Privacy Policy

Established in 1991, 108 Harley Street is a multi-disciplinary centre aimed at providing our patients individualised and expert care.

We respect the privacy of our patients and take precautionary measures about how we collect, store and use your personal information, as described here.

Personal information provided to 108 Harley Street by you will only be used for the purposes stated when the information is requested, such as creating a self-referral. Information received by external referrers related to you will be treated similarly.

Personal information collected and/or processed by 108 Harley Street is held in accordance with the provisions of the General Data Protection Regulation (GDPR) 2018.

Why do we collect your personal information?

We as healthcare professionals are required by law to keep a record of your diagnosis and care provided within our clinic. It helps us make the best-informed decision in providing you with the right treatment as well as helping us protect your safety.

We collect and store data to also help us monitor and audit the quality of care we provide to our patients.

It helps give us an overview of our business operations as a whole through market research, analytical reporting and statistics which in turn helps us improve our clinical performance.

As mentioned previously, the collection of your personal information is also a legal obligation. This would include your rights to request under the Data Protection Laws. A responsibility to disclose your personal information to third parties if we are under a duty to disclose or share such information as necessary in order to make sure the personal information is accurate and if in the public interest (GDPR Article 6 & Article 9).

What do we collect?

Personal information provided to 108 Harley Street by you will only be used for the purposes stated when the information is requested, such as creating a self-referral. Information received by external referrers related to you will be treated similarly.

Please be assured that your personal information will not be sold to any third party or provided to any direct marketing company or other such organisations ever.

Our marketing team will get in touch with you to request consent to send across our clinic newsletter that is aimed at patients to inform them of any changes within the clinic.

This information is collected through our registration forms, via the website enquiry form, at the time of booking your appointment, on the day of your appointment, in the clinic and at the time of your appointment.

The personal information we collect and store include:

  • Personal details like your name, gender, date of birth, address, email address, telephone number and other contact information if required.
  • Information of your next of kin is also stored.
  • Your previous and current medical records, including results of investigations such as laboratory tests, imaging or x-ray and genetic testing reports, clinical letters and referral letters provided to us by referrers, GPs or other third parties.
  • In clinic medical notes by consultants and nurses, clinic letters, reports, results, referral letters, operation/surgery notes, consent forms.
  • Financial information stating if you are a self-paying, insured, embassy or sponsored patient. Your insurance or other payment details, embassy and employer details if applicable, Letter of Guarantee, invoices.
  • Appointment details such as appointment letters, clinic visits, list of appointments made, type of appointments, reasons for appointments, consent forms, registration forms.
  • Other information collected also includes allergies you may have, your NHS GP and specialist details, referral data, proof of address, nationality, family medical history, feedback form/questionnaire, complaint forms.

How is it stored?

The information which you provide to us will be stored either on our secure servers or our Medical System provider Meddbase, whose servers are hosted in London and complies with all EU privacy regulations including GDPR. A hard copy of all medical reports generated on the clinic’s medical database is placed in the patient’s notes to guard against failure of electrical equipment or breakdown.

Security of your personal information

We work hard to protect 108 Harley Street, our systems and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:

  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems and data.
  • All staff are annually trained on data protection to keep you and your personal information safe.
  • We encrypt any sensitive data that needs to be provided outside of 108 Harley Street for both agents and patients.

How long will be keep your personal information?

Every 3 years your file may be archived on a disc or drive and will be securely stored away. Your physical notes once scanned are then destroyed securely via shredding on-site or by sending them to a company, which offers a confidential waste disposal service.

Retention of medical records

We are only allowed to keep your medical records for a certain period then your notes must be destroyed.

Our retention period :

Breast medical notes – 30 years then destroyed

All other clinics- Rectal, Groin & Hernia, Skin, ENT, Sports, Gynaecology and day surgeries – 10 years then destroyed

Young Adults – retained until 26th Birthday then destroyed

Please note we will only destroy your medical records if you have not attended within this period.

Do we share your personal information?

If we should receive a request from an outside body for a copy of the patient’s medical records we ensure that this is accompanied by the patient’s written consent.

If you (the patient) should contact us via telephone requesting a copy of their records, you will be asked a number of security questions as confirmation.

How can you access your own personal information?

If you would like to know the personal information we have on you, you have the right to access this information by putting in a subject access request. This request gives you the right to obtain a copy of your personal data as well as other supplementary information.

To access this information, you can get in touch with our Data Protection Officer, Clair Linnane: She will then get in touch with you directly and arrange for a viewing/copying in a private room. This will be done at no additional cost to you.

If you would like a copy of your notes this will be free of charge and our policy is that this will be done within 30 days.

If you wish to amend any personal information, this will be recorded. If you wish to delete your clinical history from the file the Data Protection Officer will communicate with your Consultant first. If you wish to delete your file completely, this will again be reviewed by a consultant before a decision is made.

Your rights

  • The right to be informed;
  • The right of access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to data portability;
  • The right to object; and
  • The right not to be subject to automated decision-making including Profiling

Contact Information

If you have any further questions about our privacy policy, the personal information we have collected and stored of you, or how we use your personal information then please contact our Data Protection Officer Clair Linnane:


Mailing Address: 108 Harley Street, London W1G 7ET

Compliance and co-operation with regulatory authorities

We regularly review our compliance with our Privacy Policy. We also adhere to national data protection regulations. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.


Cookies are tiny text files that are transferred to your computer when you visit websites. They can be used to enhance your experience on a particular website, for example, they may be used in conjunction with your shopping cart on an eCommerce site, or they may simply be used for marketing purposes to monitor site usage and activity.

What do cookies do?

On eCommerce sites, cookies can store the contents of your shopping basket as you proceed through checkout.

Enable you to ‘log in’ facility to a profile account so you can see information relating to your account and manage your details.

Record the areas in our site you have visited and for how long, as well as which pages you have viewed and your progress through the site. This is to help us improve our website so that it’s easy to use and navigate.

Are cookies safe?

Yes – they don’t harm your computer.

Yes – they do not contain any information that could be used by others to identify you personally.

Yes – they do not contain any confidential details such as your email address or payment details.

Can I turn cookies off?

If you would prefer not to have cookies from my website stored on your computer, you can change the settings on your website browser. You can find out how to do this in the ‘Help’ section of your browser, via the menu bar or visiting where there are details about how to manage cookies.

Google Analytics allows us to:

To understand how visitors use the site, as well as provide valuable information about devices used and where in the world you have visited us from.

Help identify any errors so we can fix them.

Gather information that helps us continually improve our website.

The data collected is completely anonymous, there is no personal information to identify a visitor stored or recorded.

To remember your chosen settings, a cookie will be stored in your current browser. If you delete all cookies from your browser, you will have to update these settings again.

If you use a different device, different account on your PC or a different browser, you will need to set your preference for them too. The settings you have chosen today will only apply to the device and browser you are using now.

Online appointment booking system

108 Harley Street collect and store data you provide in order to book an appointment online.

Personal information stored includes name, address, date of birth, email address, telephone number.

We remove all patient information from our online booking system 1 week after the appointment or appointment cancellation.

Personal information will be transferred to our on premises booking software Meddbase and stored securely in line with our related privacy policy.