Privacy Policy

This privacy notice tells you what to expect us to do with your personal information.

Contact details

Telephone - 07881902671
Email - doc@drpeterweil.co.uk

1. Use of the Website

The 'Dr Peter Weil, GP (The Edinburgh Joint Injection Clinic)' website is owned by Dr. Peter Weil, which is a data controller of your personal data.

We have adopted this Privacy Policy, which determines how we are processing the information collected by Dr Peter Weil, General Practitioner, which also provides the reasons why we must collect certain personal data about you. Therefore, you must read this Privacy Policy before using this website.

We take care of your personal data and undertake to guarantee its confidentiality and security.

Personal information we collect when you visit the website:

When you visit this website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the installed cookies on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products you view, what websites or search terms referred you to the Site, and how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

Why do we process your data when you visit the website?

We process only minimal user data, only as much as it is absolutely necessary to maintain the website. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding website usage. This statistical information is not otherwise aggregated in such a way that it would identify any particular user of the system.

You can visit the website without telling us who you are or revealing any information, by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the website’s features, you may provide personal data to us, such as your email, first name, last name, city of residence, telephone number. You can choose not to provide us with your personal data, but then you may not be able to take advantage of some of the website’s features. Users who are uncertain about what information is mandatory are welcome to contact us via doc@drpeterweil.co.uk.

Links to other websites:

Our website may contain links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for such other websites or third parties' privacy practices. We encourage you to be aware when you leave our website and read the privacy statements of each website that may collect personal information.

Information security in regards use of the website:

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We keep reasonable administrative, technical, and physical safeguards to protect against unauthorized access, use, modification, and personal data disclosure in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed.

Legal disclosure in regards use of the website:

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

2. Patient Data and GDPR

What information we collect, use, and why

We collect or use the following information to provide patient care, services, pharmaceutical products and other goods:

Name, address and contact details

Gender

Pronoun preferences

Date of birth

Emergency contact details

Photographs

Health information (including medical conditions, allergies, medical requirements and medical history)

Test results (including psychological evaluations, scans, bloods, x-rays, tissue tests and genetic tests)

Payment details (including card or bank information for transfers and direct debits)

Records of meetings and decisions

We also collect the following information to provide patient care, services, pharmaceutical products and other goods:

Health information

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. You can read more about this right here.
Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. You can read more about this right here.
Your right to erasure - You have the right to ask us to delete your personal information. You can read more about this right here.
Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. You can read more about this right here.
Your right to object to processing - You have the right to object to the processing of your personal data. You can read more about this right here.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. You can read more about this right here.
Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. You can read more about this right here.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide patient care, services, pharmaceutical products and other goods are:

Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Where we get personal information from

Directly from you

How long we keep information

We have a legal requirement in Scotland to maintain electronic GP records in perpetuity. The electronic records we have are therefore kept in perpetuity.

Who we share information with

Data processors

Cliniko

This data processor does the following activities for us: Practice management software that manages and securely stores our patient medical records, patient financial information, and patient contact information. They have UK servers on which the data is stored and are GDPR compliant.

Others we share personal information with

Other health providers (eg GPs and consultants)

Organisations we need to share information with for safeguarding reasons

Emergency services

Organisations we’re legally obliged to share personal information with

Duty of confidentiality

We are subject to a common law duty of confidentiality. However, there are circumstances where we will share relevant health and care information. These are where:

you’ve provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses);
we have a legal requirement (including court orders) to collect, share or use the data;
on a case-by-case basis, the public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime);
If in England or Wales – the requirements of The Health Service (Control of Patient Information) Regulations 2002 are satisfied; or
If in Scotland – we have the authority to share provided by the Chief Medical Officer for Scotland, the Chief Executive of NHS Scotland, the Public Benefit and Privacy Panel for Health and Social Care or other similar governance and scrutiny process.

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above.

Organisation name: Cliniko

Category of recipient: Practice Management Software for Healthcare

Country the personal information is sent to: Patient medical and financial data held on UK servers, but subprocessors based in the USA and Australia. (More info at https://help.cliniko.com/en/articles/4792789-how-cliniko-helps-you-comply-with-uk-gdpr)

How the transfer complies with UK data protection law: Cliniko have established a Data Processing Addendum which permits their processing of data under UK GDPR. (details at https://www.cliniko.com/files/cliniko-uk-data-processing-addendum-v20221226.pdf)

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint