McNicholas Knee Clinic Privacy Policy

MJ McNicholas

Why we need your personal data

In order to provide your Medical treatment and ensure you are treated effectively we must hold sufficient data so you can be personally identified. This includes Hospital Numbers, First Name, Last Name, Date of Birth, Address, email address and phone number.
We will not collect any personal data from you that we do not need to provide and oversee the services we have agreed to provide you with.
Your referrer will provide us a clinical summary of the issue you are presenting with. If we do not have this information we may be unable to reach a full diagnosis.

What we will do with your personal data

All personal data held by us as part of your care pathway, will only be viewed by McNicholas Knee Clinic staff in the European Economic Area that are actively involved in your care pathway. This information will never be passed to any outside source other than:

  • Where requested by your referrer or healthcare body in connection with your care pathway.
  • Where requested by any sponsor or payor of your care ie. Embassy/ insurer.
  • Where requested by you, the owner of the information.

As part of your care pathway we collect and process data from the following channels:

  • Information passed to us from healthcare professionals (Consultants, General Practitioners and Allied Health Professionals) as part of you care pathway.
  • Information may be collected via video consultations, telephone conversations with you as part of your care pathway. Please note telephone calls may be recorded for quality and training purposes.
  • Any written letters or secure email we may send or receive with regards to your care pathway.
  • Information collected via our online referral system and website including completed web forms.

We do not make decisions about you based solely on automated processing, including profiling.

Storage of personal data

We take all reasonable steps to ensure your personal data is processed and stored securely. We do not store any personal data outside of the European Economic Area. By submitting personal data you agree to the transfer of information to us and the subsequent storage of this data.
We will take all necessary steps to ensure that your data is transmitted and stored in compliance with the current data protection laws and regulations.

How long we keep your personal data

We will keep your personal information in line with the NHS Records Management Code of Practice (the ‘Code’). Depending upon the condition diagnosed, data may be stored for up to 30 years for Cancer diagnosis and illness that may reoccur. At the end of the Code’s prescribed period personal information will destroyed if it is no longer required for the lawful purpose(s) for which it was obtained.

How else would we like to use your personal data

Where we have had your consent, we may contact you for quality and marketing purposes.

As part of our contractual requirements to deliver your care pathway we may invite you to take part in a survey for quality purposes.
This information will not be shared with any third party and will not include your medical data or medical history.

The legal basis for processing and storing your personal data

We’ll process your personal data:

As necessary to perform the obligations of our contract with your referring insurer or healthcare provider.
As necessary to comply with legal obligation.
Based on your consent i.e to send you marketing communications where we’ve asked for your consent to do so.

Your Rights under GDPR

To meet the requirement that we are fair and transparent with your data, you have the following rights under GDPR (noting that these rights don’t apply in all circumstances):

  • The right to request access to your personal data and information about how we process it;
  • The right to be informed about our processing of your personal data;
  • The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data;
  • The right to have your personal data erased (the“right to be forgotten”);
  • The right to move, copy or transfer your personal data (“data portability”);

Rights in relation to automated decision making including profiling

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law:
If you wish to exercise any of your rights above please email with the subject: GDPR Update. Please note each request will be considered upon merit and actioned in line with the necessary requirements/exemptions. This link explains your right to erasure, right to be forgotten in relation to your medical record under GDPR (General Data Protection Regulation).

For the privacy policies of the organisations we work with please see: