Introduction
This Privacy Policy explains how the practice of Professor Sandip Hindocha (“we”, “us”, “our”) collects, uses, stores and protects your personal information when you visit our website, make an enquiry, or receive care from us. We are committed to protecting your privacy and handling your data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and our professional duty of medical confidentiality.
Who we are
Professor Sandip Hindocha is a consultant plastic, reconstructive and cosmetic surgeon practising across Harley Street (London) and clinics throughout the UK. For the purposes of data protection law, the practice is the data controller for the personal information described in this policy. You can contact us using the details on our Contact page.
The information we collect
Depending on how you interact with us, we may collect:
- Contact and enquiry details – your name, email address, telephone number and the content of any message you send us through our website forms, by email or by phone.
- Appointment and consultation information – details you provide when booking or attending a consultation.
- Health information – relevant medical history, clinical details, photographs and treatment records where you proceed to consultation or care. Health data is “special category” data and is given additional protection under data protection law.
- Website usage data – information collected automatically through cookies and analytics tools, such as your IP address, browser type, device, pages visited and how you found our site.
How we use your information and our lawful bases
We use your personal information to:
- respond to your enquiries and arrange consultations or appointments;
- provide medical assessment, treatment and aftercare;
- maintain accurate clinical and administrative records;
- meet our legal, regulatory and professional obligations; and
- improve our website and understand how visitors use it.
Our lawful bases for processing include your consent (for example, when you submit an enquiry or accept non-essential cookies), the performance of a contract for your care, compliance with a legal obligation, and our legitimate interests in running and improving the practice. Where we process health (special category) data, we additionally rely on the provision of health care and treatment, and the management of health care services, under Article 9 of the UK GDPR.
Cookies and website analytics
Our website uses cookies and similar technologies to function correctly and to help us understand how it is used. We use Google Analytics and Google Search Console (via Google Site Kit) to collect aggregated, statistical information about website traffic. You can control or disable cookies through your browser settings; disabling some cookies may affect how the site works.
Sharing your information
We do not sell your personal information. We may share it only where necessary with: the hospitals and clinics where consultations and procedures take place; other healthcare professionals involved in your care; your GP or referring clinician (with your knowledge); your medical insurer where you are funding treatment through insurance; and trusted service providers who support our practice (such as IT and website providers) under appropriate confidentiality and data-processing agreements. We may also disclose information where required by law or by our professional regulators.
How long we keep your information
We keep enquiry and website data only for as long as necessary for the purpose for which it was collected. Clinical records are retained in line with professional and legal requirements for the retention of medical records in the UK.
Keeping your information secure
We take appropriate technical and organisational measures to protect your personal information against unauthorised access, loss or misuse, and we keep these measures under review.
Your rights
Under data protection law you have the right to access the personal information we hold about you; to request correction of inaccurate data; to request erasure in certain circumstances; to restrict or object to processing; and to data portability where applicable. Where processing is based on consent, you may withdraw that consent at any time. To exercise any of these rights, please contact us using the details on our Contact page.
Complaints
If you have a concern about how we handle your personal information, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, at ico.org.uk.
Changes to this policy
We may update this Privacy Policy from time to time. The latest version will always be published on this page.