Privacy Policy

Last updated: October 2025

Welcome to Herts Lung Clinic. We are committed to protecting and respecting your privacy. This policy explains what data we collect and hold about you, how we use your personal data, how we protect it, and your rights in relation to your personal data.

1. Who We Are

Dr Peer Mohamed is an independent consultant practitioner providing healthcare services under the name Herts Lung Clinic Limited and operates at various healthcare premises. In this Privacy Policy, "we", "us" or "our" refers to Dr Peer Mohamed as Data Controller and personnel authorised by him as Data Processors.

2. What Does This Policy Cover?

This Privacy Policy applies to anyone who accesses healthcare services from Dr Peer Mohamed. It describes how we handle your personal data, whether you interact with us in person, by video consultation, by email, through our website, by phone, or otherwise.

3. What Law Applies?

Our use of your personal data is subject to the UK’s Data Protection Act (DPA) and UK General Data Protection Regulation (UK GDPR).

4. What is Personal Data?

Personal data is any information relating to an individual, including (but not limited to) your name, gender, date of birth, email address, postal address, telephone number, NHS number, insurance details, financial information (such as bank account or credit/debit card details), emergency contacts, and online identifiers like IP addresses or device IDs.

5. What is Special Category Data?

Special category data is personal data that needs more protection because it is sensitive. This includes data concerning health (both physical and mental), clinic and hospital visits, medical notes, diagnostic and laboratory tests, procedures, and treatment. It may also include data revealing racial or ethnic origin, religious or philosophical beliefs, genetic data, biometric data, sex life, or sexual orientation, if relevant to your care.

6. How Do We Collect Your Data?

  • Directly from you: When you contact us, book appointments, seek advice, attend consultations, fill in forms, or provide feedback, either in person, on the website, by phone, email, post, or social media.
  • From healthcare providers/professionals: We may receive data from your GP, referring clinicians, NHS or private organisations, diagnostic test providers, or mental health providers to ensure safe care.
  • National Care Record Services (NCRS): We may view your NCRS (electronic record from your GP) to optimise your care, unless you have opted out. For more information, see National Care Records Service.
  • From third parties: Such as solicitors, employers, insurers, family, government agencies, or others involved in your care or legal matters.
  • Patient surveys, audits, and feedback: We may contact you to participate in surveys to improve our services. Participation is voluntary.

7. What is Data Processing?

"Processing" means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

8. What Are the Legal Bases for Processing?

  • Contractual obligations: Processing is needed to provide your medical treatment or care.
  • Legitimate interests: To ensure IT security, business management, service improvement, quality assurance, governance, or to defend/enforce claims.
  • Legal obligations: To comply with legal or regulatory requirements, resolve complaints, and respond to authorities.
  • Vital interests: When necessary to protect your life or health.
  • Consent: Where needed, we will seek your explicit consent. You may withdraw consent at any time by contacting us.

9. Who May We Share Your Personal Information With?

  • We do not sell or share your personal data with third-party advertisers.
  • Within Herts Lung Clinic, only those who need your data to fulfil contractual and legal obligations have access.
  • Data may be shared with healthcare professionals, hospitals, GPs, insurance companies, administrative staff, diagnostic providers, regulatory bodies, and others involved in your care, or as required by law.
  • We may share your data for payments, IT, legal, or security purposes with trusted partners, always ensuring appropriate safeguards.
  • Where required, we will obtain your consent to share data.

10. How Do We Store and Secure Your Data?

  • We use secure IT platforms such as Microsoft Office 365, Microsoft Cloud, Egress, and other authorised secure methods.
  • Security measures include SSL/TLS encryption, strong passwords, multifactor authentication, anti-virus/malware protection, encrypted emails, and secure cloud portals.
  • Access is restricted to authorised personnel. We regularly monitor and audit data access and usage.
  • Despite our efforts, electronic communication can never be 100% secure. If a breach occurs, we will notify affected individuals and regulatory bodies promptly.

11. Data Breach Response Plan

In the event of a data breach, we will promptly inform affected patients, cooperate with authorities, investigate, and take corrective actions, in compliance with GDPR and the Data Protection Act.

12. How Long Do We Store Your Data?

We keep your data as long as necessary for our business relationship and to comply with legal and regulatory requirements. This may include retention for queries, claims, or as specified in the Information Governance Alliance (IGA) Records Management Code of Practice for Health and Social Care (2016).

13. Data Transfers Outside the UK or EEA

Your data is primarily stored in the UK or EEA. If transferred elsewhere, we ensure appropriate safeguards are in place for your data protection.

14. Automated Decision Making

We do not use automated decision making or profiling.

15. Do Not Sell

We do not sell your personal data.

16. Minors

We do not knowingly collect or process personal data of minors/children.

17. Surveys

You may be invited to participate in surveys about your care. Participation is voluntary and not for marketing purposes.

18. Administration, Financial Accounting, and Office Organisation

We process data for administrative, financial, and organisational purposes, based on our legal obligations and legitimate interests.

19. Marketing

We will only contact you for marketing if you have given separate consent. You can opt out at any time.

20. Economic Analysis and Market Research

For business reasons, we may analyse anonymised data for business transactions, contracts, service usage, and website analytics to improve our services.

21. Cookie Policy

This section explains how Herts Lung Clinic uses cookies and similar technologies on our website.

What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, mobile) when you visit a website. They help the website remember your actions and preferences (such as login, language, and other settings) over a period of time.

How We Use Cookies

We use cookies to ensure our website functions properly, to improve your user experience, and to analyse how our website is used. This helps us ensure the security, reliability, and performance of our website and services.

Types of Cookies We Use
  • Strictly Necessary Cookies: Required for the operation of our website, enabling you to use features such as secure navigation. Without these cookies, services you have asked for cannot be provided.
  • Performance & Analytics Cookies: These collect information about how visitors use our website (e.g., which pages are visited most). We may use tools such as Azure Application Insights or Google Analytics for this purpose. All analytics data is anonymised or pseudonymised.
  • Functionality Cookies: Allow the website to remember choices you make (such as your preferred language or region) and provide enhanced, more personalised features.
Third-Party Cookies

We do not use advertising or marketing cookies. However, some third-party services integrated with our website (such as embedded maps, videos, or analytics tools) may set their own cookies on your device. We do not control the use of these cookies and recommend you check the privacy and cookie policies of those providers.

Managing Cookies

Most web browsers allow you to control cookies through your browser settings, including blocking or deleting cookies. Please note that disabling certain cookies may affect the functionality and performance of our website.

Your Consent

By using our website, you consent to the use of cookies as described in this policy. If you do not wish to accept cookies, you can adjust your browser settings accordingly or refrain from using our website.

Updates to This Section

We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our practices. Any updates will be posted on this page with an updated date.

22. Your Rights

  • Right to access your personal data
  • Right to rectification (correction) of inaccurate data
  • Right to erasure (deletion) of your data where appropriate
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time (where applicable)
  • Right to complain to the Information Commissioner’s Office (ICO)

To exercise your rights, please contact us using the details below.

23. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact:
Dr Peer Mohamed
Email: office@hertslungclinic.com
Phone: +44 20 3100 6934

24. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page.