Dr Nadia Yousri Privacy Notice

Privacy Notice

Dr NY Clinic is committed to protecting your personal information and handling it lawfully, fairly and transparently. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and relevant healthcare guidance including the Records Management Code of Practice for Health and Social Care.

For the purpose of data protection law, Dr NY Clinic is the Data Controller. For any data protection queries, please contact us using the details published on our website.

What Information We Collect

We may collect personal information when you:

• Complete contact or enquiry forms
• Book or request an appointment
• Subscribe to updates
• Communicate with us by email or telephone

This may include your name, address, email address, telephone number and relevant information about your enquiry.

Where you become a patient of the clinic, we will also collect and maintain clinical information necessary to provide safe and appropriate healthcare. This may include medical history, consultation notes, treatment records, correspondence and relevant health information.

We may also collect limited technical information automatically when you use our website, such as IP address, browser type and website usage data. This helps us maintain security and improve our services.

How We Use Your Information

We use your personal data to:

• Respond to enquiries and provide services
• Manage appointments and patient records
• Provide safe and appropriate medical care
• Meet legal, regulatory and professional obligations
• Improve our website and services
• Send marketing communications where you have provided consent

We do not sell personal information.

Lawful Basis for Processing

Under UK GDPR we must identify a lawful basis for processing personal data.

General personal data is processed under one or more of the following lawful bases:

• Your consent
• Performance of a contract
• Compliance with legal obligations
• Legitimate interests in operating and improving our services

Where we process health or medical information, this is classed as special category data under UK GDPR. Such data is processed in accordance with Article 9(2)(h), which permits processing necessary for the provision of health care and medical treatment.

Confidentiality and Sharing

Patient confidentiality is fundamental to our service. Personal information is only shared where necessary for the provision of care, administration of services, or where required by law.

Information may be shared with:

• Healthcare professionals involved in your care
• Laboratories or diagnostic providers
• Secure clinical software and data storage providers
• Regulators or authorities where required by law

We implement appropriate technical and organisational safeguards to protect your data. While we take all reasonable steps to secure online communications, transmission via the internet cannot be guaranteed to be completely secure.

Data Retention

Personal data is retained only for as long as necessary in line with legal, clinical and regulatory requirements.

Healthcare records are retained in accordance with the Records Management Code of Practice for Health and Social Care and other applicable professional guidance.

Your Rights

Under UK data protection law, you have the right to:

• Access your personal data
• Request correction of inaccurate information
• Request erasure where appropriate
• Restrict or object to processing
• Request data portability

You also have the right to raise concerns with the Information Commissioner’s Office (ICO):
www.ico.org.uk

Cookies

Our website uses cookies to support functionality and improve user experience. Further details are available in our Cookie Policy.

Any Questions?

If you have any queries regarding this Privacy Notice, please contact us at info@drnyaesthetics.com.

This notice is reviewed periodically to ensure compliance with current data protection law and regulatory guidance.