Privacy Notice

Privacy Notice for Patients

Data Controller: Dr Ram Joint Injections
Data Protection Officer: Ram Krishnathasan

  1. Introduction

At Dr Ram Joint Injections, we take your privacy seriously. This notice explains how we collect, use, store, and protect your personal and medical information. It complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

  1. Information We Collect About You

We collect details necessary to provide you with safe clinical care and manage your appointments. This includes:

  • Personal details: Your name, date of birth, address, telephone number, and email.
  • Medical information: Your symptoms, examination findings, medical history, medications, and details of joint injections received.
  • Financial data: Payment card details for billing purposes.
  1. How We Use Your Information

We process your information to ensure you receive the safest and most effective medical treatment. Specifically, we use it to:

  • Arrange and confirm your clinic appointments.
  • Conduct clinical assessments and safely perform joint injections.
  • Keep accurate, legally required medical records of your treatment.
  • Process payments for your private care.
  1. Legal Grounds for Processing Your Data

Under UK data protection laws, we must have a valid legal reason to use your data:

  • Contractual Necessity: We need your basic details to deliver the private medical services you purchase from us.
  • Health and Social Care Purpose: We process your medical history and treatment records because it is necessary for providing medical diagnosis and healthcare treatment.
  1. Sharing Your Information

We value your confidentiality and will never sell or share your data for marketing. We only share your data with:

  • Your GP or Referrer: We will send a treatment letter to your GP or physiotherapist to keep your medical records updated, but only if you give us your explicit consent to do so.
  • Trusted Software Providers: We use secure, encrypted medical record and billing platforms to store your files. These providers are bound by strict data security contracts.
  • Emergency Services: If there is an immediate, critical danger to your life, we may share information with emergency medical teams without your prior permission.
  1. How We Store and Protect Your Data

  • Digital Records: Your information is stored on highly secure, encrypted electronic healthcare systems that require multi-factor authentication to access.
  1. How Long We Keep Your Records

By law, private medical records for adults must be kept for a minimum of 8 years after your last treatment session. After this time, your digital files will be securely deleted.

  1. Your Data Rights

You hold several statutory rights regarding your personal information:

  • Right of Access: You can request a free copy of your medical notes, consent forms, and treatment records at any time. We will respond within one calendar month.
  • Right to Rectification: You can ask us to correct any inaccurate contact details or administrative mistakes immediately.
  • Right to Restriction: You can ask us to pause the use of your data if you dispute its accuracy.

Please note: The “Right to Erasure” (or right to be forgotten) does not apply unconditionally to medical records, as we are legally required to retain clinical history for public safety and legal defence.

  1. Contact Us or the Regulator

If you have any questions or want to exercise your data rights, please contact our Data Protection Officer:

  • Name: Ram Krishnathasan
  • Clinic Name: Dr Ram Joint Injections

If you remain unhappy with how we handle your data, you have the right to lodge a formal complaint with the UK data regulator:

  • Information Commissioner’s Office (ICO)
  • Website: ico.org.uk
  • Helpline: 0303 123 1113
Treatments