Skip to main content

PRIVACY POLICY

1.   Who We Are (Data Controller)

BlackFen Private GP is a private healthcare provider delivering general medical services. We are the Data Controller for the personal data we collect and process.

Organisation Name: BlackFen Private GP
Address: 258 Blackfen Road, Sidcup, Kent DA15 8PW
Email: info@crgc.lucidgraphics.co.uk
Data Protection Lead: Enoka Pamnani/Director

We are committed to protecting your personal data and handling it in accordance with:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Common law duty of confidentiality

2.   The Information We Collect

We collect and process the following types of personal data:

a) Personal Information

  • Name, date of birth, gender
  • Contact details (address, email, telephone number)
  • Next of kin / emergency contact details

b) Special Category Data (Health Information)

As a healthcare provider, we process special category data, including:

  • Medical history
  • Consultation notes
  • Diagnoses and treatment plans
  • Test results and referrals
  • Medication records

3.   How We Use Your Information

We use your information to:

  • Provide safe and effective medical care
  • Maintain accurate clinical records
  • Communicate with you regarding appointments and treatment
  • Coordinate care with other healthcare professionals
  • Meet our legal and regulatory obligations

4.   Lawful Basis for Processing

We process your data under the following lawful bases:

Article 6 (UK GDPR)

  • 6(1)(e): Provision of healthcare (public task / legitimate interest in private healthcare delivery)
  • 6(1)(c): Legal obligation

Article 9 (Special Category Data)

  • 9(2)(h): Provision of health or social care
  • 9(2)(f): Establishment, exercise or defence of legal claims (where applicable)

Where appropriate, we may also rely on your consent, particularly for non-essential communications.

5.   Confidentiality and Data Protection Principles

We are committed to maintaining patient confidentiality and adhere to:

  • The common law duty of confidentiality
  • The Caldicott Principles (ensuring information is shared appropriately and safely)

Access to your data is restricted to authorised staff on a strict need-to-know basis.

6.   Sharing Your Information

We may share your information where necessary for your care or where required by law.

For Direct Care

  • NHS GPs and healthcare providers
  • Hospitals, specialists, and diagnostic services
  • Pharmacies

For Safeguarding

We may share information with relevant authorities where there are concerns about:

  • Vulnerable adults
  • Children or unborn babies

For Legal or Regulatory Reasons

  • Care Quality Commission (CQC)
  • Information Commissioner’s Office (ICO)
  • Courts or legal authorities

We will only share the minimum necessary information.

7.   Data Retention

We retain your data in line with the NHS Records Management Code of Practice:

  • Adult medical records: minimum of 8 years after last contact
  • Children’s records: retained until age 25 (or 26 if treated at 17)

Non-patient enquiries: retained for up to 18 months
Supplier/financial data: retained for 7 years

8.   How We Keep Your Data Secure

We implement appropriate technical and organisational measures, including:

  • Secure electronic patient record systems
  • Role-based access controls
  • Encrypted data storage and transfer
  • Staff training in data protection and confidentiality
  • Regular audits and governance oversight

9.   Website and Cookies

When you visit our website, we may collect limited data such as:

  • Cookies (see Cookie Policy)
  • Basic analytics data (anonymised where possible)

You can manage your cookie preferences through our website consent tool.

10.   International Data Transfers

We do not routinely transfer personal data outside the UK.
If this becomes necessary, we ensure appropriate safeguards are in place.

11.   Your Rights

Under data protection law, you have the right to:

  • Be informed about how your data is used
  • Access your personal data (Subject Access Request)
  • Request correction of inaccurate data
  • Request erasure (where applicable)
  • Restrict or object to processing
  • Data portability

To exercise your rights, contact us at:

info@crgc.lucidgraphics.co.uk

12.   Complaints

If you have concerns about how your data is handled, please contact us in the first instance.

If you remain dissatisfied, you have the right to complain to:

Information Commissioner’s Office (ICO)
https://ico.org.uk/make-a-complaint/

13.   Updates to This Privacy Notice

We review this notice regularly to ensure it remains accurate and compliant.

Last updated: April 2026
Review cycle: Annually or sooner if required

© BLACKFEN PRIVATE GP LTD 2026
PRIVACY POLICY
Close Menu
INDIVIDUAL HEALTHCARE BUILT AROUND YOU

Contact

T: 020 4628 4409
E: info@crgc.lucidgraphics.co.uk

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by