Our Privacy Policy

 

City Clinics Privacy Notice

City Clinics Group Limited is committed to providing exceptional, safe, and patient-centred care. Protecting your personal information is fundamental to that commitment. We want you to feel confident understanding how and why we collect, use, store, and share your data when you interact with us.

This Privacy Notice (“Notice”) explains:

  • Who we are
  • What personal information we collect
  • How and why we use it
  • Your rights regarding your data
  • How to contact us if you have questions or concerns

We have designed this Notice to be clear, transparent, and easy to read.

 

  1. What does this Privacy Notice cover?

This Notice applies to personal information collected when you interact with City Clinics, including:

  1. When you visit our websites or digital platforms
  2. When you create an account or register with us
  3. When you book consultations or purchase treatments/services
  4. When you engage with our social media channels
  5. When you provide feedback, testimonials, or take part in patient research
  6. When you work with us as a supplier or professional partner
  7. When you request information about our treatments or services

Our services are intended for individuals aged 18 and over. We do not knowingly collect data relating to children.

If you do not agree with the contents of this Notice, please refrain from providing personal information or using our services.

 

  1. Who collects your information?

This Privacy Notice applies to City Clinics Group Limited (Company No. 12354283), acting as the data Controller of your personal information.

References to “City Clinics”, “we”, “our” or “us” include our associated brands and clinical entities operating under City Clinics Group Limited.

Contact information for our Data Protection Officer is provided at the end of this Notice.

  1. Key Terms
  • Customer / Patient – individuals who register with us, make enquiries, or receive treatments.
  • Website Visitors – individuals who visit our website, whether or not they become patients.
  • Suppliers – external professionals or companies providing services to City Clinics.
  • Personal Information / Personal Data – any data that identifies you or can be used to identify you.
  • Health Data – sensitive information relating to your health, medical history, or treatment.

 

  1. What personal information do we collect?

We may collect, store, and process different categories of personal information:

Type of Data

Examples

Identity Data

Name, date of birth, login details, patient ID.

Contact Data

Email, phone number, home address, emergency contact.

Financial Data

Payment details, billing information.

Transaction Data

Appointment history, purchases, treatment details.

Technical Data

IP address, login data, device information, browsing behaviour.

Usage Data

Website interactions, digital form usage, social media activity.

Audio/Visual Data

Photographs, videos, consultation recordings.

Assessment Data

Medical questionnaires, clinical notes, consultation forms.

Feedback Data

Reviews, surveys, market research responses.

Marketing Data

Communication preferences.

Health Data

Medical history, treatment information, clinician assessments.

 

  1. How we use your personal information

Below is a summary of how we process data and the legal basis we rely upon:

5.1 Patients / Customers

Purpose

Data Used

Legal Basis

Manage your account

Identity, Contact, Technical, Usage

Contract performance

Assess suitability for treatments

Identity, Assessment, Health, Audio/Visual

Necessary for healthcare purposes

Process payments and bookings

Identity, Contact, Financial, Transaction

Contract performance

Conduct consultations

Identity, Contact, Assessment, Audio/Visual

Contract performance

Clinical research (anonymised)

Various (anonymised)

Legitimate interests

Market research & user testing

Identity, Feedback, Audio/Visual

Consent

Marketing communications

Contact, Marketing Data

Consent

Service messages

Contact

Legitimate interests

Technical support

Technical, Usage, Identity

Legitimate interests

Regulatory compliance

Various

Legal obligation

5.2 Website Visitors

Used to improve website functionality, diagnose issues, and personalise your experience.

5.3 Social Media Users

Used for communication, engagement analysis, and marketing (where consent is provided).

5.4 Suppliers

Used to manage contractual relationships and ensure proper business administration.

5.5 Other Individuals

Data collected only as relevant and always in line with consent or legitimate interests.

 

  1. How do we collect your personal information?

We may collect information:

  1. Directly from you

When you complete forms, speak with our clinicians, send emails, or interact via our website.

  1. From third parties (e.g., suppliers or digital platforms)

Where necessary to support service delivery or verify information.

  1. Automatically

Through cookies, analytics tools, and website usage tracking.

 

  1. Who do we share your information with?

We may share your data with:

  • Clinical teams and healthcare professionals involved in your care
  • Service providers (e.g., IT hosting, payment processors) bound by confidentiality
  • Professional advisors (legal, compliance, auditing)
  • Regulators where legally required
  • Third parties involved in business transitions (mergers, acquisitions)

We will never sell your data.

 

  1. Security & International Transfers

8.1 Data Security

We implement strict technical and organisational measures to protect your data.
While no system is completely immune to risk, we continually monitor and update our security practices.

8.2 International Transfers

Where partners or processors operate outside the UK, we ensure appropriate safeguards such as:

  • UK adequacy decisions
  • Standard Contractual Clauses

Further information is available upon request.

 

  1. Cookies

We use cookies to enhance your browsing experience.
You may disable cookies in your browser, but this may impact website performance.

See our Cookie Policy for full details.

 

  1. Third-Party Links

Our website may include links to external sites.
We are not responsible for their privacy policies.
We encourage you to review them individually.

 

  1. How long do we keep your information?

We retain personal information only for as long as necessary to:

  • provide your care
  • meet legal and regulatory obligations
  • resolve disputes
  • maintain accurate medical records

Retention periods vary depending on the type of data and legal requirements (e.g., medical records).

 

  1. Marketing Preferences

You may opt out of marketing communications at any time using the unsubscribe link or by contacting us.

You will still receive essential service-related communications.

 

  1. Your Rights

You may have the right to:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion (where legally possible)
  • Restrict processing
  • Object to processing (including marketing)
  • Withdraw consent
  • Request data portability

To exercise any rights, please contact us. We may request proof of identity for security.

 

  1. Contact Us

Please address requests and questions about this Notice to our Data Protection Officer at

DPO@city-clinics.co.uk or write to us at 82 Harley Street, London, W1G 7HN

 

  1. Complaints

You may raise concerns directly with us, and we will do our best to resolve them.
You also have the right to contact the Information Commissioner’s Office (ICO):
www.ico.org.uk

 

  1. Changes to this Notice

This Notice may be updated periodically.
We encourage you to review it regularly to stay informed of how we protect your data.