Cedar Park Healthcare is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Staff, Applicant & Volunteer Privacy Notice

If you work for us, have applied for a role, or volunteer with us, please read our dedicated privacy notice which explains how we handle your personal information.

Read the Staff Privacy Notice

1. Data Controller

Cedar Park Healthcare is the data controller responsible for your personal information. Our contact details are:

Cedar Park Healthcare

Boundary Lane

South Hykeham

Lincoln LN6 9NQ

Phone: 01522 275049

Email: mail@cedarparkhealth.co.uk

2. What Data We Collect

We collect and process the following types of personal data:

Patient Information

Personal details: name, date of birth, gender, contact information (address, phone, email)
Medical information: medical history, symptoms, diagnoses, treatment records, test results, prescriptions
GP details and referring clinician information
Insurance information: policy numbers, authorisation codes, insurer details
Payment information: billing address, payment method details (processed securely by third-party payment providers)
Appointment records: dates, times, consultant names, treatment types

Website Usage Data

Technical information: IP address, browser type, device type, operating system
Usage data: pages visited, time spent on pages, referral sources, click patterns
Cookies and similar tracking technologies (see Cookies section below)

Enquiry and Communication Data

Information you provide through contact forms, email, phone, or in person
Feedback and testimonials (only published with your explicit consent)
Correspondence records for quality and training purposes

3. How We Use Your Data

We process your personal data for the following purposes:

Healthcare Provision (Legal Basis: Legitimate Interest & Consent)

Providing medical consultations, treatments, and surgical procedures
Coordinating care with your GP, referring clinicians, and other healthcare professionals
Maintaining accurate medical records
Arranging follow-up appointments and aftercare
Processing test results and diagnostic imaging

Administrative Purposes (Legal Basis: Contract & Legitimate Interest)

Managing appointments and bookings
Processing payments and insurance claims
Responding to enquiries and providing customer service
Sending appointment reminders and important service updates

Legal and Regulatory Compliance (Legal Basis: Legal Obligation)

Complying with CQC regulations and healthcare standards
Meeting NHS e-RS requirements for NHS-funded treatments
Responding to legal requests and safeguarding obligations
Maintaining records as required by medical and data protection law

Service Improvement (Legal Basis: Legitimate Interest)

Analyzing website usage to improve user experience
Conducting patient satisfaction surveys
Quality assurance and clinical audit
Staff training and development

4. Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device that help us understand how you use our site.

Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the website to function properly. They enable core features such as security, network management, and accessibility. You cannot opt out of these cookies.

Analytics Cookies (Optional)

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We use this data to improve our services and user experience.

Marketing Cookies (Optional)

These cookies track your browsing habits to enable us to show advertising that is more likely to be of interest to you. They may be set by us or by third-party providers.

You can manage your cookie preferences at any time by clicking the "Manage Preferences" button in our cookie banner or by adjusting your browser settings.

5. Third-Party Services

We may share your data with trusted third-party service providers who help us deliver our services:

Payment processors: Secure payment gateway providers for processing card payments
Insurance companies: For processing private medical insurance claims and authorisations
NHS e-RS: For NHS-funded referrals and treatments
Referring clinicians and GPs: For coordinated care and clinical correspondence
Diagnostic laboratories: For processing blood tests, pathology, and imaging
IT service providers: For secure data storage, backup, and system maintenance
CQC and regulatory bodies: As required by law for healthcare regulation

All third parties are required to maintain appropriate security measures and process your data only as instructed by us and in compliance with GDPR.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

Medical records: Retained for a minimum of 8 years after your last treatment (or until age 25 for children, whichever is longer) in accordance with NHS and professional guidelines
Financial records: Retained for 7 years for tax and accounting purposes
Website usage data: Typically retained for 12-24 months
Marketing communications: Until you unsubscribe or withdraw consent

7. Your Rights

Under GDPR and UK data protection law, you have the following rights:

Right of access: Request a copy of the personal data we hold about you
Right to rectification: Request correction of inaccurate or incomplete data
Right to erasure: Request deletion of your data (subject to legal and medical record retention requirements)
Right to restrict processing: Request that we limit how we use your data
Right to data portability: Request transfer of your data to another provider in a structured format
Right to object: Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at mail@cedarparkhealth.co.uk or call 01522 275049. We will respond to your request within one month.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

Secure encrypted connections (SSL/TLS) for data transmission
Access controls and authentication for staff accessing patient records
Regular security audits and vulnerability assessments
Staff training on data protection and confidentiality
Secure backup and disaster recovery procedures
Physical security measures at our facility in South Hykeham, Lincoln

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website with a new "Last updated" date. We encourage you to review this policy periodically.

10. Complaints

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

Phone: 0303 123 1113

Website: ico.org.uk

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: