Privacy Policy - High Ash Health | Private GP North Leeds

Privacy Notice and Consent Form for Patients

High Ash Health (trading as LRCS Medical Ltd) (“We”, “Us”, “Our”) is committed to protecting information through appropriate controls, being transparent about what data we hold and how we use it, and respecting Your privacy.

“You” (“Your”) are Our patient to whom We provide services, or are considering entering into an agreement with us for the provision of Our services.

The rules on processing personal data are set out in the General Data Protection Regulation (GDPR). The terms Data Controller, Data Processor, Data Subject, Personal Data, Processing, and Appropriate Technical and Organisational Measures are interpreted in accordance with the GDPR.

This policy explains the basis on which any Personal Data we collect from You, or that You provide to Us, will be processed.

1. Data Controller

LRCS Medical Ltd
Company number: 16141007
Registered in England.
We are the Data Controller.

2. Personal Data We Collect

We collect and process the following Personal Data:

a. When You Enquire or Register

Name, date of birth, email address, and telephone numbers
Information needed to register you to see a doctor and contact you about your care and results
Medical information relevant to your care, stored securely within our hosted practice management system Semble

Semble Technology Limited
7 Bell Yard, London, WC2A 2JR, United Kingdom

Semble is UK-based and GDPR compliant, featuring:

256-bit encryption and servers based in London
Two-factor authentication with SSL encryption
Secure video consultation capability

b. Website Use and Cookies

When You visit our website, your activity may be tracked using cookies and similar technologies to help us improve our services. See the Cookies section below for details.

c. Communications

We may collect information from:

Phone calls (call data, duration, names, messages)
Emails (addresses and message content)
Paper documents and other communications

Conversations and correspondence are archived securely in Google Workspace (G Suite).

d. Referrals and Reports

Where We provide relevant services, such as referrals to specialists or allied health practitioners, data is shared in encrypted format.

We do not share your data with third parties for marketing or advertising without your specific consent.

3. How We Use Personal Data

We process Personal Data under Article 6 of the GDPR as follows:

a. Contractual Necessity

Handling service enquiries
Verifying identity
Delivering our services
Providing results and correspondence
Managing billing and payment
Notifying you of relevant service updates or changes

b. Legal Obligation

Maintaining records and accounts
Meeting HMRC and legal requirements
Preventing or investigating fraud or misuse
Complying with money-laundering regulations

c. Consent

Providing information about other services or offers
Sharing details of relevant third-party services

4. Data Security

We use Appropriate Technical and Organisational Measures to keep data secure, prevent unauthorised access, alteration, or loss, and maintain accuracy.

All Personal Data is stored within the European Economic Area (EEA).

Phone calls may be recorded for quality, training, and compliance purposes. Recordings are encrypted and securely stored.

5. Sharing Information

We may share Personal Data only when necessary:

With law enforcement or regulatory authorities (e.g. ICO, Ofcom)
As required by law, court order, or legal process
With service providers assisting in delivering our services (e.g. billing, telecommunications, secure data storage)
As part of business sale or legal proceedings

Where partners operate outside the EEA, we ensure appropriate contracts and safeguards are in place.

6. Data Retention

We retain data only as long as necessary for the purpose it was collected, unless legal obligations require otherwise. When no longer required, data will be securely deleted or destroyed.

7. Data Breaches

If a data breach occurs that affects Your information, We will act promptly in accordance with the GDPR and the guidance of the Information Commissioner’s Office (ICO). If You identify a breach affecting data We have passed to You, You must notify Us immediately in writing.

8. Automated Decision-Making

We do not use automated decision-making based on Personal Data in Our business.

9. Cookies

Cookies are small files stored by Your web browser. We use analytical and tracking cookies on www.highashhealth.co.uk via Bing and Google.

These cookies may record details such as the device operating system, browser, IP address, time, duration, and pages visited. They help us understand how visitors use our site. Cookies remain on your device for varying durations, typically around a month. You can decline non-essential cookies when first visiting our site.

We also use a security cookie on our web portal, required for its operation. It contains only a temporary session token and no Personal Data.

We do not attempt to personally identify visitors unless required by law or to protect our rights.

10. Data Subject Access Requests

Under the GDPR, You have the right to request a copy of the data we hold about you. Submit your request in writing to: Practice Manager, The Nutbroune Park Surgery Ltd, The Stables, Kent. We may ask for proof of identity before releasing any data.

11. Other Rights of Data Subjects

You have the right to request correction or erasure of your data, restrict or transfer data, and withdraw consent for processing where applicable.

12. Changes to This Policy

We review and update this policy periodically. Any changes will be communicated by email.

13. Contact Us

If you have any questions, wish to update your preferences, or amend your information, contact us at admin@highashhealth.co.uk.

14. Complaints

If you have a complaint, please contact us first. If unresolved, you may contact the Information Commissioner’s Office (ICO):

Website: https://www.ico.org.uk/concerns
Telephone: 0303 123 1113
Address: ICO, 100 College Road, Harrow, HA1 1BQ

We are registered with the ICO under reference number ZB839320.

I agree to the collection and processing of my data in accordance with the terms and conditions detailed above.

Important Pre-Booking Information

Please read carefully Whilst we treat a wide range of conditions, High Ash Health is not an emergency medical service. If you think you have a medical emergency, call 111 or 999, or visit your nearest Emergency Department. Examples of emergencies we don’t treat:

Trouble breathing / severe shortness of breath
Chest pain / suspected heart attack
Suspected stroke or seizures
Severe pain (especially if started suddenly)
Severe infections
High fever in sick children
Pregnancy or birth-related urgent complications
Severe bleeding
Serious injuries (head, spine, broken bones, burns)
Severe mental health problems (self-harm, suicidal thoughts, psychosis)
Dental complaints

Conditions that may need in-person care:

Chest infections
Fever in unwell children
Urine infections (children under 16, women over 65, pregnant women, men any age)
Conditions needing long-term management (e.g. asthma/COPD flare-up)

Home visits: Currently, we are only able to offer a home visiting service to patients living in the North Leeds Area, covering postcodes: LS6, LS7, LS8, LS14, LS16, LS17. All home visits require an initial remote assessment. I confirm I have read and understand this information

I confirm that I have read and agree to High Ash Health’s Terms & Conditions

I confirm that I understand and accept the 24-hour cancellation policy. I understand that cancelling with less than 24 hours’ notice may result in being charged the full appointment fee.

I consent to High Ash Health storing and using my personal information in accordance with their Privacy Policy.

I understand that High Ash Health is a private medical service, independent of the NHS. Fees apply to all consultations, treatments, and investigations.

Accept & Continue