Privacy Policy

Patient Privacy Notice

The Female Health Doctor  ·  Version 1.2  ·  June 2026

Document Type

Patient Privacy Notice

Policy Lead

Dr Nikki Ramskill

Date Original Policy Approved

January 2025

Latest Review Date

June 2026

Next Review Date

June 2027

 

This privacy notice explains why our Practice collects information about you and how that information may be used and shared.

The employees and partners of The Female Health Doctor use electronic records to create and maintain a history of your medical care at the Practice, to help ensure you receive the best possible healthcare. Anyone who accesses your data within the Practice can only do so if they have designated clinical access to our system (uk.zandahealth.com). We use 2-factor authentication for additional record security.

We do not keep paper records.

We comply with the Data Protection Act 2018 and UK GDPR in ensuring your personal information is as confidential and secure as possible.

 

  1. Why We Collect Information About You

Healthcare professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received. These records help to provide you with the best possible healthcare.

We collect and hold data for the sole purpose of providing healthcare services to our patients. In carrying out this role we may collect information about you which helps us respond to your queries or secure specialist services. We only keep your data in digital form. The records may include basic details about you, such as your name and address. They may also contain more sensitive information about your health and the outcomes of any needs assessments.

 

  1. Details We Collect About You

The healthcare professionals who provide you with care maintain records about your health and any treatment or care you have received elsewhere that you have chosen to share with us. Records which the Practice may hold about you may include:

  • Details about you, such as your address and next of kin
  • Any contact the Practice has had with you
  • Notes and reports about your health
  • Details about your treatment and care
  • Results of investigations such as laboratory tests, scans etc
  • Your registered NHS GP details

 

  1. How We Keep Your Information Confidential and Safe

Everyone working for the Practice is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes advised with consent given by the patient, unless there are other circumstances covered by the law. All our staff are expected to make sure information is kept confidential and receive annual training on how to do this.

We make sure external data processors that support us are legally and contractually bound to operate, and prove security arrangements are in place where data that could or does identify a person are processed.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Practice Codes of Confidentiality and Information Security
  • Health and Social Care Act 2012

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it and we have your permission to do so (such as your NHS GP). We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.

 

  1. How We Use Your Information

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public and to help us manage the Practice.

 

  1. Clinical Audit

Information may be used for clinical audit to monitor the quality of the service provided. Some of this information may be held centrally and used for statistical purposes. Where we do this we take strict measures to ensure that individual patients cannot be identified.

 

  1. Clinical Research

Occasionally your information may be requested to be used for research purposes. The Practice will always gain your explicit consent before releasing any information for this purpose.

 

  1. Safeguarding

To ensure that adult and children’s safeguarding matters are managed appropriately, access to identifiable information will be shared in some limited circumstances where it is legally required for the safety of the individuals concerned.

 

  1. Children and Young People

The Female Health Doctor may provide care to children and young people. This section explains how we handle their personal data and who can consent to its use.

Children Under 13

Children under the age of 13 do not have the legal capacity to consent to the processing of their personal data. Consent must be given by a person with parental responsibility (e.g. a parent or legal guardian). Where we treat a child under 13, we will seek consent from a parent or guardian before processing their data for any purpose beyond providing direct clinical care.

Young People Aged 13–17 and Gillick Competence

Under UK GDPR, a young person aged 13 or over may consent to the processing of their own personal data, provided they have sufficient understanding to do so. In a healthcare context this is assessed using the principle of Gillick competence: a young person is Gillick competent if they have the maturity and intelligence to fully understand the nature, purpose, and implications of the care they are seeking and the data processing involved.

Where Dr Ramskill assesses a young person aged 13–17 as Gillick competent, that young person may:

  • Consent to the processing of their personal data on their own behalf, without parental involvement
  • Request that their consultation remains confidential from their parents or guardians
  • Exercise their own data subject rights (including making a Subject Access Request)

We will record our Gillick competence assessment in the young person’s clinical record. If we are uncertain whether a young person is Gillick competent, we will seek advice before proceeding.

Parental Access to a Young Person’s Records

Parents and guardians do not have an automatic right to access the personal data of a Gillick-competent young person. Where a young person has been assessed as Gillick competent and has requested confidentiality, a parent’s Subject Access Request for that young person’s records may be refused, in whole or in part, to protect the young person’s right to privacy.

Where a child is not Gillick competent (including all children under 13), a person with parental responsibility may exercise data subject rights on their behalf, provided it is in the child’s best interests to do so.

Safeguarding Override

Confidentiality and consent to data processing — including Gillick competence — do not override our safeguarding obligations. Where we have reasonable grounds to believe a child or young person is at risk of harm, we may share information with the relevant authorities (such as children’s social care or the police) without the consent of the young person or their parent. This is consistent with our duty under the Children Act 1989 and relevant safeguarding guidance.

 

  1. Your Right to Withdraw Consent (Opt-Out)

If you are happy for your data to be extracted and used for the purposes described in this privacy notice then you do not need to do anything. If you do not want your information to be used for any purpose beyond providing your care you can choose to opt-out.

If you wish to opt out, please let us know so we can record your preference. We will respect your decision if you do not wish your information to be used for any purpose other than your care, but in some circumstances we may still be legally required to disclose your data.

If you wish to discuss or change your opt-out preferences at any time please contact the Practice Manager via hello@thefemalehealthdoctor.com.

 

  1. Access to Your Information (Subject Access Requests)

Under the UK General Data Protection Regulation (UK GDPR) everybody has the right to see, or have a copy of, data we hold that can identify you, with some exceptions. You do not need to give a reason to see your data.

If you want to access your data you must make the request in writing. Under special circumstances, some information may be withheld. If you wish to have a copy of the information we hold about you, please contact the Practice Manager via hello@thefemalehealthdoctor.com.

We will respond to your request within one calendar month of receipt. For further detail on how we handle Subject Access Requests, please ask for a copy of our SAR Policy.

 

  1. Change of Details

It is important that you tell the person treating you if any of your details — such as your name or address — have changed or if any of your details are incorrect, so that these can be amended. Please inform us of any changes so our records for you are accurate and up to date.

 

  1. Mobile Numbers & Email Addresses

If you provide us with your mobile phone number, we may use this to send you reminders about your appointments or other health screening information. Please let us know if you do not wish to receive reminders by text or phone.

If you provide us with your email address, we may use this to send you appointment reminders and recall correspondence. Please let us know if you do not wish to receive correspondence by email.

We do our best to ensure information is secure. If you fail to inform the Practice of a change to your mobile number, email address, or correspondence address, your records may be less secure and the Practice would not be in a position to accept liability for this.

 

  1. ICO Registration

The Female Health Doctor is registered with the Information Commissioner’s Office (ICO) to describe the purposes for which we process personal and sensitive information. Our Registration Number is ZA323627.

We are a registered Data Controller. Our registration can be viewed online in the public register at: ico.org.uk

 

  1. Complaints

If you have concerns or are unhappy about any of our services, please contact the Practice Manager in the first instance via hello@thefemalehealthdoctor.com.

For independent advice about data protection, privacy, and data-sharing issues, you can contact the Information Commissioner’s Office: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF — Phone: 0303 123 1113 — Website: ico.org.uk

 

  1. Reviews and Changes to this Privacy Notice

We will keep our Privacy Notice under regular review. This notice was last reviewed in June 2026 and will next be reviewed in June 2027.

The most current version of this notice is always available on request from the Practice.

 

Scroll to Top
Verified by MonsterInsights