top of page

Privacy Policy

Last updated: 19 January 2026

​

This Patient Privacy Notice explains how Dr Sunil Patel’s private practice (“we”, “us”, “our”) collects, uses, stores and shares your personal information when you use our services, including outpatient, inpatient, remote and video consultations.

​

We are committed to protecting your privacy and handling your data transparently, safely, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

​

1. Who we are (Data Controller)

Dr Sunil Patel’s (practicing under S Patel Medical Services Ltd) is the Data Controller for your personal data.

​

Contact details for privacy enquiries:
Email: info@drsunilpatel.com

Telephone: 020 7362 1121 or 07884 719 983
Website: www.drsunilpatel.com

 

Practice address:
As we work from multiple private clinic locations, the practice address may vary depending on where your appointment takes place. Please refer to the “Locations” section of our website for details of clinic addresses.

​

2. What information we collect

We may collect and process the following categories of personal data:

 

(A) Personal and contact information

  • Full name

  • Date of birth

  • Address

  • Email address

  • Telephone number

  • Next of kin or emergency contact details (where relevant)

  • ​

(B) Medical and health information (special category data)

  • Symptoms and medical history

  • Diagnoses and clinical assessments

  • Consultation notes

  • Test results and investigations

  • Treatment plans, prescriptions and medical advice

  • Referral letters, reports received from or sent to other healthcare professionals, historical letters from your GP or NHS hospital

  • Fitness to travel/work advice (if applicable)

​

(C) Appointment and communication information

  • Appointment requests and scheduling details

  • Correspondence by email, letter, phone, video consultation platforms, or secure portals (where used)

​

(D) Payment and insurance information

  • Invoicing/billing information

  • Insurer details (if relevant to your care)

​

Important: We do not intentionally collect or store full card payment details unless processed securely via an approved payment provider.

​

(E) Photographs (only where medically relevant)

Occasionally, we may take and store clinical photographs where necessary for your medical care (for example, documenting clinical progress). These images are used for medical purposes only and handled as part of your confidential medical record. You will always be informed if these are taken and securely stored.

 

3. How we collect your information

We may collect information from:

  • You directly (e.g., consultation, medical questionnaire, website enquiry, completion of registration forms)

  • A person acting on your behalf (e.g., family member/carer with your permission)

  • Your GP or other clinicians involved in your care

  • Private hospitals/clinics where you are treated

  • Laboratories and diagnostic providers

  • Your insurer (if relevant)

​

4. Why we use your information (purposes)

We use your information to:

  • Provide safe medical care and treatment

  • Assess symptoms and make clinical decisions

  • Arrange tests, investigations, prescriptions, and referrals

  • Communicate with you about appointments and your care

  • Produce medical reports/letters (e.g., to your GP, insurer, or other specialists, where appropriate)

  • Maintain accurate clinical records

  • Process payments and manage billing/insurance administration

  • Ensure patient safety and continuity of care

  • Comply with legal and regulatory obligations

​

5. Lawful basis for processing your data

Under UK GDPR, we must have a lawful basis for processing your personal data.

For personal data, we rely on:

  • Article 6(1)(b) – performance of a contract (to provide you with medical services)

  • Article 6(1)(c) – compliance with a legal obligation

  • Article 6(1)(f) – legitimate interests (e.g., running a safe and effective medical practice)

For health data (special category data), we rely on:

  • Article 9(2)(h) – management of health or social care systems and services, and provision of health care or treatment

​

6. Confidentiality and your medical record

All information you provide is treated as confidential. Your medical records are handled in accordance with professional standards and applicable legal requirements.

​

We use Carebit as our practice management software to securely manage patient records, communications, and administration relating to your care. For more information about how Carebit processes patient data, please see:
https://www.carebit.co/for-patients

​

In some circumstances, we may need to share relevant information without your explicit consent where:

  • it is necessary to protect your vital interests or the vital interests of another person, or

  • there is a legal requirement (e.g., court order), or

  • there is a safeguarding concern involving risk of serious harm.

  • ​

Where possible and appropriate, we will discuss this with you first.

​

7. Who we share your information with

We only share your information when necessary for your care, administration, or legal/regulatory purposes.

This may include:

(A) Healthcare providers involved in your care

  • Your GP

  • Other consultants and specialists

  • Allied healthcare professionals

  • Private hospitals and clinics where you are treated (including the locations listed on our website)

(B) Diagnostics and testing providers

  • Laboratories

  • Imaging providers (e.g., X-ray, CT, MRI services)

(C) Administrative and technical service providers (data processors)

  • Practice management/medical record systems (including Carebit)

  • IT support providers

  • Secure email/communications providers

  • Website hosting providers

(D) Payment and insurance processing

  • Payment processors

  • Insurers (where relevant and necessary)

  • ​

We do not sell your personal data or share it with third parties for marketing purposes.

​

8. How we communicate with you

We may contact you regarding your appointments, test results, treatment plans, medical advice, invoices, or other matters related to your care.

We may communicate with you using the following methods:

  • E-mail (for appointment confirmations, letters, reports, and general clinical/admin communication)

  • Telephone via our office number (020 7362 1121 or practice mobile 07884 719 983)

  • WhatsApp (via number 07884 719 983, where appropriate, for practical communication such as appointment arrangements or brief updates)

  • ​Post (when we cannot contact you via the methods above)

​

Please note that while we take reasonable steps to protect confidentiality, some communication methods (such as email and messaging services) may involve risks depending on your own device security and account privacy. If you prefer not to be contacted via a particular method, please let us know and we will update your communication preferences.

​

WhatsApp and email are not monitored continuously (office hours are 09:00-17:00, Monday to Friday) and must not be used for emergencies.


If you require urgent medical attention, please call 999, attend your nearest A&E, or contact NHS 111 for urgent advice.

We will only use your contact details for purposes related to your care and practice administration, and we do not use them for unrelated marketing.

​

9. International transfers

We aim to keep your information within the UK. In some cases, service providers (e.g., secure cloud systems) may store or process data outside the UK.

​

Where international transfers occur, we ensure appropriate safeguards are in place, such as:

  • UK adequacy decisions, or

  • UK-approved contractual safeguards (e.g., International Data Transfer Agreement).

​

10. Data security

We take appropriate security measures to protect your information against unauthorised access, loss, misuse, alteration, or disclosure.

These may include:

  • Secure systems for storing and accessing medical records

  • Access controls and password protection

  • Confidentiality obligations

  • Secure handling of correspondence and reports

​

11. How long we keep your information (retention)

We keep your personal and medical information only as long as necessary for your care and for legal, regulatory, and professional purposes. Where appropriate, we follow UK best practice and NHS-style medical records retention guidance, as applicable to private medical practice. Retention periods may vary depending on the type of record and your circumstances. If you would like further details on our retention approach, please contact us at info@drsunilpatel.com.

​

12. Your rights under UK GDPR

You have rights over your personal data, including:

  • Right of access – request a copy of your personal data (Subject Access Request)

  • Right to rectification – ask us to correct inaccurate or incomplete information

  • Right to erasure – request deletion of your information (only applies in certain situations; medical records often must be retained)

  • Right to restrict processing – ask us to limit how we use your data

  • Right to object – object to certain processing based on legitimate interests

  • Right to data portability – request transfer of certain information in a structured format (where applicable)

To exercise any of these rights, contact: info@drsunilpatel.com.

We may need to confirm your identity before responding to your request.

​

13. Subject Access Requests (SARs)

You can request access to your personal data by contacting us at info@drsunilpatel.com. We aim to respond within the required legal timeframe (usually within one month), though this may be extended where requests are complex or numerous.

​

14. Complaints

If you have concerns about how we handle your information, please contact us first so we can try to resolve the issue.

You also have the right to complain to the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113

​

15. Website privacy, cookies and analytics

If you contact us via www.drsunilpatel.com, we may receive information you submit through website forms (e.g., name, email address, reason for enquiry). We do not knowingly collect personal data from children via the website. Cookies may be used to ensure the website functions properly and to help understand website performance. Where non-essential cookies are used (e.g., analytics), we will request your consent via a cookie banner where required.

​

16. Changes to this Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in legal requirements or how we operate.

The most recent version will always be published on www.drsunilpatel.com.

​

bottom of page