🎉Grand Opening: 1st April 2026
Until then, visit our sister clinic:South Kensington →

Privacy Policy

Last Updated: 06 February 2025

St Paul Medical and Dental ("we", "us", "our") is committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how we collect, use, store, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and guidance from the Care Quality Commission (CQC), General Dental Council (GDC), and General Medical Council (GMC).

1. Data Controller

St Paul Medical and Dental is the data controller responsible for your personal data.

Contact Details:

5 Ave Maria Lane, City of London, London EC4M 7AQ

Email: info@stpaulmd.co.uk

2. Information We Collect

We collect and process the following categories of personal data:

Identity & Contact Information

  • Full name, date of birth, gender
  • Address, email address, telephone number
  • Emergency contact details
  • Photographic ID (where required)

Special Category Data (Health Information)

  • Medical and dental history
  • Current medications and allergies
  • Treatment records, clinical notes, and X-rays
  • Test results (blood tests, diagnostic imaging, etc.)
  • Referral letters and correspondence with other healthcare providers

Financial Information

  • Payment card details (processed securely, not stored)
  • Insurance policy information
  • Billing and payment history

3. Legal Basis for Processing

We process your data under the following legal bases:

  • Contract: To provide healthcare services you have requested
  • Legal Obligation: To comply with healthcare regulations, CQC requirements, and professional body standards (GDC/GMC)
  • Vital Interests: In medical emergencies
  • Legitimate Interests: For practice administration, quality improvement, and defending legal claims
  • Explicit Consent: For processing special category health data for treatment purposes (Article 9(2)(h) UK GDPR)

4. How We Use Your Information

Your information is used to:

  • Provide safe and effective medical and dental care
  • Maintain accurate clinical records as required by CQC, GDC, and GMC
  • Process appointments, reminders, and follow-up care
  • Handle billing, payments, and insurance claims
  • Communicate with you about your care
  • Make referrals to specialists or other healthcare providers
  • Comply with legal and regulatory requirements
  • Investigate and respond to complaints

5. Sharing Your Information

We may share your data with:

  • Other Healthcare Providers: GPs, hospitals, specialists (with your consent or where clinically necessary)
  • Laboratories: For diagnostic testing
  • Regulatory Bodies: CQC, GDC, GMC, ICO (as required by law)
  • Insurance Companies: For claims processing (with your consent)
  • Professional Advisers: Legal, accounting, or audit purposes
  • IT Service Providers: Who support our clinical and administrative systems (under strict data processing agreements)

We will never sell your personal data to third parties.

6. Data Retention

We retain records in accordance with NHS, GDC, and GMC guidance:

Record TypeRetention Period
Adult Medical Records10 years after last treatment
Adult Dental Records11 years after last treatment
Children's RecordsUntil age 25 (or 26 if treatment at 17)
Financial Records7 years

7. Your Rights Under UK GDPR

You have the right to:

  • Access: Request a copy of your personal data (Subject Access Request)
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion (subject to legal retention requirements)
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing activities
  • Withdraw Consent: Where processing is based on consent

To exercise your rights, contact us at info@stpaulmd.co.uk. We will respond within one month.

8. Data Security

We implement appropriate technical and organisational measures including:

  • Encrypted storage and transmission of data
  • Access controls and staff authentication
  • Regular security assessments and audits
  • Staff training on data protection and confidentiality
  • Secure disposal of records

9. International Transfers

Your data is primarily processed within the UK. Where any transfer outside the UK is necessary, we ensure appropriate safeguards are in place in compliance with UK GDPR.

10. Complaints

If you are unhappy with how we handle your data, please contact us first. You also have the right to lodge a complaint with:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Phone: 0303 123 1113

11. Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with a revised "Last Updated" date.

12. Contact Us

St Paul Medical and Dental

5 Ave Maria Lane

City of London

London EC4M 7AQ

📧 Email: info@stpaulmd.co.uk

Call Us