Book

Dr Nadia Yousri Privacy Notice

Privacy Notice

This Privacy Notice explains what personal data the clinic collects and holds, why it is processed, how it is used and shared, and your rights under UK data protection law.

Dr Nadia Yousri Clinic is the Data Controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Types of Personal Data We Hold

We may hold and process the following categories of personal data:

  • Patient clinical and health information, including medical records and correspondence
  • Patient contact and administrative information
  • Staff employment records
  • Contractor and supplier information

Why We Process Personal Data

For the purposes of this notice, “processing” includes collecting, recording, storing, updating, reviewing, and archiving data.

Patient data is processed to:

  • Provide safe, appropriate, and effective medical care
  • Assess suitability for consultation or treatment
  • Comply with professional, legal, and regulatory obligations

Staff data is processed to meet employment, taxation, and pension obligations.

Contractor data is processed to manage contractual relationships and business operations.

Lawful Basis for Processing

Under UK GDPR, we must identify a lawful basis for processing personal data.

Patient data

Patient personal data, including health data, is processed under the following lawful bases:

  • Article 6(1)(c): compliance with a legal obligation
  • Article 6(1)(e): performance of a task carried out in the public interest
  • Article 9(2)(h): provision of health or social care and treatment

Staff data is processed under legal obligation.

Contractor data is processed where necessary to perform or manage a contract.

Data Sharing

We only share personal data where it is necessary, lawful, and done securely.

Patient data may be shared with:

  • Other healthcare professionals involved in your care
  • Laboratories or diagnostic services where required
  • Secure clinical software and data storage providers

Where data is processed or backed up outside the UK, appropriate safeguards are in place in accordance with UK GDPR.

We do not sell personal data.

Data Retention

Patient clinical records are retained in line with NHS and professional guidance and archived securely where required by law.

Staff employment records are retained for six years after employment ends.

Contractor records are retained for seven years after the contract ends.

Your Rights

Under UK GDPR, you have the right to:

  • Be informed about how your data is used
  • Access a copy of the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request erasure of data where legally applicable
  • Request restriction of processing in certain circumstances
  • Object to processing where applicable
  • Request transfer of your data where lawful and appropriate

Requests can be made by contacting the clinic directly. We will respond within one calendar month.

Complaints

If you have concerns about how your data is processed, please contact the clinic directly.

If your concern is not resolved, you have the right to complain to the Information Commissioner’s Office:

Website: https://www.ico.org.uk/concerns
Telephone: 0303 123 1113

Review

This Privacy Notice is reviewed regularly to ensure continued compliance with data protection law and regulatory guidance.

Document Last reviewed 27/01/2026

Royal College of Obstetricians & Gynaecologists logo
Royal College Of Obstetricians And Gynaecologists Logo
Top Doctors Logo United Kingdom
General medical council logo
Google Review
Dr Nadia Yousri Logo
Treatments
Website Links
contact us
Instagram Facebook Twitter Youtube Linkedin
Opening Hours
  • Monday: 9 am–6:30 pm
  • Tuesday: 9 am–6:30 pm
  • Wednesday: 9 am–6:30pm
  • Thursday: 9 am–6:30 pm
  • Friday: 9 am–6:30 pm
  • Saturday: 9 am–5:00 pm
  • Sunday: Closed