+44 (0)20 4617 6186 |yehs@yourexcellenthealth.org
Menu

Data Protection, Privacy, and Subject Access Request (SAR) Guide 

Introduction

At Your Excellent Health Service (YEHS), we are committed to protecting the privacy and confidentiality of all personal and clinical data we handle. This guide outlines our approach to data protection, privacy practices, and the process for submitting and handling Subject Access Requests (SARs) under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Our Commitment to Data Protection

YEHS is governed by the principles of the UK GDPR, which ensure that personal data is:

  1. Processed lawfully, fairly, and transparently.
  2. Collected for specified, explicit, and legitimate purposes.
  3. Adequate, relevant, and limited to what is necessary.
  4. Accurate and kept up to date.
  5. Retained only as long as necessary.
  6. Processed securely to prevent unauthorized access, loss, or damage.

Privacy Practices

We handle personal and clinical data with the utmost care. Key practices include:

  • Confidentiality:All client and employee data is treated as confidential and shared only on a need-to-know basis.
  • Data Security:We use GDPR-compliant tools such as PPS software, encrypted emails, and pCloud for secure data storage and communication.
  • Transparency:Clients are informed about how their data is collected, processed, and shared during consultations.

Your Rights

Under the UK GDPR, individuals have the following rights regarding their personal data:

  1. Right to Access:Obtain a copy of your personal data.
  2. Right to Rectification:Request corrections to inaccurate or incomplete data.
  3. Right to Erasure:Request deletion of personal data where applicable.
  4. Right to Restrict Processing:Limit how your data is processed.
  5. Right to Data Portability:Receive your data in a structured, commonly used format.
  6. Right to Object:Object to data processing based on legitimate interests or direct marketing.
  7. Right to Lodge a Complaint:File a complaint with the Information Commissioner’s Office (ICO) if you believe your rights have been violated.

Subject Access Request (SAR) Process

If you wish to access your personal data, you can submit a Subject Access Request (SAR). Follow the steps below:

  1. How to Submit a Request:
    • Email your request to our Data Protection Officer (DPO) at yehs@yourexcellenthealth.org.
    • Include the following details:
      • Full name and contact information.
      • Description of the data you are requesting.
      • Any relevant details to help us locate your data (e.g., dates, services used).
  1. Verification of Identity:
    • To protect your data, we may require proof of identity (e.g., passport, driver’s license).
  2. Response Timeframe:
    • We aim to respond to all SARs within one calendar month. For complex requests, this may be extended by up to two months, and you will be informed of any delays.
  3. Fees:
    • SARs are generally free of charge. However, we may charge a reasonable fee for excessive or repetitive requests.
  4. Data Delivery:
    • Data will be provided in a secure format, either electronically (via encrypted email) or as a printed copy.

Data Sharing and Third-Party Requests

We only share personal data with authorized third parties when:

  • It is required by law.
  • Consent has been explicitly provided.
  • It is necessary to deliver our services (e.g., sharing medical reports with GPs or employers).

Third-party requests for data must be accompanied by appropriate consent or legal documentation.

Data Breach Protocol

In the unlikely event of a data breach, YEHS will:

  1. Notify affected individuals promptly if there is a high risk to their rights and freedoms.
  2. Report the breach to the ICO within 72 hours, where required.
  3. Take immediate action to mitigate risks and prevent future breaches.

Contact Information

Our Data Protection Officer (DPO) is responsible for overseeing data protection compliance. For any concerns, queries, to submit a SAR, or to request a copy of our Data Protection and Privacy Policies, please contact:

Dr. Ade Buluro
Data Protection Officer (DPO)
Email: yehs@yourexcellenthealth.org
Phone: +44 (0)20 3868 6581

Mobile: +44 7481 342578

Address: 25 Harley Street, London, W1G 9QW

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Conclusion

YEHS is dedicated to maintaining the highest standards of data protection and privacy. We value the trust you place in us and continuously strive to safeguard your personal information.

Changes to This Notice

YEHS will occasionally update this privacy notice to reflect company and customer feedback. We encourage you to periodically review this notice to be informed of how YEHS is protecting your information.

Effective – January 1, 2023                                         Reviewed – January 1, 2025