to erasure (also known as the right to be forgotten)
We may update this Privacy Policy from time to time to ensure that it remains accurate and the most up-to-date version can always be found at: https://umehealth.co.uk/privacy/. In the event that there are any material changes to the manner in which your personal information is to be used then we will provide you with an updated copy of this Privacy Policy.
In some circumstances, you have the right to request that we delete the personal information we hold about you. However, there are exceptions to this right and in certain circumstances we can refuse to delete the information in question. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to restriction of processing
In some circumstances, we must “pause” our use of your personal data if you ask us to. We do not have to comply with all requests to restrict our use of your personal information. In particular, for example, we do not have to comply with your request if it is necessary to keep your information in order to perform tasks which are in the public interest, including public health, or for the purposes of establishing, exercise or defending legal claims.
The right to data portability
In some circumstances, we must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.
The right to object to marketing
You can ask us to stop sending you marketing messages at any time and we must comply with your request.
The right to withdraw consent
In some cases we need your consent in order for our use of your personal information to comply with data protection legislation.
We have explained in the section entitled “What are the purposes for which your information is used?” where we rely on your consent in this way. Where we do this, you have the right to withdraw your consent to further use of your personal information. You can do this by contacting Harley Street Medical Centre’s Data Protection Officer whose details at the top of the page.
The right to complain to the Information Commissioner’s Office
You can complain to the Information Commissioner’s Office if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.
More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.
12. Updates to this Privacy Policy
We may update this Privacy Policy from time to time to ensure that it remains accurate. In the event that these changes result in any material difference to the way in which we process your personal data then we will provide you with an updated copy of the Policy.
This Privacy Policy was last updated on 25th January 2019.
Terms and Conditions
Please take your time to read our terms and conditions. We want to ensure we are providing a positive service to you and therefore it is important that you understand what has been agreed between us. These terms and conditions highlight details of our patient safety procedures, cancellation policy and how to cancel or reschedule an appointment.
If you have any questions about these terms, we will be happy to answer them for you.
1. Patient Safety
To improve the safety of our patients and staff, we are only allowing one companion per clinic visit. Please speak to a member of our team to discuss special arrangements where needed. Children under the age of 16 years must be always accompanied by a parent or guardian.
2. Payment
We only accept payment via card and cash payments are no longer accepted.
3. Cancellation Policy
We operate a cancellation policy for all our imaging services. We require 24 hours’ notice should you wish to cancel or reschedule your appointment. All pre-paid appointments that are cancelled at least 24 hours before the scheduled appointment will be refunded or rescheduled at no cost to the customer. In the event of a missed appointment, failure to cancel 24 hours or more before the scheduled time or a no-show, a cancellation will be levied equal to 50% cost of your scan.
4. Cancelling an Appointment
If you are unable to attend your appointment or would like to reschedule, please notify our Bookings Team by calling 0207 467 6190 option 1 or emailing at least 24 hours before your scheduled appointment time. We will gladly make every effort to accommodate your request.