PRIVACY POLICY
Mr Simon Abram takes your privacy very seriously and is committed to safeguarding your personal information.
We understand that by sharing personal details with us, you are placing trust in how that information is handled. Protecting your confidentiality is a central responsibility. We comply fully with UK data protection legislation (“Data Protection Laws”) as well as professional confidentiality standards, including those set by the General Medical Council.
This Privacy Policy explains how and why we collect, use, store, and disclose your personal data. It also outlines your rights and how you may exercise them.
By providing us with personal information, or by using our services, website, or digital platforms, you consent to the practices described here.
For the purposes of Data Protection Laws, the data controller is Mr Simon Abram.
References to “we”, “us”, or “our” in this document mean Mr Simon Abram.
The information we collect
When we refer to “personal data”, we mean any information that identifies you, or could identify you when combined with other details.
Depending on your interaction with us – whether as a patient, client, enquirer, or job applicant – we may collect information such as:
Your name, contact information (address, email, phone number).
Details of your next of kin.
Correspondence between you and us, including referrals and quotes.
Records of consultations, treatments, or services provided either directly or through third parties.
Feedback and outcome information that you provide.
Records of phone calls, complaints, or incident reports.
Payment details and financial information.
Information from surveys, promotions, or events you have taken part in.
Information gathered from our websites or online services, including IP address, browser type, site interactions, and usage data.
Some of this may include “special category” data, such as information about your physical or mental health, ethnicity, or information relating to children. By providing this type of sensitive data, you are giving explicit consent for it to be used in the ways outlined in this policy.
If you share personal details about another person (for example, a next of kin), it is your responsibility to ensure they are aware of this policy.
Cookie Policy
By continuing to use this website, you consent to our use of cookies as described below.
Cookie | Duration | Description |
|---|---|---|
m | 1 year 1 month 4 days | Stripe sets this cookie for fraud prevention. It helps identify the device used to access the website and support secure, consistent page delivery. |
_ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
_ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for analytics reporting. It stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
carebit_csrf_token | Session | Required for use of patient portal and booking service via Carebit. |
_carebit_session | Session | Required for use of patient portal and booking service via Carebit. |
How we use your information
We will only use your personal data for the purposes it was collected, and always in line with Data Protection Laws, confidentiality guidance, and clinical records requirements.
In practice, this means your data may be used to:
Provide medical care and related services to you.
Manage contracts, billing, accounting, audits, and fraud checks.
Respond to requests or enquiries.
Fulfil legal or regulatory requirements.
Share relevant information with clinicians and healthcare professionals directly involved in your care.
Support quality assurance, clinical audits, or investigation of complaints.
Monitor and improve services, including patient feedback and outcome tracking.
Conduct market research or statistical analysis (in anonymised form).
Ensure website content and digital services are functioning effectively.
Sensitive health information is only shared when strictly necessary for your treatment, for clinical audit, or as required by law and professional guidance.
Security of your data
We apply strict organisational and technical safeguards to protect personal data from misuse, loss, or unauthorised access.
Data may be stored or processed outside the European Economic Area (EEA), but only where appropriate protections are in place that meet UK data protection standards.
All data is stored securely. Where payments are made online, transactions are processed via secure third-party providers. If you are given (or create) a password for accessing certain services, it is your responsibility to keep it confidential.
Although we use secure connections, transmission of information over the internet can never be guaranteed to be completely safe. If you choose to send or receive sensitive information by email, you do so at your own risk.
Sharing your information
In the course of providing healthcare and related services, your data may be shared with trusted third parties where necessary. These include:
Doctors, nurses, and allied healthcare professionals involved in your treatment.
Administrative staff supporting your care (e.g. secretaries, receptionists).
Your GP or dentist (unless you have asked us not to share, and we are legally able to respect that request).
Hospitals or clinics where you are treated.
Insurers, if they are funding your care or investigating a claim.
NHS bodies, regulators, and professional oversight organisations (e.g. Care Quality Commission, GMC).
Service providers such as IT companies, auditors, legal advisers, and debt recovery services.
Law enforcement or government bodies where required by law.
Where external providers process data on our behalf, they do so under strict contractual obligations to ensure confidentiality and security.
Health information
We may share relevant clinical details with external hospitals, clinics, or practitioners where this is necessary for your care. In such cases, those providers may also act as independent data controllers and must manage your data in accordance with Data Protection Laws.
If your insurer is paying for all or part of your treatment, we will share information with them about the care provided, its clinical necessity, and costs, but only to the extent required.
We may also share information with regulators if we are legally required to do so, for example in response to a complaint or investigation into a clinician’s professional conduct.
In emergencies, or if you are unable to provide consent, we may process and share your personal data if it is necessary to protect your life or health.
We also contribute anonymised data to national clinical audits and research initiatives designed to monitor outcomes and improve care standards.
Your rights
Under UK Data Protection Law, you have the right to:
Request a copy of the personal data we hold about you (a small fee may apply in some cases).
Ask us to correct factual inaccuracies in your data.
Request deletion of your data, subject to legal and clinical record-keeping requirements.
Restrict or object to certain processing of your data.
If your contact details change (especially your email, postal address, or phone number), please let us know at enquiries [at] foundryclinic.com so we can update our records.
If you wish to exercise your rights, please contact us at enquiries [at] foundryclinic.com. We may need to confirm your identity before acting on your request.
If you are unhappy with how we handle your data, you can contact the Information Commissioner’s Office (ICO) on 0303 123 1113 or visit www.ico.org.uk.
Updates to this policy
This Privacy Policy is reviewed regularly and may be updated at any time. Please check this page periodically to stay informed of any changes.
Contact
If you have any questions about how your data is handled, please email us: enquiries [at] foundryclinic.com
