Privacy policy

Welcome to the The Leger Clinic Privacy Notice

This information has been produced to help you understand everything you need to know about the way The Leger Clinic collects, uses, and shares personal data, what your legal rights are and how to exercise them.

We hope you’ll take some time to read this document; we’ve tried to keep it all as simple as possible and to avoid jargon, and we’ll make our best efforts to keep you informed if there are any changes to the way we process your personal data in the future.

The Leger Clinic takes its responsibility for protecting your data very seriously and we do advise you get to know our practices. If there’s anything here you don’t understand, or if you want to ask any questions, please feel free to contact us.

Who is the Data Controller?

We are The Leger Clinic.

Registered Address: Mathon Court West Malvern Road, Mathon, Malvern, England, WR13 5NZ.

Registration Number: 03804116

In this document The Leger Clinic may be referred to as “we”, “us”, or “our”.

What Kinds of Personal Data does The Leger Clinic Process?

We collect personal data for various purposes; with that in mind we have created a list of the types of personal data that we may collect, either directly from yourself or from other sources, in order to achieve those purposes.

Types of People:	Categories of Data:
Employees	Name, address, DOB, telephone, email address, usernames, work experience, education history, national insurance number, passport details, bank details, gender, pension ID, Insurance ID, tax information, criminal background checks, next of kin details, job title, Driving License, National ID documents, Images
Patients	Name. Address, DOB, Telephone,email, GP details, Gender, Allergies, Medical records, sexual health, Sex at birth, Name at birth, Occupation, Ethnicity, NOK details, Passport details, Driving License, Images, Bank details
Emergency contacts	Name, Telephone number, Email, Home address
Job applicants	Name, Address, DOB, Telephone number, Email, CV details, Images
Partners	Name, Job title, Email, Telephone number
Suppliers	Name, Job title, Email, Telephone number
Contractors	Name, address, DOB, telephone, email address, usernames, work experience, education history, national insurance number, passport details, bank details, gender, pension ID, Insurance ID, tax information, criminal background checks, next of kin details, job title, Driving License, National ID documents, Images

 

Special Category Personal Data Personal data that is considered sensitive in nature are given special consideration in when they may be processed. We may process the following types of special category personal data, under the included lawful basis. Data Category: Relating To: Lawful Basis: Data concerning health information Patients Provision of health or social care Data concerning sex life or orientation Patients Provision of health or social care Racial or ethnic origin Patients Provision of health or social care Data concerning health information Employees Employment and social law Religious or philosophical beliefs Patients Provision of health or social care   Lawful Basis Explained: Employment and social law It is necessary for us to carry out our obligations the field of employment and social security and social protection law. Provision of health and social care It is necessary for the purposes of preventive or occupational medicine, or for the provision of health or social care or management of healthcare systems and services.

Protected Health Information

Some of the patient information we process may also be referred to in this Privacy Notice as Protected Health Information, or PHI. PHI means identifiable information about a patient’s health, healthcare, treatment, prescriptions, medical history, consultations, communications, payment for healthcare services, or other information that can identify an individual and relates to healthcare services provided by The Leger Clinic.

Further information about how we use and disclose PHI is set out in the section “Notice of Privacy Practices: Protected Health Information”. 

What are the reasons The Leger Clinic collects Personal Data?

Legal Obligations

We use personal data firstly to fulfil any contractual obligations that exist between us and yourself. Where we request personal data be provided to enter into, or meet the terms of any such contract, you will be required to provide the relevant personal data or we will not be able to deliver the goods or services you want. In such cases the lawful basis of us processing the personal data is that it is necessary for the performance of a contract.

We are required by law to process personal data for purposes relating to our legal obligations, these include:

To provide for our financial commitments, or to relevant financial authorities.

To comply with regulatory requirements and any self-regulatory schemes.

To carry out required business operations and due diligence.

To cooperate with relevant authorities for reporting criminal activity, or to detect and prevent fraud.

To investigate any insurance claims, claims of any kind of harassment or of discrimination, or any other claim whereby the organisation may have to defend itself.

 

Legitimate Interests

We may process personal data for any of the following purposes, which are considered to be within our legitimate business interests:

To inform people of other goods and services we provide or offers that may be of interest.

To send information to people who have asked to be kept informed.

To improve the quality of services offered and to better understand customers’ needs by requesting feedback or reviews of the services provided, or by sending survey forms.

To send notifications of any changes to the goods and/or services provided that may affect people.

To understand the scale of our customer base; for statistical analysis and market research.

To recognise when people re-engage with us.

To allow us to support and maintain our products in active service.

To provide reference information to third party organisations when necessary.

To improve our website so content is delivered more efficiently.

To enhance the security measures in place that protect data we are responsible for.

To protect our assets.

To provide for and manage members of staff within the organisation

 

Where does The Leger Clinic Obtain Personal Data from?

We collect personal data directly in various ways. This could include when you complete an online form, or if you provide the data directly to a representative of The Leger Clinic.

Where it is necessary for us to achieve our business objectives, we may collect personal data from publicly accessible sources such as:

Linkedin, Recruitment sites

 

We may also gather personal data by any of the following methods:

By systems that gather data automatically from your computer equipment when visiting our online platforms.

From systems that allow geographical location tracking, such as IP Address mapping, WiFi, GPS signals and cell tower positioning.

Who does The Leger Clinic Share Personal Data with?

To achieve the above stated purposes for which we process your personal data, we may have to share information with certain third-party organisations. This may include where we are legally required to do so, or where it is strictly necessary in order to deliver a particular product or service.

We will make all reasonable efforts to ensure any third-party with whom we whare personal data is compliant with data protection law.

The kinds of third-parties we may share your information with include:

Organisations where it is necessary to provide goods and services or to achieve our business purposes.

Organisations who act as marketing agents.

Notice of Privacy Practices: Protected Health Information

This section explains how The Leger Clinic may use and disclose Protected Health Information, or PHI, and explains the rights individuals have in relation to their health information.

For the purposes of this Privacy Notice, PHI means identifiable information about a patient’s health, healthcare, treatment, prescriptions, medical history, consultations, communications, payment for healthcare services, or other information that can identify an individual and relates to healthcare services provided by The Leger Clinic.

How we may use and disclose PHI

We may use and disclose PHI where necessary to:

• Provide healthcare services, including assessment, consultation, treatment, prescribing, clinical review and follow-up care.
• Communicate with patients about appointments, treatment, test results, prescriptions, referrals, service updates and related healthcare matters.
• Maintain patient records and manage the quality, safety and continuity of care.
• Verify patient identity and eligibility to receive services.
• Process payments, administer patient accounts and manage billing or financial records connected to healthcare services.
• Work with healthcare professionals, pharmacies, laboratories, technology providers, payment providers and other service providers where necessary to provide or support our services.
• Comply with legal, regulatory, professional, safeguarding, clinical governance, audit, insurance or reporting obligations.
• Protect patients, staff, clinicians, the public, and the security and integrity of our services.
• Respond to complaints, incidents, legal claims, regulatory enquiries or requests from competent authorities.
• Detect, investigate, prevent or report fraud, misuse of services, security incidents or unlawful activity.

We will only use or disclose PHI where we have a lawful basis to do so and where appropriate safeguards are in place.

Your rights in relation to PHI

Patients have rights in relation to their health information, subject to applicable law. These include the right to:

• Request access to health information we hold about you.
• Request a copy of your health records or other PHI.
• Ask us to correct or amend information that is inaccurate or incomplete.
• Ask us to restrict or object to certain uses of your information, where applicable.
• Ask us to delete information where we are legally able to do so, noting that some health records must be retained for legal, regulatory, clinical or professional reasons.
• Request that information you have provided to us is transferred to another provider, where applicable.
• Raise a complaint about how your PHI has been used, disclosed, protected or otherwise handled.

To exercise these rights, please contact The Leger Clinic using the contact details in this Privacy Notice or contact our Data Protection Officer at dpo@ametrosgroup.com.

When making a request, we may need to verify your identity before we can respond. This helps us protect your information and ensure that PHI is only disclosed to the correct individual or their authorised representative.

Complaints

If you have a complaint about how The Leger Clinic uses, discloses or protects your PHI, please contact us first so that we can investigate and respond.

You can contact us at:
 

The Leger Clinic Ltd  

Ranch House

Chapel Lane

Bingham

Nottingham

NG13 8GF

UK

 

Telephone: 0808 502 0570  

Email: enquiries@legerclinic.co.uk  

Data Protection Officer:

Ametros Group Ltd  

Fourth Floor

Broadway House

32-35

Broad Street

Hereford

HR4 9AR

 

Email: dpo@ametrosgroup.com  

Website: www.ametrosgroup.com

You also have the right to complain to the relevant data protection supervisory authority. In the UK, this is the Information Commissioner’s Office.

Our legal duties

The Leger Clinic is required to protect the privacy and security of personal data and health information, including PHI, in accordance with applicable data protection, healthcare, professional and regulatory requirements.

We are required to:

• Maintain the privacy and security of PHI.
• Use and disclose PHI only where lawful, necessary and appropriate.
• Provide individuals with information about how their PHI is used and disclosed.
• Respect applicable rights individuals have in relation to their health information.
• Maintain appropriate administrative, technical and organisational safeguards to protect PHI.
• Ensure that third parties who process PHI on our behalf are subject to appropriate contractual and confidentiality obligations.
• Notify affected individuals and/or regulators where required by law if a reportable data breach occurs.

We reserve the right to update this Privacy Notice where required to reflect changes in law, regulation, professional guidance, our services, or the way we use and protect PHI.

Where will The Leger Clinic Store your Personal Data?

As a part of our standard business practices, we may transfer your personal data to organisations based in countries that have not been granted an adequacy decision under the General Data Protection Regulation. Country: Purpose: USA CRM system USA Email marketing

Wherever possible, we shall maintain contracts between us and the third-parties involved that ensure the recipient organisation has suitable standards of data protection in place.

Where personal data is shared with companies based in the USA, we shall make all efforts to ensure those organisations are signed to the EU-US Privacy Framework.

Where data is transferred between our own sites (or between a group of companies to which we belong), we shall maintain Binding Corporate Rules (BCR) that apply to every member organisation concerned. These BCR’s shall ensure that every party involved that we share your personal data with has a similar standard of data protection compliance in place.

How Long will The Leger Clinic Keep your Personal Data?

We will keep your personal data only for as long as required to achieve the purposes for which it is gathered.

The following criteria determine the period for which we retain personal data:

Until we are no longer required to do so to comply with regulatory requirements or financial obligations.

Until we are no longer required to do so by any law we are subject to.

Until all purposes for which the data was originally gathered have become irrelevant or obsolete.

Until the goods and/or services we have provided are no longer in active use.

Until it is requested that we no longer process the data and that it is erased.

10 years for patient records

 

Your Rights, Our Responsibility

The Right of Access

This grants you the right to confirm whether or not your personal data is being processed, and to be provided with relevant details of what those processing operations are and what personal data of yours is being processed.

If you would like access to the personal data we have about you, we ask that you contact us using the details below.

The Right to Rectification

This one is fairly straight forward; if you notice that the data we have about you is inaccurate or incomplete, you may request we rectify the mistake. We will make every effort to respond to requests of this type immediately.

The Right to Erasure

Otherwise known as the ‘right to be forgotten’, this given you the right to request your personal data be deleted.

This is not an absolute right; if you were to request that we erase your personal data, we would erase as much of that data as we could but may have to retain some information if it is necessary.

Were we have received a request for personal data to be erased, if it is necessary for us to retain some of that information we shall ensure that the remaining data is used only when and where it is absolutely necessary.

The Right to Objection

The right to object is a basic freedom all democracies enjoy. If you wish to object to the way we use, or have used, your personal data you may do so freely.

The Right to Complain

We will always try to maintain the highest standards and encourage the confidence our customers have in us as an organisation. To achieve this, we request that any complaints be first brought to our attention so we can properly investigate matters. If you would like to complain about The Leger Clinic to a regulatory body, you may do so by contacting your local data protection supervisory authority.

The Right to Portability This is a legal right afforded to you that states we must pass on all of the details you have provided to us in a machine-readable format, either to your or to another provider of your choosing.

 

The Leger Clinic Contact Details

The Leger Clinic Ltd  

Ranch House

Chapel Lane

Bingham

Nottingham

NG13 8GF

UK

0808 502 0570

enquiries@legerclinic.co.uk

The Leger Clinic Data Protection Officer Ametros Group Ltd Fourth Floor Broadway House 32-35 Broad Street Hereford HR4 9AR   dpo@ametrosgroup.com www.ametrosgroup.com

 

Updated 27th May 2026