GDPR Privacy Notice

GDPR Policy Curaidh Clinic Effective Date: 22.06.26

Curaidh Clinic is committed to handling your personal data responsibly and in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect about you as a patient or user of our patient portal, why we collect it, how we use it, and your rights.

Curaidh Clinic is registered with Healthcare Improvement Scotland (HIS) as a private healthcare provider.

Data Controller

Curaidh Clinic is the Data Controller for all personal data collected through our clinic and patient portal.

Curaidh Clinic 15 Wallace Street, Dundee, DD4 6AB Email: office@curaidh.com

What Personal Data We Collect

We collect personal data when you book an appointment, use our patient portal, or contact us directly. This includes:

  • Full name
  • Email address
  • Date of Birth
  • Telephone number
  • Appointment type and scheduling information
  • Messages and communications submitted through our forms or portal

Any clinical information shared during your care is handled separately and in accordance with our clinical data governance procedures and our obligations as a HIS-registered provider.

Why We Collect Your Data and Our Legal Basis

Under UK GDPR, we are required to have a lawful basis for processing personal data. We rely on the following:

Consent -- where you have actively provided your information by submitting a form, registering on the patient portal, or contacting us directly.

Legitimate Interests -- to manage appointments, respond to enquiries, and maintain administrative records necessary for the running of the clinic.

Legal Obligation -- where we are required by law or by our obligations as a registered healthcare provider to retain or disclose information.

We will not use your personal data for marketing purposes without your explicit consent.

How We Use Your Data

We use your personal data to:

  • Process and manage appointment requests
  • Communicate with you about your appointments or enquiries
  • Administer your patient portal account
  • Maintain internal records for the effective operation of the clinic
  • Meet our obligations as a Healthcare Improvement Scotland-registered provider
  • Improve our services and website functionality

Data Sharing

We do not sell, rent, or trade your personal data. We may share your information with:

  • Function365 is our patient relationship management system, which is used to manage appointments, communications, and patient records. Function365 is a UK-based healthcare CRM platform designed for compliance with UK GDPR and NHS data standards. It is bound by a data processing agreement with Curaidh Clinic.
  • Other third-party service providers who support the operation of our website and patient portal (including hosting and form management platforms), all of whom are required to comply with UK GDPR
  • Healthcare Improvement Scotland or other regulatory bodies, where we are required to do so as part of our registration and oversight obligations
  • Statutory or legal authorities where we are legally obliged to disclose information

All third parties with access to your data are bound by appropriate data processing agreements.

Data Storage and Security

Your personal data is stored securely on encrypted platforms. Patient data managed through our CRM is stored within Function365's secure, encrypted platform, which complies with the UK GDPR and healthcare data security requirements. We take appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, or disclosure. Access to personal data within the clinic is restricted to those who need it to carry out their responsibilities.

Data Retention

We retain your personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by applicable law, professional guidance, or our obligations under HIS registration. Once data is no longer needed, it is securely deleted or anonymised.

Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of Access -- to request a copy of the personal data we hold about you
  • Right to Rectification -- to request correction of inaccurate or incomplete data
  • Right to Erasure -- to request deletion of your data where there is no longer a lawful basis for us to hold it
  • Right to Restrict Processing -- to ask us to limit how we use your data in certain circumstances
  • Right to Object -- to object to processing based on legitimate interests
  • Right to Withdraw Consent -- where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal

To exercise any of these rights, please contact us using the details in Section 2. We will respond within one calendar month of receiving your request.

Cookies

Our website uses cookies to support its functionality and to analyse visitor traffic. These include essential cookies, Google Analytics cookies, and Webflow cookies. You will be prompted to accept or decline non-essential cookies when you visit the site. If you decline, tracking will not be activated.

Children

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please contact us, and we will delete it promptly.

Complaints and Regulatory Oversight

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

Website: www.ico.org.uk Telephone: 0303 123 1113

Concerns about the standard of our clinical services may also be directed to Healthcare Improvement Scotland.

Website: www.healthcareimprovementscotland.org Telephone: 0131 623 4300

We would welcome the opportunity to address any concerns directly before you contact a regulatory body. Please get in touch with us first.

Updates to This Policy

This policy may be updated from time to time to reflect changes in our practices, legal requirements, or our regulatory obligations. Any revisions will be published on this page with an updated effective date.

Curaidh Clinic -- 15 Wallace Street, Dundee, DD4 6AB -- communications@curaidh.com