General Data Protection Regulation (GDPR)
What is GDPR?
The General Data Protection Regulation (GDPR) is a new regulation
which is intended to strengthen and unify data protection for all
At CHESTNI, we are committed to ensuring the protection of your
personal information. In accordance with GDPR guidelines, our aim
is to have safeguards in place to protect your privacy and ensure
that you feel confident about the security of the personal data
which you provide to us.
Data Protection Privacy Notice
This privacy notice is to let you know how we will look after your
If we provide you with a medical service, then we will use your
personal information in the ways set out in this privacy notice.
Under Data Protection Laws, we can only process your personal information
where we have a proper reason for doing so, such as:-
• it is in our legitimate interests to do so – for example a legitimate
interest is when we have a reason to use your information to provide
treatment or care and order medical tests
• we are required to do so by law i.e. a legal obligation
• you have entered a contract with us for a service
• in the public interest – where this has a clear basis in law
• vital interests – for example protection of life in a medical
What personal data do we collect?
Personal data is any information that is identifiable as belonging
CHESTNI will request personal data from patients attending the clinic
for an outpatient or procedure, for the sole purpose of creating
a medical file on the individual patient.
Personal data collected may include:-
• Patient’s name
• Date of birth
• Health + Care Number
• Contact telephone number
• GP name & address
• Private health insurance company, account number and authorisation
• Email address
Why do we collect data and who are the recipients of the
We collect data for Dr Warke, the Consultant in charge of your care,
and to enable him to provide continuing care via your General Practitioner.
Financial and health insurance data is collected for the purposes
of payment of your medical bills. There is no cross border transfer
The personal data held on file may be shared with:
The Clinic the patient is attending (Hillsborough Private Clinic).
The patient’s GP (who will already be in possession of the patient’s
personal demographic data).
Any health professional who may be involved directly in the patient’s
Other private providers who may deliver investigations which could
include the Ulster Independent Clinic, Belfast City Hospital and
PEI Medical Distributors.
The Medical Insurance Company with whom the patient is insured.
How long will the data be retained?
Data will not be retained for any longer than is required.
We will retain your medical records for 7-10 years, as required
by regulations (Access to Health Records Legislation (NI) Order
1993 and Records Management – Good Management Good Records. DHSS
revised October 2015). Or in the case of a child, until their 25th
birthday (or 26th Birthday if they were 17 years old at last attendance).
Individual Rights under GDPR
You have a number of rights under the Data Protection Laws in relation
to the way we process your personal data, which are set out below.
1. Right to be Informed – This is provided through the privacy notice
on our website and in the patient information file in the waiting
2. Right of Access – You have the right to access your personal
data and supplementary information. We will aim to respond to any
request received from you within one month from your request, although
this may be extended in some circumstances in line with Data Protection
Laws. If you wish to obtain access to your file, you must write
to us at the address below. Access to your data will usually be
provided free of charge, although in certain circumstances we may
make a small charge where we are entitled to do so under Data Protection
3. Right to Rectification – The right to ask us to correct your
information if you think the information that we hold about you
is wrong or incomplete. We will respond within one month.
4. Right to Erasure – The right to object to our use of your information,
or to ask us to delete, remove or stop keeping it if there is no
need for us to keep it. This is known as the ‘right to object’,
the ‘right to erasure’ or the ‘right to be forgotten’. There may
however be legal or regulatory reasons why we need to keep or use
5. Right to Restrict processing – We may sometimes be able to restrict
the use of your information so that it is only used for legal claims
or to exercise legal rights. In these situations, we would not use
or share your information while it is restricted.
6. Right to Data Portability – The right to data portability allows
individuals to obtain and reuse their personal data for their own
purposes across different services.
7. Right to Object – Individuals have the right to object to processing
based on legitimate interests or the performance of a task in the
public interest/exercise of official authority. There is a contractual
requirement when patients attend Dr Warke for their personal data
to be processed in order to provide medical care and treatment.
8. Right not to be evaluated on the basis of automated processing
– Patients who attend Dr Warke will not be evaluated on the basis
of automated processing nor is any decision making automated.
Patients will be communicated with only with relevant
information to their ongoing health needs. There will be no otherwise
unsolicited communications and no details are ever passed on to
other third parties that are not directly involved in the patient's
care. No personal details are used for any marketing purposes.
Cookies are small files which are stored on your computer browser.
The cookie law is a piece of privacy legislation that requires websites
to get consent from visitors to store or retrieve any information
on a computer, smartphone or tablet for example, you may have a
with an acceptance/decline box, and it will be your decision whether
you wish to accept or decline the use of the cookie.
Links from our website
This website may contain links to other websites. If you provide
personal/sensitive data to a website to which we are linked to,
we are not responsible for its protection and privacy. This privacy
statement only applies to www.chestni.co.uk.
If you wish to exercise any of the above, please write to:-
Dr Warke’s Secretary
2 Ballynahinch Road
(ICO Registration Number: Z9215476)