Edgbaston Consultants Ltd provides private medical services and expert witness services. Our correspondence address (registered with the Information Commissioner’s Office) is:
Dr Lisa Brownell
Edgbaston Consultants Ltd
The Consulting Rooms
38 Harborne Road
Our ICO Registration Number is Z9284981
The data controller for Edgbaston Consultants Ltd is Dr Lisa Brownell FRCPsych
When you use our website, make an enquiry or use our services we may collect personal information about you. We have written this statement to tell you:
• what information we collect about you
• how we collect that information
• what we use your information for
• our legal basis for processing information about you
• who we may share the information with
• how long we will retain this information
• how we will communicate with you
• what choices you have about what we can do with your information
• how to access and update your information
How we collect personal information
We collect personal information from you and from third parties (anyone acting on your behalf, for example healthcare providers).
We collect personal information from you through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our website, by post, by filling in application or other forms, through social media or face-to-face (for example, in consultations, diagnosis and treatment).
We also collect information from other people and organisations.
We may collect information from:
• a family member, or someone else acting on your behalf;
• your parent or guardian, if you are under 18 years old;
• doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
• a person instructing us in relation to legal issues (for example where we provide expert witness services), who is usually a solicitor.
• any service providers who work with us in relation to your product or service, if we don’t provide it to you direct, medical treatment, or health assessments;
• fraud-detection and credit-reference agencies; and
• sources which are available to the public, such as the edited electoral register or social media. We don’t do we?
Categories of personal information we process
We process two categories of personal information about you and (where applicable) your dependants:
1. standard personal information (for example, information we use to contact you or identify you); and
2. special categories of information (for example, health information, information about your race,
ethnic origin and religion that allows us to tailor your care, and information about crime in connection
with checks against fraud or anti-money-laundering registers).
Standard personal information includes:
• contact information, such as your name, address, email address and phone numbers;
• the country you live in, your age, your date of birth and national identifiers (such as your National Insurance number or passport number);
• information about your employment;
• details of any contact we have had with you, such as any complaints or incidents;
• financial details, such as details about your payments and your bank details;
• the results of any credit or any anti-fraud checks we have made on you; and information about how you use our website
Special category information includes:
• information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as from telephone calls, emails, faxes, information about complaints or incidents, and referrals from your insurance provider, quotes and records of medical services you have received);
• information about your race, ethnic origin and religion; and
• information about any criminal convictions and offences
What we use your personal information for
We process your personal information in order to provide our services, either provision of expert witness
services or medical services. We have also set out some legal reasons why we may process your personal
information (these depend on what category of personal information we are processing).
By law, we must have a lawful reason for processing your personal information.
We process standard personal information about you if this is:
• necessary to provide the services set out in a contract − if we have a contract with you, we will process your personal information in order to fulfil that contract (that is, to provide you and your dependants with our products and services);
• in our or a third party’s legitimate interests
• required or allowed by law.
We process special category information about you because:
• it is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health care or treatment, or to manage health-care systems (including to monitor whether we are meeting expectations relating to our clinical and nonclinical performance);
• it is necessary for an insurance purpose (for example, advising on, arranging, providing or managing an insurance contract, dealing with a claim made under an insurance contract, or relating to rights and responsibilities arising in connection with an insurance contract or law);
• it is necessary to establish, make or defend legal claims (for example, claims against us for insurance);
• it is necessary for the purposes of preventing or detecting an unlawful act in circumstances where we must carry out checks without your permission so as not to affect the outcome of those checks (for example, anti-fraud and anti-money-laundering checks or to check other unlawful behaviour, or carry out investigations with other insurers and third parties for the purpose of detecting fraud);
• it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a member’s complaint or a regulator (such as the Care Quality Commission or the General Medical Council) telling us about an issue);
• it is in the public interest, in line with any laws that apply;
• it is information that you have made public; or
• we have your permission. As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us that permission. If we cannot provide a service without your permission (for example, we can’t manage and run a health service without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a service that relies on having your permission.
Where we store your personal data
The information that we collect from you will not be transferred to, processed and stored outside the UK.
We are committed to ensuring that our suppliers have appropriate technical, administrative and physical
procedures in place to ensure that your information is protected against loss or misuse. All information you
provide to us is stored on our secure servers or on secure servers operated by a GDPR-compliant third party.
With whom do we share personal data?
We share personal data internally strictly on a need to know basis and share the minimum required for the purpose.
We may disclose your information to the third parties listed below for the purposes described in this Privacy Notice. This would again be the minimum required for the purpose. This might include:
• A doctor, nurse, psychologist, psychotherapist or any other healthcare professional involved in your treatment
• Other members of support staff involved in the delivery of your care, like receptionists and secretaries
• Anyone that you ask us to communicate with
• NHS organisations, including NHS Resolution, NHS England, Department of Health
• Other private sector healthcare providers
• Your GP
• Those who have instructed us as an expert witness
• Third parties who assist in the administration of your healthcare, such as insurance companies
• Private Healthcare Information Network
• Our regulators
• The police and other third parties where reasonably necessary for the prevention or detection of
• Our insurers
• Debt collection agencies
• Credit referencing agencies
• Our third party services providers such as IT suppliers, actuaries, auditors, lawyers, document
management providers and tax advisers
• Selected third parties in connection with any sale, transfer or disposal of our business
• HMRC and the VAT Commissioner as they require
• With others pursuant to a court order
How long do we keep personal data for?
The GDPR requires that personal data should not be held for longer than is necessary for the purpose for which it is being processed. However, it is a fundamental requirement that all of our records are retained for a minimum period of time for legal, operational, and safety reasons. The length of time for retaining records will depend on the type of record.
In most cases, where clinical medical services have been provided (treatment or private assessment), records will be retained for 20 years after the last contact. This period has been determined with patient safety in mind and is consistent with most other healthcare providers.
Personal data in legal cases is retained, where necessary, for 10 years following the conclusion of the case.
How we communicate with you
We are likely to do this by telephone, SMS, email, fax and/or post. If we contact you using the telephone number(s) which you have provided (landline and/or mobile), and you are not available which results in the call being directed to a voicemail and/or answering service, we may leave a voice message on your voicemail and/or answering service as appropriate.
Please note that although providing your mobile number and email address and stating a preference to be communicated by a particular method will be taken as an affirmative confirmation that you are happy for us to contact you in that manner, we are not relying on your consent to process your personal data in order to correspond with you about your treatment. As set out further below, processing your personal data for those purposes is justified on the basis that it is necessary to provide you with healthcare services.
If you choose to send us information via email, we cannot guarantee the security of this information until it is delivered to us. We have a GDPR-compliant secure email system for communication and details of this will be provided to you when you make contact with us, for example if we ask you to provide further information about your health or personal details such as your address.
You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information. For more information, see below.
You have the following rights (certain exceptions apply):
• Right of access: the right to make a written request for details of your personal information and a copy of that personal information. We will provide this free of charge although where such requests are frequent or excessive then we may charge an administration fee.
• Right to rectification: the right to have inaccurate information about you corrected or removed
• Right to erasure (‘right to be forgotten’): the right to have certain personal information about you erased
• Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
• Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests.
• Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
• Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you your chosen product or service
• Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
How to Contact us
We welcome questions, comments and requests regarding this Privacy Statement which can be sent to email@example.com
If you have any concerns about the way your personal information has been processed, please contact us, either by email firstname.lastname@example.org or telephone (0121 663 0303). Alternatively, you may contact the Information Commissioner’ s Office on 0303 123 1113.
Cookies are widely used and most web browsers are configured initially to accept cookies automatically. You may change your Internet browser settings to prevent your computer from accepting cookies or to notify you when you receive a cookie so that you may decline its acceptance.
Please note, however, if you disable cookies, you may not experience optimal performance of our website.
the privacy practices employed by third party websites. Therefore, we suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared and disclosed.