GETMED UK Privacy Statement
Effective Date: 10 December 2025
Welcome to GETMED UK. We are committed to protecting your privacy and handling your personal information responsibly, particularly your sensitive health data. This statement provides a quick overview of our privacy practices.
1. Who We Are
GETMED UK is a provider of private medical services. Getmed UK is a trading name of Getmedco UK Ltd, a company registered in England and Wales. We are the Data Controller responsible for your personal information. We operate under the strict governance of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and clinical regulations set by bodies like the General Medical Council (GMC) and the Care Quality Commission (CQC).
2. The Data We Collect and Why
We collect different types of data, with the most important being Special Category Data (Health Data).
| Data Type | Examples | Primary Reason for Collection |
|---|---|---|
| Special Category Data | Clinical notes, medical history, test results, diagnoses, and treatment plans. | Essential for providing safe and effective medical care. |
| Identity & Contact Data | Name, date of birth, address, phone number, email. | To register you, manage your membership, and communicate securely. |
| Financial Data | Payment information and billing history. | To fulfil our contract for paid services. |
3. Our Legal Basis for Processing
We must have a valid legal reason to use your data.
- For General Data: Our basis is usually Contract (to provide the service you paid for) or Legitimate Interest (to manage our secure IT systems and improve services).
- For Health Data (Special Category): Our legal basis is strictly Article 9(2)(h) of the UK GDPR, which permits processing for the purposes of medical diagnosis, the provision of health care, and the management of our health service, subject to professional secrecy obligations (clinical confidentiality).
4. How We Protect Your Data
We maintain robust physical, technical, and organisational security measures to protect your clinical records and personal data from loss, misuse, or unauthorised access.
- All clinical information is stored within the highly secure, compliant Semble (EMR) system, which is designed for clinical environments.
- Access is strictly limited to necessary clinical and administrative staff.
- We adhere to the Common Law Duty of Confidentiality and professional medical standards at all times.
5. Sharing Your Data
We treat your data with the utmost confidentiality. We will not share your clinical records without your explicit, informed consent, except where we are legally required to do so, such as:
- To fulfil a mandatory court order.
- Where there is an overriding public interest or a legal obligation to protect you or others from serious harm.
- For mandatory public health reporting.
6. Your Data Rights
Under UK GDPR, you have the right to:
- Access your personal data (Subject Access Request - SAR).
- Request Rectification (correction) of incomplete or inaccurate data.
- Request Erasure (deletion) of your data. Note: This right is limited for medical records, as we are legally required to retain clinical documentation for mandatory periods for regulatory and accountability purposes.
- Request a copy of your data (Data Portability).
7. Contacting Us
If you have any questions about this statement or wish to exercise your rights, please contact our Information Governance Lead/Data Protection Officer:
| Detail | Information |
|---|---|
| Data Protection Officer (DPO) | Dr. Ena Tychus ([email protected]) |
| Dedicated Privacy Email | [email protected] |
If you are unsatisfied with our response, you have the right to complain to the UK supervisory authority, the Information Commissioner's Office (ICO) (www.ico.org.uk).
For full details on data retention, international transfers, and specific processing activities, please refer to the complete GETMED UK Enhanced Clinical Privacy Policy.