Our legal basis for using personal information

Dr Ross Stewart MRCGP, as data controller ( Ref number ZB083061 ) is required to have a legal basis when using personal information and will be responsible for, and be able to demonstrate compliance with the UK GDPR

About the personal information the Cademuir Clinic uses

Any information the Clinic collects will be for specific, explicit, and legitimate purposes and adequate, relevant, and limited to what is necessary in relation to ensure you receive the correct healthcare services. Furthermore, information will be accurate and, where necessary, kept up to date. Every reasonable step will be taken to ensure that when personal data are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay. Your information will be stored indefinitely.

Information will be processed in a manner that ensures appropriate security of the records, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures. The Cademuir clinic has a legal duty to keep personal health information secure, and confidential. All information is recorded electronically and only accessible to qualified individuals.

Our purposes for using personal information

We use personal information to enable us to provide healthcare services for patients (including reminding you of appointments), maintaining our accounts and records.

Sharing personal information with others

Depending on the situation, and with your consent, where necessary we will share appropriate, relevant and proportionate personal information in compliance with the law.

Your rights

  • You have the right to access your own personal information
  • You have the right to obtain information hold
  • The right to rectification of information
  • The right to object processing of information