Privacy Notice

At Cardiff Lifestyle Medicine, we take your privacy seriously. This notice explains how we use your personal information and how we keep it safe.

1. Who We Are

Cardiff Lifestyle Medicine provides private medical care for adults.
We are responsible for looking after your personal information (the “Data Controller”).

If you have any questions, please contact us:
info@cardifflifestylemedicine.co.uk

2. What Information We Collect

We collect information that we need to provide safe and effective care, including:

• Your name, date of birth, address, and contact details
• Your medical history and clinical notes
• Results of tests and investigations
• Information about your treatment plans
• Billing and payment information

3. How We Use Your Information

We use your information to:

• Provide medical assessments and treatment
• Arrange appointments and communicate with you
• Prescribe medication and organise tests
• Keep accurate medical records
• Manage payments and invoices
• Improve our service through anonymous audit and quality checks

We do not use your information for marketing unless you specifically agree.

4. Lawful Basis for Using Your Data

We process your information because:

• We need it to provide healthcare
• We have legal and regulatory duties to keep medical records
• You have a contract with us when you register for care
• Sometimes, we may ask for your consent (for example, for marketing)

5. Who We Share Information With

We only share information when necessary for your care, such as:

• Laboratories (for blood tests)
• Pharmacies (for medication)
• IT providers who support our secure clinical systems

We do not sell your information or share it for advertising.

6. How Long We Keep Your Records

As an adult medical clinic, we keep your clinical records for:

• 8 years from your last contact with us

Complaint records are kept for a minimum of 3 years, and financial records for 6 years (as required by HMRC).

After this, records are securely destroyed.

7. How We Store and Protect Your Data

Your information is stored securely in our GDPR-compliant electronic medical record system.
We use:

• Password protection
• Access controls (only authorised staff can view your records)
• Encryption for sensitive information
• Regular security checks

8. Your Rights

You have the right to:

• See the information we hold about you
• Ask us to correct incorrect information
• Ask us to delete your information (in some cases)
• Ask us to limit or stop certain types of processing
• Ask for a copy of your information in a portable format
• Object to how your data is used

To use any of these rights, email us at: info@cardifflifestylemedicine.co.uk

9. If You Have a Concern

Please contact us first so we can help resolve your concern.

If you are still unhappy, you can contact:

Information Commissioner’s Office (ICO) – Wales
2nd Floor, Churchill House
Churchill Way, Cardiff CF10 2HH
Telephone: 029 2067 8400
UK Helpline: 0303 123 1113
Email: wales@ico.org.uk
Website: www.ico.org.uk

10. Updates to This Notice

We review this Privacy Notice every year.
Last updated: 9/12/2025

About Us

Contact Us