contact@bgm-medical.com
BGM Medical
Legal

Privacy Policy

How we collect, use, and protect your information

Last updated: June 2025

1. Who we are

BGM Medical is a private healthcare provider based in Norwich, Norfolk, United Kingdom. We provide private GP services, ADHD assessments, weight loss support, minor surgery, and other healthcare services. Our website is bgmhealth.co.uk.

For the purposes of UK data protection law, BGM Medical is the data controller. You can contact us at contact@bgm-medical.com or by calling 01603 555493.

2. What data we collect

We may collect the following categories of personal information:

  • Contact information: name, email address, phone number
  • Appointment request information: services requested, appointment preferences, accessibility requirements
  • Special category health data: when you provide medical information in the context of a consultation or appointment request
  • Technical data: IP address, browser type, pages visited (via cookies and analytics)

3. How we collect your data

We collect data when you:

  • Submit an appointment request through our website
  • Email or telephone us directly
  • Attend a consultation with one of our clinicians
  • Browse our website (via cookies)

4. How we use your data

We use your data to:

  • Process and confirm appointment requests
  • Provide healthcare services and treatment
  • Communicate with you about your care
  • Comply with legal and regulatory obligations (including GMC requirements)
  • Improve our services and website (anonymised analytics only)

We will never sell your data to third parties. We will never use your data for marketing without your explicit consent.

5. Legal basis for processing

We process your data on the following legal bases:

  • Contract: to fulfil our obligations in providing healthcare services to you
  • Legitimate interests: for appointment management and service improvement
  • Legal obligation: to comply with our regulatory duties as healthcare providers
  • Vital interests / special category health data: where necessary to provide direct healthcare
  • Consent: for any optional communications or non essential data processing

6. Data storage and security

Your data is stored securely using Google Firebase (Cloud Firestore), which is hosted in EU/UK data centres. All data in transit is encrypted using TLS/SSL. We implement appropriate technical and organisational security measures to protect your information against unauthorised access, loss, or disclosure.

Medical records and consultation notes are held in accordance with GMC guidance and NHS standards for medical record retention (a minimum of 8 years from the date of last entry for adults).

7. Who we share your data with

We may share your data with:

  • Other healthcare providers: where referral or onward care is necessary and you have consented
  • Regulatory bodies: the GMC, CQC, or other statutory bodies where legally required
  • IT service providers: Firebase (Google) and Mailjet (for email notifications), both under appropriate data processing agreements

We do not transfer your data outside the UK/EEA except where covered by appropriate safeguards.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Erasure ('right to be forgotten'), subject to our legal retention obligations
  • Restrict processing in certain circumstances
  • Data portability in a machine readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where processing is consent based

To exercise any of these rights, contact us at contact@bgm-medical.com. We will respond within one calendar month.

9. Cookies

We use essential cookies to ensure the website functions correctly, and optional analytics cookies (Google/Firebase Analytics) to understand how visitors use our site. You can disable non essential cookies at any time in your browser settings. We do not use advertising or tracking cookies.

10. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top of this page will reflect any changes. Continued use of our services after a change constitutes acceptance of the updated policy.

11. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.