Skip to main content

Dataprotection Policy

Patient Privacy Policy

This notice explains why we collect personal information about you, how that information may be used, and the rights you have regarding your personal data.

Why We Collect Your Personal Data

Our practice is committed to providing high-quality healthcare. To do this effectively, we must collect and use personal information about you, including sensitive health information. Without this data, it would be extremely difficult to deliver safe and effective care.

Your personal data is used to provide healthcare services such as medical testing and examinations, diagnosis, treatment, and the management of preventative or occupational medications.

Types of Personal Data We Collect

Depending on the nature of your visit or treatment, we may collect general personal information such as your name, contact details, and banking information. We may also collect sensitive health information relating to your physical or mental health, including details of medical conditions, disabilities, medical history, treatments, and physiological or biomedical data.

Legal Basis for Using Your Personal Data

In most cases, we process your personal data because you have requested our services and given your consent. In certain situations, explicit consent may be required, and we will provide you with all relevant information to help you make an informed decision.

There are circumstances where we may be legally required to process your data, where it is necessary to protect your vital interests, or where processing is justified in the public interest and outweighs confidentiality considerations.

Sources of Your Personal Data

We usually collect personal data directly from you. However, we may also obtain information from relatives, other GPs or healthcare professionals, and from test results or diagnostic reports. If we receive your data from another source, we will inform you.

Use of Patient Management Systems

We use Semble, a secure patient management system, to store and manage patient records and administrative information. Semble acts as a data processor on our behalf, while we remain the data controller for your personal data, in accordance with the UK General Data Protection Regulation (UK GDPR).

Semble processes personal data only on our documented instructions and is contractually required to comply with the UK GDPR and the Data Protection Act 2018. The system applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including encryption of data, role-based access controls, audit logs, and secure hosting within approved data centres.

These measures are designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in line with Article 32 of the UK GDPR. Access to patient data within Semble is strictly limited to authorised personnel who require access for legitimate clinical or administrative purposes. This system supports our obligations to ensure the confidentiality, integrity, and availability of personal data at all times.

How We Process Your Personal Data

We process patient personal data as part of the routine operation and management of our clinical services. This includes registering patients, verifying identity, scheduling and managing appointments, maintaining medical records, recording clinical notes, test results and correspondence, issuing prescriptions, managing referrals, billing and payment processing, and communicating with patients regarding their care. Personal data may also be processed for clinical audit, quality assurance, staff training, regulatory compliance, safeguarding, and reporting obligations.

In addition, we may use digital tools and automated systems, including machine learning–enabled features, to support administrative efficiency, clinical decision support, data analysis, and service improvement. These technologies are used to assist healthcare professionals, not to replace clinical judgement. Any automated or machine-assisted processing is carried out in accordance with the UK GDPR, using appropriate safeguards to protect patient rights and freedoms. Where required by law, meaningful human oversight is maintained, and patients will not be subject to decisions based solely on automated processing unless permitted under applicable data protection legislation.

All processing activities are undertaken lawfully, fairly, and transparently, and only for purposes that are necessary, relevant, and proportionate to the delivery of safe and effective healthcare.

Sharing Your Personal Data

Your personal data may be shared with healthcare authorities, NHS Trusts, special health authorities, legal authorities, and ambulance services where necessary. With your consent and under strict data-sharing agreements, information may also be shared with social services, educational services, local authorities, voluntary organisations, and private sector providers.

Any transfer of personal data outside the EU will only occur where strict legal safeguards are in place.

How We Protect Your Personal Data

We recognise that your personal data belongs to you and have a duty to keep it confidential, secure, and accurate. Your information is only retained for as long as necessary for the purposes for which it was collected.

Where further use of your data is required, we ensure this is lawful. When storing data, we take appropriate steps to prevent identification of individuals through unauthorised access.

Your Rights as a Patient

Your personal data is protected under the General Data Protection Regulation (GDPR). We are required to respond promptly to requests relating to your data.

You have the right to:

  • Access your personal data

  • Request correction or deletion of your data

  • Request transfer of your data to another provider

  • Object to or restrict the use of your data

  • Not be subject to decisions made solely by automated processing, except where permitted by law

Where consent has been given, you may withdraw it at any time unless we are legally required to retain the data. You also have the right to opt out of marketing communications and to be informed of data security incidents that may affect you.

You may raise a complaint with the data protection supervisory authority if you have concerns. Requests to access your medical records can be made via our website or directly to the practice. Under the Data Protection Act, patients are entitled to a copy of their medical records; requests must be made in writing to the Practice Manager.

Data Protection Authority

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Textphone: 01625 545860
Email: international.team@ico.org.uk

Website Privacy Policy

This Privacy Policy applies to the THE SCHOEMAN CLINIC website (“Website”) and explains how we collect, use, and protect your personal information. It applies only to this Website.

We reserve the right to update this Privacy Policy at any time. The most recent update was on 25 January 2026, and users are encouraged to review it periodically.

Information We Collect

Information You Provide Voluntarily

We may collect personal details such as your name and email address when you submit a contact form, subscribe to a newsletter, or leave a comment.

Automatically Collected Information

When you use the Website, we may automatically collect information such as your IP address, browser type, operating system, referring websites, pages visited, and access times. We may also collect information about interactions with the Website, such as links clicked.

Cookies

The Website uses session and persistent cookies to enhance your browsing experience. Cookies are small data files stored on your device and may be deleted or disabled through your browser settings.

How We Use Your Information

Information collected may be used to:

  • Operate and maintain the Website

  • Send newsletters or promotional communications (with unsubscribe options provided)

  • Send administrative or security-related messages

  • Respond to enquiries or comments

  • Monitor and analyse Website usage and performance

  • Prevent unauthorised or unlawful activity

Third-Party Data Use

We may share your data with third parties only where you have authorised us to do so. The Website also uses third-party service providers, whose handling of data is governed by their own privacy policies.

Current third-party providers include:

  • Google Analytics – to analyse Website traffic and usage (IP addresses may be collected)

  • Google Maps – providing the location of the clinic on the website (IP addresses may be collected)

  • MailChimp – for email communications and newsletters

We do not sell or distribute your personal data unless required by law or as part of a business transfer, merger, or restructuring.

Anonymous Data

We may use anonymised data that does not identify you personally. This data may be shared for analytical, marketing, or advertising purposes.

Advertising and Retargeting

The Website may use third-party remarketing services such as Google, Facebook, or Instagram.

These services use cookies to display ads based on previous visits to the Website.

Newsletters

Newsletter emails may include tracking pixels to measure engagement, such as email opens and link clicks. This information is used to improve content and is not shared with third parties.

Your Rights

You have the right to:

  • Opt out of email communications

  • Access your personal data

  • Request updates or corrections

  • Request deletion of your data, where legally permitted

Some information may be retained where required for legal or administrative purposes.

Accuracy of Information

All content on this Website is provided for general information only. We make no guarantees regarding accuracy or completeness and accept no liability for errors, omissions, or reliance on this information.

External Links

The Website may contain links to third-party sites. We are not responsible for the privacy practices or content of external websites, and users should review their privacy policies separately.

Children’s Privacy

The Website does not knowingly collect personal information from children under 16. If such information is identified, we will promptly remove it upon notification.

Contact

If you have any questions regarding this Privacy Policy, please contact us via email.

info@theschoemanclinic.com

Latest update 02/2026