​

Windsor Wellness Clinic is committed to protecting your privacy and ensuring that your personal and medical information is handled lawfully, securely, and with the utmost confidentiality. This Privacy Policy explains how we collect, use, and protect your information in accordance with UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

​

Who We Are

​

Windsor Wellness Clinic is a GP practice providing primary medical care and related health services. We are the data controller responsible for the personal data we hold about patients, staff, and other individuals who interact with the practice.

​

If you have any questions about this policy or how your information is used, please contact us at:
info@windsorwellnessclinic.com

 ​

Information We Collect 

​

We may collect and hold the following types of information:

​

• Personal details such as name, date of birth, address, email address, and telephone number

• NHS number and other identifiers

• Medical records, including clinical notes, test results, correspondence, and treatment information

• Information provided when registering with the practice or contacting us

• Administrative and appointment-related information

• Technical information when you visit our website (such as IP address and cookies)

 

We only collect information that is necessary for the provision of safe and effective healthcare and for meeting our legal and contractual obligations.

 ​

How We Use Your Information 

​

Your information is used to:

​

• Provide you with medical care and treatment

• Maintain accurate and up-to-date medical records

• Communicate with you about appointments, referrals, and your care

• Coordinate care with other NHS or healthcare providers where appropriate

• Meet legal, regulatory, and contractual requirements

• Improve the quality and safety of services we provide

 

Your information will never be used for marketing purposes without your explicit consent.

 ​

Legal Basis for Processing 

​

We process personal data under the following legal bases:

​

• The provision of health or social care (UK GDPR Article 9(2)(h))

• Compliance with legal and regulatory obligations

• Public interest in the area of public health

• Your consent, where required for specific purposes

 

Confidentiality and Data Sharing

 ​

We take our duty of medical confidentiality very seriously. Your information is shared only when necessary and appropriate, including:

​

• With other healthcare professionals involved in your care

• With NHS organisations and approved partners

• Where required by law, safeguarding obligations, or court order

 

Any information shared is limited to what is relevant and necessary for the purpose. 

​

Data Storage and Security

 ​

All personal and medical information is stored securely using appropriate technical and organisational safeguards. Access to records is restricted to authorised staff who require it for their role.

We retain records in line with NHS guidance and legal requirements.

 ​ 

Your Rights 

​

You have rights under data protection law, including the right to:

​

• Access your medical records

• Request correction of inaccurate or incomplete information

• Request restriction of processing in certain circumstances

• Object to processing where applicable

• Withdraw consent where consent is the legal basis

 

Requests can be made by contacting the practice using the details above.

 ​

Website Cookies 

 ​

Our website may use cookies to ensure it functions correctly and to improve user experience. You can manage cookie settings through your browser. 

​

Changes to This Policy

​

This Privacy Policy may be updated from time to time. The most recent version will always be available on our website.