GDPR Privacy Notice

RosMedics GDPR Information Policy

Last Updated: April 2025

1. Who We Are

RosMedics is committed to protecting your privacy and personal data. We operate under the principles of the General Data Protection Regulation (GDPR) (EU) 2016/679 and UK GDPR.

2. What Data We Collect

We may collect and process the following:

• Name, date of birth, contact details
• Medical history and lifestyle information
• Health assessment results and consultation notes
• Payment and billing details

3. Why We Collect It

To:

• Provide safe and personalised health services
• Communicate with you regarding appointments and recommendations
• Meet legal and regulatory healthcare obligations
• Improve our services (anonymised data only)

4. Lawful Basis for Processing

Our processing is based on:

• Consent (you’ll always be asked)
• Contractual necessity (e.g. service delivery)
• Legal obligations (e.g. record-keeping)
• Vital interests (in rare emergency cases)

5. Data Sharing

We only share data when necessary, such as:

• With healthcare professionals directly involved in your care
• With regulators if required by law
• With trusted service providers (e.g. secure cloud storage) under strict contracts

6. How Long We Keep Data

• Medical records: 8 years (as per UK NHS guidelines)
• Financial records: 6 years for tax/legal purposes

7. Your Rights

Under GDPR, you have the right to:

• Access your data
• Correct inaccuracies
• Request deletion
• Restrict or object to processing
• Data portability (for digital records)

8. How We Protect Your Data

• Encrypted digital records
• Secure email and data systems
• Regular data audits
• Staff training on confidentiality

9. Contact Us

If you have concerns or want to exercise your rights, contact:

RosMedics Data Controller
Email: info@rosmedics.co.uk
Phone: 07854056626
You also have the right to lodge a complaint with the ICO (www.ico.org.uk).