Privacy Policy | iPS Logo Phone Icon Call: 03456 252 252

Book Online

**Important Notice:** We are in the process of changing our website and clinical software, and our online booking is currently unavailable. Please call us on 03456 252 252 or click here to arrange an appointment.

Privacy Policy

IGP is committed to protecting the privacy and security of personal data.

This privacy policy notice explains how IGP uses information that we collect about you and your rights in relation to processing that information. It is important that you read this notice, together with any other documents we may provide when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

How your personal information is managed?

The Independent General Practice (IGP) is committed to protecting the privacy and security of personal data and we want you to feel assured about any information that you provide. This privacy policy notice explains how IGP uses information that we collect about you and your rights in relation to processing that information.

It is important that you read this notice, together with any other documents we may provide when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

General Data Protection Regulation (GDPR)

Personal Data

Personal data is data which relates to any living individual who can be identified from that data, or from that data and other information; such as an expression of opinion about the individual.

What is the GDPR?

The General Data Protection Regulation 2018 (GDPR) replaces the Data Protection Act 1998 (DPA) in governing how personal data is managed by a "controller" or "processor".

In this respect, a data controller is a person (or business) who determines the way in which, personal data is processed. A data processor is anyone who processes personal data on behalf of the data controller (not including the data controller's own employees).

A "Data Subject" is a person whose data is being processed.

IGP is both a controller and processor of personal data. This means that we are responsible for deciding how we hold and use personal information about you, whether you use our services directly or via a third-party.

GDPR Principles

Under the GDPR, the data protection principles set out the main responsibilities for organisations.

GDPR requires that personal data shall be:

It also requires that the controller shall be responsible for, and be able to demonstrate, compliance with the principles.

The GDPR provides the following rights for individuals:

Individuals also have rights in relation to automated decision making and profiling. However, IGP does not carry out this type of processing.

Who is collecting your information?

Company Details

Registered Company Name:

The Independent General Practice Ltd.

Company Registration Number:

5122019

Registered Company Address:

Radnor House,
Greenwood Close,
Cardiff Gate Business Park,
Cardiff.
CF23 8AA

Administration Address:

Oaktree House, Oaktree Court,
Mulberry Drive,
Cardiff Gate Business Park,
Cardiff.
CF23 8RS.

Any information collected or produced as part of these services will be managed in accordance with The Independent General Practice's information security policies & procedures.

IGP's lawful basis for processing data

Your personal data will be kept confidential and secure and will only be used for the purpose(s) for which it was collected and in accordance with this Privacy Policy, applicable Data Protection Laws, clinical records retention periods and clinical confidentiality guidelines.

To process your data lawfully IGP must have a legal basis to do so. Set out below are some of the ways in which IGP process your personal data.

We normally process personal data if it is:

Generally, we will only ask for your consent to processing if there is are no other legal grounds to process. In these circumstances, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to process personal data you have the right to withdraw your consent at any time by contacting us using the details below and we will stop the processing for which consent was obtained.

To process special category data we rely on additional legal grounds and generally, they are as follows:

Please note that not all of the above legal bases will apply for each type of processing activity that IGP may undertake. However, when processing any personal data for any particular purpose, one or more of the above legal bases will apply.

Special Category Data

Information about an individual, that is likely to be of a sensitive or private nature and could be used in a discriminatory way, is described as sensitive personal information and identified as special category data. This type of information needs to be treated with greater care than other forms of personal data.

Sensitive personal information may include:

When a data subject presents for an appointment, they will be required to provide, or a clinician may generate/obtain and document information that may contain sensitive or special category data, including information relating to a physical or mental health or condition.

Requirements for sharing special category data with third-parties

IGP may act as a processor of personal data but become a controller in obtaining special category data during an appointment. IGP may also be a controller and need to transfer information to a third-party where the third-party acts as a processor. In these instances:

IGP will not routinely transfer information outside of the EU. However, upon request from the data subject, IGP may be required to do so. In this situation, IGP will again need to ensure that there are satisfactory safeguards in place and that the recipient has a suitable level of information security and meet the same standards set by GDPR.

How personal data is collected


IGP will collect personal data:

Cookies

A Cookie is a small file that is requested by your internet browser (such as Edge, Chrome, Safari or Firefox) and stored on your computer or device. This cookie file contains various information about websites you have visited. This can include information such as your location, the type of device you are using etc. However, in some instances, some personal data can also be stored, such as when you add items to a shopping cart or enter form information. We use analytics programs (Such as Google Analytics), which collects cookie information to provide us with statistical data about visitors to our websites.

This data includes, how many visits we had, which pages were visited, what device was used and details of from where the visitor was directed to our website.

What personal data is being collected or generated?

IGP will need to obtain a minimal amount of personal data to:

The type of information includes:

Data subjects are permitted to arrange appointments anonymously. However, the data subject will need to provide identifiable details, which will need to be recounted in communications with IGP to provide a continual service, such as receiving results.

The minimum amount of personal data a data subject is required to provide is contact information, name and date of birth. However, as part of an appointment, a clinician may also need to obtain or create sensitive personal information about a data subject, which includes information relating to a physical or mental health condition. IGP may also refer to previous medical opinion (such as medical records). IGP may also request further investigations and/or opinion in the form of a diagnostic screen result or report from a clinical specialist/expert/consultant.

The amount of information required will vary depending individual circumstances, symptoms or requirement. However, the personal data required will be proportional and relevant. For instance, IGP may require a complete family medical history from data subjects undertaking a health assessment or IGP may need to know whether a data subject is pregnant prior to administering a vaccine.

Data subjects are not compelled to provide any information. However, if you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you or we may be prevented from complying with our legal obligations. Withholding or providing inaccurate information may also affect the ability of our clinicians to provide an effective and safe service.

How will personal data be used?

The information IGP collect will be confidential and only ever be used for the purposes of undertaking or providing consultation, treatment, immunisation, examination, diagnostic and/or medical management services. As part of these services IGP may require personal information to create appointments and to convey or record medical opinion. IGP will not use or pass on personal data to market services that are unrelated to those that have been consented. However, with consent, IGP may use personal data to inform a data subject about a follow-up or related service.

Sensitive personal data will only be disclosed to those involved with your appointment, care, in accordance with UK laws and guidelines of professional bodies or for the purpose of clinical audits.

We may use your personal data to:

Where is personal data stored?

Information is either stored as an electronic record, on a central database or as a hardcopy (paper record) at IGP£s main administration centre. Information may be processed externally on-site or at one of IGP's clinic locations, so long as use abides to IGP's information security and Remote Working policy. A secure back-up of information is also stored externally, by an ISO accredited IT support provider.

Personal data, including special category data, may be stored temporarily as part of communications, such as email or in a hardcopy transferable format, such as a data disk or paper record.

Who will it be shared with?

With consent, IGP may share information with third-parties for further investigation and/or specialist opinion. Examples of third-parties include:

Anonymised information may be made available to Healthcare Inspectorate Wales (HIW) or Care Quality Commission (CQC) as part of a healthcare inspection to ensure that The Independent General Practice meets the requirements set by the government provide private healthcare services.

IGP may also need to make information available on the basis of necessity. For instance, in an emergency, we may need to process your personal data (including sensitive personal data) or make personal data available to third parties on the basis of protecting your vital interest (i.e. your life or your health).

Third Parties

In providing a service, we may disclose your personal data to third-parties, including:

Where a third party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

The removal of information

Data subjects have the right to withdraw consent or request a copy/transferal/removal of certain information by requesting IGP£s Consent Removal form.

However, as a healthcare provider, we may not be legally able to complete your request to restrict the processing or deletion of personal information.

Data Retention

In relation to data retention, IGP adhere to The Independent Health Care (Wales) Regulations 2011 - SCHEDULE 3 Regulation 23(1), (3).

Type of patient

Minimum period of retention: Until the patient's 25th birthday

Minimum period of retention: Until the patient's 26th birthday

Minimum period of retention: A period of 8 years beginning on the date of patient's death.

Minimum period of retention: A period of 20 years beginning on the date of the last entry in the record.

Minimum period of retention: A period of 8 years beginning on the date of the patient's death

Minimum period of retention: A period of 10 years beginning on the date of the last entry in the record

Minimum period of retention: A period of 11 years beginning on the date of the patient's death

Minimum period of retention: A period of 8 years beginning on the date of the last entry in the record.

Information that cannot be adequately attributable may result in deletion.

Suspected breaches

Suspected breaches in data protection can be reported to The Independent General Practice£s Data Protection officer Kieran Reynolds. Breaches in Data Protections will result in The Independent General Practice producing an incident investigation. Serious breaches will be reported to the Information Commissioner£s Office (ICO). You retain the right to report a breach to the ICO directly - https://ico.org.uk/for-organisations/report-a-breach/.

It is the responsibility of all IGP employees and contractors to report suspected breaches of information security to IGP department heads, IT department, and/or Data Protection Officer without delay.

Changes to our Privacy Policy

This Privacy Policy will be reviewed regularly and as a result it may be amended without notice. IGP encourage you to review this Privacy Policy when you use our services.

This privacy policy was last updated on 22 May 2018.

iPS Logo - Footer

The Independent Physiotherapy Service

Copyright 2025 - Registered in England and Wales No 5122019.