1357 Warwick Road, Knowle, Solihull, West Midlands, B93 9LW

01564 732150

Privacy Policy

Our Policy

Privacy Notice – Patients, Visitors & Suppliers

(How we process your personal information)

This notice explains what personal information we collect when we collect it and how we use this. During the course of our activities, we will process personal data (which may be held on paper, electronically, or otherwise) about you and we recognise the need to treat it in an appropriate and lawful manner. The purpose of this notice is to make you aware of how we will process your personal data.

Who are we?

CMC Imaging Services Ltd: A company limited by Guarantee (03492885) trading as Heath Lodge Clinic

Our Registered Office is 70 Priory Road, Kenilworth, Warwickshire, CV8 1LQ. At Heath Lodge Clinic (“we” or “us”) take the issue of security and data protection very seriously. We comply with all relevant data protection laws, including the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003.

We are notified as a Data Controller with the Office of the Information Commissioner under registration numbers Z8619496 and we are the data controller of any personal data that you provide to us.

Our Data Protection Officer (DPO) is RGDP LLP, who can be contacted by email as follows: info@rgdp.co.uk. Any questions relating to this notice and our privacy practices should be sent to the following email address:

info@rgdp.co.uk. Alternatively, you can contact us by writing to us at our Registered Office.

How we collect information from you and what information we collect

We may process the following information about you, as a patient, for the stated purposes below:

  • Your name, age, and contact details;
  • Details of your appointments and centre visits;
  • Records about your health, treatment and care;
  • Results of your imaging investigations;
  • Information from other health professionals;
  • Details of your credit/debit cards or banking information;
  • Patient experience feedback and surveys;
  • CCTV imagery;
  • Telephone call recordings; and
  • Information about complaints and

We may process the following information about visitors and suppliers for the stated purposes below

  • Information relating to your visit, e.g., your company or organisations name, arrival and departure time, vehicle number plate number;
  • Name;
  • Contact details, including phone numbers, addresses and email addresses;
  • References;
  • Bank Details
  • Information about any access arrangements you may need;
  • Telephone call recordings
  • CCTV imagery; and
  • Visitors register, via our diary

We will use this information to potentially enter into or enter into a contract with you, and / or for the administration of our organisation.

If you do not wish to provide your personal data

You have obligations under your contract / potential contract with us to provide us with the necessary data. If you do not provide this information, this will hinder the Clinic’s ability to enter into or maintain a contract with you.

Fellow Professionals

We may also process the information available on professional body websites to enable postal marketing where we believe that we offer a service that may be of interest to you, we have completed a legitimate interests assessment in relation to this.

Why we need this information about you and how it will be used

We need your information and will use your information:

  • to undertake and perform our obligations and duties to you in accordance with the terms of our contract or potential contract with you, your insurance company or other organisation making payment for the services which we provide to you;
  • to enable us to supply you with the services and information which you have requested;
  • to enable us to respond to any surveys or complaints made;
  • to analyse the information we collect so that we can administer, support and improve and develop our business and the services we offer;
  • to contact you in order to send you details of any changes to our service provision which may affect you;
  • for all other purposes consistent with the proper performance of our operations and business; and
  • to contact you for your views on our products and

What are the legal bases for us processing your personal data?

We will only process your personal data on one or more of the following legal bases:

  • contract
  • consent
  • our legitimate interests, including CCTV imagery, telephone call recordings, and postal marketing
  • vital interests
  • the performance of a task carried out in the public interest and / or with official authority
  • legal obligation

Processing special category personal data

Special category personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Article 9 of the UK GDPR prohibits the processing of special category data. There are 10 exceptions to this general prohibition, usually referred to as ‘conditions for processing special category data’. These are:

  • Explicit consent
  • Employment, social security and social protection (if authorised by law)
  • Vital interests
  • Not-for-profit bodies
  • Made public by the data subject
  • Legal claims or judicial acts
  • Reasons of substantial public interest (with a basis in law)
  • Health or social care (with a basis in law)
  • Public health (with a basis in law)
  • Archiving, research, and statistics (with a basis in law)

We will therefore only process special category personal data in a lawful manner where one of these conditions apply.

Sharing of Your Information

We may disclose your personal data to any of our employees, contractors, professional advisors, agents, suppliers or subcontractors, government agencies, regulators, or other third-parties insofar as reasonably necessary, and in accordance with data protection legislation.

We may also disclose your personal data:

  • If we enter into a joint venture with or merge with another business entity, your information may be disclosed to our new business partners or owners
  • With our Data Protection Team and/or Legal Advisors
  • If we are making an insurance claim following any incident, we may share your information with our insurers
  • If we are investigating payments made or otherwise, your information may be disclosed to payment processors
  • If we are being audited then we may share your information with our auditors
  • To fulfil our legal and regulatory obligations
  • To fulfil our contractual or other obligations with you
  • With your consent; and/or
  • As otherwise required by

Unless required to do so by law, we will not otherwise share, sell, or distribute any of the information you provide to us without your consent.

National Data Opt-Out Programme

Whenever you use a health or care service important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use theses services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • Improving the quality and standards of care provided
  • Research into the development of new treatments
  • Preventing illness and diseases
  • Monitoring safety
  • Planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit https://www.nhs.uk/your-nhs-data-matters/. On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individuals care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-put by phone
  • See the situations where opt-out will not apply

You can also find out more about how patient information is used at: https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and

https://understandingpatientdata.org.uk/introducing-patient-data (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Our organisation is currently compliant with the national data opt-out policy and has systems and processes in place so that we can apply your choice to any confidential patient information we use or share for purposes beyond your individual care.

Transfers outside the UK

Your information will only be processed within the UK, other than where authorised in accordance with Chapter V of the UK General Data Protection Regulation.

Security

When we process your personal data, we take steps to make sure that your personal information is kept secure and safe. This includes ensuring there is adequate IT and physical security for all locations that data is stored, and we ensure that these measures are tested on a regular basis to ensure compliance.

How long we will keep your information

We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, as required by law (we may be legally required to hold some types of information), as set out in any relevant contract we have with you and in accordance with our Data Retention Policy and Schedule.

Your Rights

You have the right at any time to request to exercise your data subjects’ rights in relation to the following:

  • the right to be informed
  • the right to access
  • the right to rectification
  • the right to object to processing
  • rights in relation to automated decision making and profiling
  • the right to be forgotten
  • the right to data portability
  • the rights to restrict processing

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

If you would like to exercise any of your rights above, please contact: info@rgdp.co.uk.Queries and Concerns

If you have any queries or concerns about our use of your personal information, you can raise these with us by contacting our Data Protection Officer, RGDP LLP, who can be contacted as follows

info@rgdp.co.uk or 0131 222 3239

You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information. The Information Commissioner’s contact details are noted below:

Information Commissioner’s Office

Wycliffe House Water Lane, Wilmslow, Cheshire, SK9 5AF.

Telephone: 0303 123 1113 https://ico.org.uk/make-a-complaint/

The accuracy of your information is important to us – please help us keep our records updated by informing us of any changes to your email address and other contact details.

Funding Options

We are providers for all major insurance companies – please contact your provider for authorisation prior to booking an appointment.

©2025 Heath Lodge Clinic. All Rights Reserved

Website by Super Digital

* Subject to the terms of your policy

Proud to support The Myton Hospices