Privacy Policy


This privacy policy relates to the services offered by Amit Amin Medical Service Limited. We are
committed to safeguarding the privacy of our patients and visitors to this website. We intend to fully
comply with the Data Protection Act 1998 and General Data Protection Regulation.

This website is owned and operated by Amit Amin Medical Services Ltd.

  1. We are registered in England and Wales under registration number 10723165, and our registered office is at 39 Church Drive, North Harrow, Middx, HA2 7NR.
  2. Our principal places of business are London Bridge Hospital (including The Shard), OneWelbeck and Parkside Hospital.
  3. You can contact us:
    • by post, to 29 Tooley St London, SE1 2PR;
    • by using our website contact form;
    • by telephone, on 0207 234 2696 or
    • by email, using
  4.  Data protection registration: We are registered as a data controller with the UK Information Commissioner’s Office. Our data protection registration number is ZA003907.

In this policy, “we”, “us” and “our” refer to Amit Amin Medical Services Ltd. This policy applies where we are acting as a data controller with respect to the personal data of patients; in other words, where we determine the purposes and means of the processing of that personal data.

We will explain the data that we intend to collect, how it is stored and our basis for processing it. We will also outline your legal rights in respect of the data we hold. Any questions or concerns should be initially directed to

This website

This website will hold no direct patient data. If you fill in your personal data via our contact page, this data will be sent to our main practice email You have the right to object/withdraw consent to the processing of this data at anytime. You will have provided us with standard personal data, and we will explain in this document how we process this data within the remits of current data protection law.

We may process data about your use of our website – usage data. The usage data may include your IP address, geographical location, browser type and version, operating system, page views and website navigation paths. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is monitoring and improving our website and services.

Our website may include hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.

Data that we will collect

Aside from data sent through this website via the contact page, we will also collect data if patients book into one of our clinics. We will collect data directly from the patient, relative’s parents/guardians for those under 18 years of age or from the medical insurer directly. We may process information sent via email and postal correspondence. If your appointment is cancelled or you decide not to be seen as a patient in our clinic, we will delete your personal data.

Standard Personal Data will include identity data and contact data:

  1. Name
  2. Date of Birth
  3. Address (es) and contact phone number(s)
  4. Email address (es) for clinical correspondence
  5. Insurance details

We will process this data, on the basis of our legitimate interests, which are to

  • Provide you with accurate information about our practice
  • To be able to communicate and manage appointments
  • To obtain insurer authorisations.

Once seen in our clinic, we have a legal obligation to maintain a subset of basic information and this will then constitute our lawful basis for processing your standard personal data.

In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

One of my third-party data processors is the OneWelbeck Group (OWG) with whom I may share your data with for the purpose of coordination of remote consultations, billing and managing your care.

Special Category Data (as referenced within GDPR) that may be collected:

  1. Race
  2. Ethnic Origin
  3. Religion
  4. Health Status
  5. Genetics
  6. Biometrics
  7. Sexual orientation
  8. All subsequent clinical findings, through history, examination and investigations
  9. Correspondence from other clinicians involved in your care

This data is naturally more sensitive and requires specific pre-determined conditions to process. We rely on the following conditions;

  • processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional
  • processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

As a healthcare provider, we would not be able to offer or conduct our services if we did not process this information. Our aims are to provide where possible a medical diagnosis and subsequent care. It is our legal obligation and this forms our lawful basis.

Security of personal data

This includes both your standard personal data and special category data. Members of the team assembled to manage the smooth running of our practice, include a secretary, typist and billing company (PMMS currently). All parties have secure access to your data. All parties are fully trained in data protection and understand and practice within GDPR.

We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data. We do not use personal email platforms such as Gmail and Hotmail to transmit or communicate your data. Our laptops and PCs are all password protected.

We will store all of your personal data on DGL practice manager, which is an industry-leading patient management system. Access is password protected. Data will also be stored on Meddbase, for all patients seen at Fortius clinics specifically. Access is password protected. We will only allow those individuals considered to be essential to the running of our practice, access to this data.

Providing your personal data to others

We may disclose your personal data to other clinicians involved in your care. Information may be sent to your insurer if requested. All data is sent encrypted using Egress Switch, which is a industry- leading encrypted communication model. Direct communication with our patients will also be via encrypted emails or in the absence of this, postal correspondence.

In addition to the specific disclosures of personal data, as above, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

International transfers of your personal data

In circumstances in which your personal data may be transferred to countries outside the European Economic Area, we will ensure we comply with the necessary local data protection law. The need to transfer outside of the EU in our practice is exceptionally rare.

Retaining and deleting personal data

This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

We will retain your personal data as follows:

  1. Data will be retained for a minimum period of 8 years
  2. We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.


We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.

Data Breach

We have systems in place to report within 72 hours, cases of potential data breach to the ICO. There are other minor instances where the ICO does not need to be contacted, and these events will still be acted upon and carefully documented.

Your rights

In this section, we have summarised the rights that you have under data protection law.

The right to be informed:
This privacy notice outlines how we collect and use data about you.
Please contact us if you feel uninformed about any aspect of how we deal with your data. Our contact details are listed at the top of this document.

Should you need to contact the ICO directly, details are below;
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 01625 545 745

The right to access:
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data.

You can access your personal data by contacting our office directly at Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge within 30 days of request. Complex requests may take longer to process and be subject to a reasonable fee, which we will inform you about in advance. Repetitive or unreasonable requests will take longer to process, and could take upto 3 months. In some situations we may refuse to respond and we will inform you accordingly, and of your right to complain to the ICO within one month of our refusal.

The right to rectification:
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. Clinical opinion will in general not be subject to change, only errors in factual information.

The right to erasure:
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: personal data that are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

The right to restrict processing:
You have the right to restrict the processing of your personal data. We may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

The right to object to processing:
You have the right to object to our processing of your personal data where we use legitimate interests as our lawful basis. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose

The right to data portability:
You have the right to receive your personal data from an organisation in a way that is accessible and machine-readable. You also have the right to ask us to transfer your data to another organisation. If technically feasible, we will be able to honour your right of data portability.

The right to complain to a supervisory authority:
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with the ICO. We would ask that you contact our office in the first instance to allow us to investigate and resolve the matter in the first instance.

The right to withdraw consent:
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

You may exercise any of your rights in relation to your personal data by contacting us at

About cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. We use cookies to monitor how our website is used and to ensure we offer the best user experience. The cookies used on this website are anonymous and do not collect or hold personal information.

Cookies may be either persistent cookies or session cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies used on this website

1. ‘collect’,, session type.
This is used to send data to Google analytics, about the visitors device and behaviour.

2. ‘ _ga’,, 2 year expiry
This registers a unique ID that is used to generate statistical data on how visitors use the website.

3. ‘_gat’,, session type
Used by Google analytics to throttle request rate.

4. ‘_gid’,, session type
This registers a unique ID that is used to generate statistical data on how visitors use the website.

Managing cookies
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a) (Chrome);
(b) (Firefox);
(c) (Opera);
(d) (Internet Explorer);
(e) (Safari); and
(f) (Edge).

Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website. If you prefer to disable cookies on this site, please do so via your browser. The Help section of your browser or ‘the About Cookies’ website can offer you further guidance.