OUR PRIVACY POLICY

  Organisation: The Battersea Clinic Limited (trading as The Real Clinic)

   Website: https://www.therealclinic.com

   Version: 2.0

   Last Updated: April 2026

   Review Date: April 2028 or before if required

   ICO Registration: ZB165184

   Company Registration: 13405640

 

Who We Are

The Battersea Clinic Limited, trading as The Real Clinic, is committed to protecting and respecting your privacy. This Privacy Policy sets out the basis on which we collect, use, store and otherwise process any personal data that we collect from you, that you provide to us, or that we receive from other sources.


This policy applies to all personal data collected through our website at www.therealclinic.com, through visits to our clinic in person, and through telephone, email and written contact. Please read this policy carefully. By using our website or services, you confirm that you have read and understood this policy.


We recommend that you print or save a copy of this Privacy Policy for future reference. We will notify you of any material changes to this policy.


The Data Controller

The Battersea Clinic Limited is the data controller in respect of your personal data. We are registered as a data controller with the Information Commissioner’s Office (ICO) under company registration number 13405640, ICO registration reference ZB165184.


You can contact us by writing to: 1 Vincent Square, London, SW1P 2PN, or by emailing: info@therealclinic.com


Our Data Protection Lead

We have appointed a Data Protection Lead (DPL) to oversee compliance with this Privacy Policy and our data protection obligations. Mr Greg Thorpe, Hospital Director, holds overall responsibility for data protection at The Battersea Clinic Limited.


If you have any questions, comments or requests regarding this policy or how we use your personal data, please contact our Data Protection Lead at: 1 Vincent Square, London, SW1P 2PN, or by email at: info@therealclinic.com


This is in addition to your right to contact the Information Commissioner’s Office (ICO) directly if you are dissatisfied with our response to any issue you raise. The ICO can be contacted at https://ico.org.uk/global/contact-us/.


Our Data Protection Obligations

The Battersea Clinic Limited processes your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of UK data protection law, we are the data controller.


Where we provide services to NHS patients under contract with NHS England or an Integrated Care Board (ICB), we may also act as a data processor on behalf of the relevant NHS commissioner. In that capacity, we comply with all applicable NHS data security requirements, including the NHS Data Security and Protection Toolkit (DSPT), and apply the National Data Opt-Out policy where required.


How We Collect Personal Information About You

We collect personal information about you in the following ways:

  • When you provide it to us directly – for example by completing a contact or enquiry form on our website, booking a consultation or procedure, contacting us by telephone, email, post or in person at our clinic
  • When you use our website – we collect certain technical information automatically (see the Cookies section below)
  • When we receive it from third parties – for example from your GP, surgeon, anaesthetist or other healthcare professionals involved in your care, from finance partners, or from other clinicians or healthcare providers
  • Where you have given your consent for us to do so, we may also request or obtain information from third parties relevant to your procedure, including your GP, surgeon, anaesthetist, specialist medical provider and medical equipment suppliers


The Battersea Clinic Limited will always ask for your consent where we are required to do so by law, and will send you a consent form when you contact us for a procedure. You should only sign and return this form if you wish to give your consent.


Cookies and Website Analytics

  • We collect information about your use of our website through cookies and similar technologies. Our Cookies Policy sets out how we use cookies; you can access it at: https://www.therealclinic.com/cookies-policy/
  • You can reject some or all cookies by changing your browser settings, though doing so may affect your ability to use some features of our website. For further information about cookies, visit www.allaboutcookies.org.
  • We use Google Analytics to understand how visitors engage with our website. For information on how Google Analytics processes data, visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics tracking at: tools.google.com/dlpage/gaoptout
  • Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to read their privacy notices when you visit them.


Personal Information We Collect

The types of personal information we may collect include, but are not limited to:

  • Your name, date of birth, address, email address and telephone number
  • Your next of kin or emergency contact details
  • Payment information (e.g. credit or debit card details, finance arrangements)
  • Information about your medical history, including previous procedures, pre-existing conditions, medications and relevant health data
  • Information about your computer or device, including your IP address, browser type, device type, operating system and network provider
  • Information about how you use our website, including pages viewed, time spent and links clicked
  • Information from finance partners where you apply for credit to fund a procedure

Information we obtain from third parties may relate to your medical history or financial arrangements, but may also include any of the types of information listed above.

In limited circumstances where we obtain your personal information from a source other than yourself and we are not required to provide you with this Privacy Policy (for example, where doing so would be impossible or involve disproportionate effort, or where we are subject to a legal obligation of confidentiality), we will not be obliged to provide you with the information in this policy. Where we are required to inform you, we will do so at the point of first communication, when we disclose your information to a third party, or within one month of obtaining your information – whichever is earliest.


How We Use Your Personal Information

We may use your personal information for one or more of the following purposes:

a)    Administering, running and improving our website and clinical services, including tailoring our services to the needs and preferences of our patients

b)    Communicating with you directly in relation to your chosen procedure, pre- and post-operative care, updates to our services, and responses to enquiries

c)    Entering into and performing a contract with you, including booking consultations and procedures and providing the services you have requested. If you do not provide the personal information we need, we may not be able to perform the contract or provide the services

d)    Protecting our business interests, including for the purposes of fraud prevention and debt recovery

e)    Providing you with news and updates relating to services you have purchased or enquired about, where you have opted in to receiving such communications

f)     Sharing your personal information with third parties that are related to or associated with us where necessary to perform a contract with you, manage our business, or comply with legal obligations. This includes business partners, IT service providers, email providers, independent contractors and professional advisers. We will only share information on a need-to-know basis, subject to confidentiality restrictions, and on an anonymised basis wherever possible

g)    Processing payments, including sharing information with payment service providers such as Worldpay (privacy policy: https://www.worldpay.com/uk/worldpay-privacy-notice) and Stripe

h)    Complying with legal and regulatory obligations, including anti-money-laundering requirements, tax laws, court orders and reporting obligations to the CQC, NHS England and other regulatory bodies

i)     Enforcing our legal rights and defending potential legal claims

j)     Ensuring the physical, network and information security of our systems

k)    Providing anonymised statistical information to third-party analytics providers such as Google Analytics

l)     Reporting suspected criminal activity or threats to public security to a competent authority where required by law


Where you have given consent, we may also use your personal data to send you newsletters, updates and marketing communications. You can withdraw your consent at any time by emailing info@therealclinic.com or clicking the unsubscribe link in any communication.


Processing of NHS Patient Data

Where the clinic provides services to NHS patients, personal data relating to those patients is processed in our capacity as a data processor acting on behalf of NHS England or the relevant Integrated Care Board. Such data is handled in accordance with:

  • The NHS Standard Contract data processing requirements
  • The NHS Data Security and Protection Toolkit
  • The National Data Opt-Out – patients who have registered an opt-out will not have their confidential patient data used for purposes beyond their direct care. For more information, visit www.nhs.uk/your-nhs-data-matters
  • NHS England’s data sharing agreements and retention schedules applicable to NHS-commissioned services


NHS patient data will not be used for any purpose other than the delivery and administration of NHS-commissioned clinical care without appropriate legal basis.


Legal Basis for Processing Your Personal Data

We will only use your personal data where the law allows us to. The legal bases on which we rely include:

  • Performance of a contract with you, or taking steps at your request prior to entering into a contract
  • Compliance with a legal or regulatory obligation to which we are subject
  • Our legitimate interests (or those of a third party), where your interests and fundamental rights do not override those interests
  • Your consent, where we have asked for and you have provided it – you may withdraw consent at any time
  • Processing necessary for the provision of health or social care services (for special category health data), under Article 9(2)(h) UK GDPR
  • Processing required to meet our obligations under the Health and Social Care Act 2012 and related legislation


Automated Decision-Making

We do not make any decisions about you solely by automated means that produce legal or similarly significant effects. We do not undertake automated profiling for the purposes of making decisions about your care or eligibility for services.


Marketing

Where you have indicated that you wish to receive marketing communications from us, we may contact you with details of our services, events and business updates. You have the right to opt out of receiving marketing communications at any time by:

m)   Ticking the relevant opt-out box on any form we send you

n)    Clicking the unsubscribe link in any marketing email

o)    Emailing us at info@therealclinic.com with your name and contact details


Disclosure of Personal Data to Third Parties

We may share your personal information with the following categories of third party:

p)    Clinical staff, surgeons, anaesthetists and other healthcare professionals involved in your care

q)    Affiliated entities to support internal administration

r)     IT and software providers that host our website or store data on our behalf

s)     Professional advisers including lawyers, accountants, bankers and insurers

t)     HM Revenue and Customs, the CQC, NHS England, Integrated Care Boards, and other regulators or statutory authorities where we have a legal obligation to report

u)    Payment service providers, including Worldpay and Stripe, to process payments for services

v)    Finance partners where you apply for credit

w)   Third parties in connection with a sale, transfer or merger of part or all of our business – in such circumstances the new owners will use your personal data in accordance with this policy

x)    The police, regulatory bodies, legal advisers or similar third parties where we are under a legal duty to disclose, or where disclosure is necessary to protect the rights, property or safety of our patients or others

We will not sell or distribute personal data to other organisations without your approval.


International Transfers of Personal Data

We hold your personal data within the UK. Where it is necessary to transfer your personal information outside the UK or to an international organisation, we will ensure that the transfer complies with UK GDPR requirements. This means the recipient country will either benefit from UK adequacy regulations, or we will put in place appropriate safeguards such as:

       International data transfer agreements (IDTAs) approved by the ICO

       Standard contractual clauses adopted or approved by the ICO

We will not transfer your personal data internationally without the appropriate safeguards being in place.


How Long We Store Your Personal Information

We will store your personal information for no longer than is necessary, taking into account:

y)    The purpose for which we are processing your personal information and whether it remains necessary to retain it

z)    Any legal obligation to continue processing or retaining your information

aa)  Whether we have a continuing legal basis for processing, such as your consent

For clinical records, we retain data in line with the Records Management Code of Practice for Health and Social Care (NHS Digital / NHS England), which sets out minimum retention periods for health records. For NHS patient records, we apply the retention schedules specified in our NHS contract and in the NHS Records Management Code.

For non-clinical records (e.g. marketing data, website analytics), we apply shorter retention periods proportionate to the purpose for which the data was collected.


Securing Your Personal Information

We take appropriate technical and organisational measures to protect your personal information against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include:

  • Only sharing and providing access to your personal information to the minimum extent necessary, subject to confidentiality restrictions, and on an anonymised basis wherever possible
  • Using secure servers to store your personal information
  • Requiring proof of identity from any individual who requests access to personal information
  • Putting in place strict confidentiality and data protection obligations with all third-party service providers and data processors
  • Maintaining physical and digital access controls to prevent unauthorised access to clinical and personal data

Where we hold NHS patient data, we also comply with the security requirements of the NHS Data Security and Protection Toolkit and complete an annual DSPT assessment.


Your Rights

Under UK data protection law, you have the following rights in respect of your personal data:

1.     The right to access – you can ask for a copy of all personal data we hold about you. We will generally provide this free of charge.

2.     The right to rectification – you can ask us to correct any personal data you believe to be inaccurate or incomplete. You can also ask us to restrict processing while we consider your request.

3.     The right to erasure – you can ask us to erase personal data that is no longer necessary for the purpose for which it was originally collected. We retain our data in line with the NHS Records Management Code of Practice (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance).

4.     The right to restrict processing – you can ask us to restrict the processing of your data while a complaint or rectification request is being considered.

5.     The right to data portability – you can ask us to provide your personal data in a commonly used electronic format and, where technically feasible, to transfer it to another organisation.

6.     The right to object – where we are processing your personal data on the basis of our legitimate interests or in the public interest, you have the right to object to that processing. We will restrict processing while we consider your objection.

7.     The right to withdraw consent – where we process your personal data on the basis of your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of your rights, please contact our Data Protection Lead in writing at 1 Vincent Square, London, SW1P 2PN, or by email at info@therealclinic.com. Please include your name and the action you wish us to take. We may ask you to verify your identity before we can action your request.

To verify your identity, we will require a document from each of the following two categories:

  • Category 1: a full current signed UK or overseas passport, a full current UK or EU photocard driving licence, or a national identity card
  • Category 2: a recent bank statement, utility bill, TV licence renewal or council tax bill, dated no more than three months before your request

We will respond to your request within one month. If we are unable to fulfil your request, we will explain why, subject to any legal or regulatory restrictions.


Complaints

If you are dissatisfied with how we have handled your personal data or any request you have made, you have the right to complain to the Information Commissioner’s Office (ICO):


  Information Commissioner’s Office

 Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

   Website

 https://ico.org.uk/global/contact-us/

   Helpline

 0303 123 1113

 

We would encourage you to contact us directly in the first instance so that we have the opportunity to address your concerns.


Privacy Notice for Patients and Healthcare Customers

This section of our Privacy Policy provides specific information for patients and customers using our clinical facilities, as regulated by the Care Quality Commission (CQC). It explains what personal data we hold about you, why we hold it, how we use it and your rights.

If you have any questions about how we use your data as a patient, please contact us at: info@therealclinic.com


Service Users – Patients

What data do we hold?

In order to provide a professional and safe clinical service, we need to keep certain records about you. We may process the following types of personal data:

  • Your basic details and contact information, including your name, date of birth, address, email address, telephone number and next of kin
  • Your financial details, including how you pay for your care or your funding arrangements (including NHS funding where applicable)

We also record the following data, which is classified as special category data under UK GDPR:

  • Health and social care data, including your physical and mental health history
  • Data about your race, ethnic origin, religion or sexual orientation, where relevant to your care


Why do we hold this data?

We need this data to provide high-quality, safe and personalised care. We process your personal data on the following legal bases:

  • Legal obligation – we are required to process certain data under the Health and Social Care Act 2012 and related legislation
  • Legitimate interests – where necessary to run and manage our clinical service
  • Consent – where we ask for and you provide your consent

We process your special category health data because:

  • It is necessary for the provision and management of healthcare services (Article 9(2)(h) UK GDPR)
  • It is required for social security and social protection law, for example in safeguarding situations
  • It is required to provide data to our regulator, the CQC, as part of our public interest obligations
  • Where the clinic provides NHS-funded services, it may also be required to share data with NHS England, the relevant ICB, and other NHS bodies for the purposes of commissioning, audit and statutory reporting


Where do we process your data?

We collect and share your data with the following:

8.     You or your legal representative(s)

9.     Third parties involved in your care – including your GP, surgeon, anaesthetist, pharmacy, local hospitals, social workers and other health and care professionals

10.  NHS commissioners, NHS England, Integrated Care Boards and clinical commissioning groups, where applicable

11.  The local authority, where relevant to your care or a safeguarding obligation

12.  Organisations we have a legal obligation to share information with, such as the CQC

13.  The police or other law enforcement agencies, where required by law or court order

We collect and share data face to face and through email, telephone, post and our website.

Patients who are receiving NHS-funded care have the right to opt out of their confidential patient information being used for purposes beyond their direct care. You can register a national opt-out at www.nhs.uk/your-nhs-data-matters or ask a member of staff for further information.


Friends and Relatives of Patients

What data do we hold?

As part of providing high-quality care, it may be necessary for us to hold the following information about you as a friend or relative of a patient:

  • Your name, telephone number and address


Why do we hold this data?

We hold this data because we have a legitimate interest in maintaining next of kin and emergency contact information for patients in our care, and in holding lasting power of attorney information where relevant. We may also process this data with your consent.


Where do we process your data?

We may share your data with the following:

  • Other health and care professionals involved in the patient’s care
  • The local authority, where relevant
  • The police or other law enforcement agencies, where required by law or court order


Your Rights as a Patient

The data we hold about you is your data. We keep it confidential and use it appropriately. You have the following rights:

14.  The right to access a copy of all personal data we hold about you. We will generally not charge for this.

15.  The right to ask us to correct any data you believe to be inaccurate or incomplete, and to restrict processing while we consider your request.

16.  The right to ask us to erase personal data that is no longer necessary for the purpose for which it was collected. We retain data in line with the NHS Records Management Code of Practice (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance).

17.  The right to ask us to restrict processing where we no longer need your data for the original purpose, but you do not wish for it to be erased.

18.  The right to withdraw consent where processing is based on your consent. Please contact us to do so.

19.  The right to object to processing carried out on the basis of our legitimate interests or in the public interest. We will restrict processing while we consider your objection.

20.  The right to data portability – to receive your personal data in a structured, commonly used electronic format.


To exercise any of these rights, please contact us at info@therealclinic.com or in writing at 1 Vincent Square, London, SW1P 2PN. You may be asked to provide proof of identity (such as a passport or driving licence) to allow us to verify your request before we action it.


We will always respond to your request as soon as possible and within one month at the latest. If you are not satisfied with our response, you have the right to complain to the ICO at the address above.