Privacy Policy

Effective Date: 24 March 2025
Review Date: 24 March 2026

At 360 Med, we are committed to protecting your privacy and ensuring that your personal data is handled securely and in compliance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and Care Quality Commission (CQC) regulations.

This policy explains how we collect, use, store, and protect your personal information when you use our in-person and online consultation services.

1. What Information We Collect

• Identity Data: Name, date of birth, gender, and identification documents (where required).
• Contact Data: Address, phone number, and email address.
• Medical Data: Medical history, prescriptions, consultations, test results, and treatment plans.
• Financial Data: Payment details for services received.
• Technical Data: IP address, device information, and online identifiers when using our website and telemedicine services.
• Communication Data: Any correspondence or feedback provided by you.

2. How We Use Your Information

• Provide high-quality in-person and online medical consultations
• Maintain accurate and up-to-date medical records
• Arrange diagnostic tests, prescriptions, and referrals
• Process payments and manage your account
• Improve our services through patient feedback and quality assurance
• Comply with legal, regulatory, and CQC obligations

We only process your data where legally permitted and ensure that it is relevant, accurate, and kept up to date.

3. Legal Basis for Processing Your Data

• Performance of a Contract: Providing medical services as requested
• Legal Obligation: Compliance with CQC and legal requirements
• Legitimate Interests: Quality improvement, fraud prevention, and patient safety
• Consent: Where required, including marketing communications and special categories of personal data

4. How We Protect Your Data

• Encryption for online communications
• Secure servers and controlled access
• Regular audits in line with GDPR and CQC standards
• Data minimisation – storing only necessary data for as long as required

5. Sharing Your Data

• Healthcare professionals involved in your treatment
• Diagnostic laboratories and specialist referral providers
• Regulatory bodies (including CQC and GMC) when legally required
• IT and payment service providers under strict confidentiality agreements

We never sell your personal data to third parties.

6. International Data Transfers

In some cases, your personal data may be transferred outside the UK and European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including:

• Transfers only to countries recognised by the UK Government as having adequate data protection laws
• Use of Standard Contractual Clauses (SCCs) or other approved safeguards
• Ensuring third-party providers comply with GDPR standards

7. How Long We Keep Your Data

• Adult medical records: Minimum of 8 years
• Children’s records: Until the patient reaches age 25
• Financial records: Minimum of 6 years
• Online consultation records: Stored securely and deleted when no longer required

8. Your Rights

• Access your personal data and request a copy
• Correct inaccurate or incomplete information
• Withdraw consent where applicable
• Request deletion of your data (subject to legal retention requirements)
• Object to certain types of processing
• Lodge a complaint with the Information Commissioner’s Office (ICO)

9. Telemedicine and Online Consultations

• End-to-end encrypted video consultations
• Secure handling of online prescriptions
• Full confidentiality of patient data in line with GDPR requirements

10. Changes to This Policy

We may update this privacy policy from time to time to reflect regulatory or operational changes. Updates will be posted on our website and communicated where appropriate.

11. Contact Us

360 Med – Private Medical Centre
Address: 120 Fortis Green Road, N10 3HN
Phone: 020 8050 4048
Email: info@360med.co.uk

Version: 1.0
Last Updated: 24 March 2025
Next Review Date: 24 March 2026