A Privacy Notice (or ‘Fair Processing Notice’) is an explanation of what information the Crockett and Crooke Ltd collects on patients, and how it is used. We aim to be transparent and provide clear information to patients and potential patients, as well as our website visitors,  about how we use their personal data and is an essential requirement of the Data Protection Act (DPA) 1998. This has been added to by the GDPR and new DPA 2018. Under the DPA/GDPR, the first principle is to process personal data in a fair and lawful manner and applies to everything that is done with patient’s personal information.

Your personal data – what is it?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). When you visit our website or correspond with us by phone, e-mail or otherwise you may give us information that would be classed as personal data about you and others you are acting on behalf of. Private/NHS health records may be processed electronically, on paper or a mixture of both; a combination of working practices and technology are used to ensure that your information is kept confidential and secure. We may collect, use, store and transfer different kinds of personal data about you when you do so which we have grouped together follows:

a. Identity Data which includes your first name, last name, username or similar identifier, marital status, title, date of birth and gender.

b. Contact Data which includes your address, email address and telephone numbers.

c. Demographic Data which includes your postcode, preferences and interests.

d. Health Data which includes information about your health including your medical history and/or current health status including but not limited to data regarding test results, diagnoses and medications.

e. Financial Data which includes your bank account and payment card details.

f. Transaction Data which includes details about payments to and from you and other details of products and services you have purchased from us.

g. Technical Data which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site.

h. Profile Data which includes your username and password, requests for products and services made by you and feedback responses.

i. Usage Data which includes information about how you use our Site and services.

j. Marketing and Communications Data which includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy. The processing of personal data is governed by the EU General Data Protection Regulation (GDPR).

Who are we?

Crockett and Crooke Ltd is the data controller. Under the Data Protection Act, the data controller is the person or organization that will decide the purpose and the manner in which any personal data will be processed – they have overall control of the data they collect and decide how and why it will be processed. We are registered as data controllers under The Data Protection Act 1998. Our registration number is ZA483472 and details can be viewed at We decide how your personal data is processed and for what purposes.

How do we process your personal data?

Crockett and Crooke Ltd manages patient information in accordance with existing laws and with guidance from organisations that govern the provision of healthcare in England such as the Department of Health and the General Medical Council.

The purposes and legal basis for processing your data:

Recording your data is necessary for the provision to you of health care, medical diagnosis and treatment. This is defined as direct patient care in the General Data Protection Regulation (Articles 6(1)(e) and 9(2)(h)).

We keep personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We use your personal data or communicate with you via post, email, telephone, SMS messages for the following purposes:

Our primary reason is to provide you with healthcare.


This might also involve using data:

a. For our own internal records.

b. To improve our website in order to better serve you.

c. To improve the products and services we provide.

d. To contact you in response to a specific enquiry.

e. To customise the website for you to allow us to deliver the type of content and product offerings which you are most interested in.

f. To quickly process your transactions.

g. To send you promotional emails about products, services, offers and other things we think might be relevant to you.

h. To send you promotional mailings or to call you about products, services, offers and other things we think might be relevant to you.

i. To contact you via email, telephone or mail for market research reasons.

j. To ask for ratings and reviews of services or products.

k. To follow up with you after correspondence (live chat, email, text or phone enquiries).

In each case we will use your data in accordance with this privacy policy.

We can disclose personal information if:

You provide consent. This can be assumed (implicit) for example when you agree to be referred to a specialist. It can be specifically requested (explicit) when used for other purposes. You can object to your personal information being shared with other health care providers such as your NHS GP, but if this limits the treatment that you can receive then the doctor will explain this to you at the time.

It is required by law.


In rare circumstances when it in the public interest.


Your personal information may be used for clinical audit (evaluation) purposes. When this is held outside of Crockett and Crooke Ltd, all details that could identify you will be removed.

We will hold details of your financial information for the purpose of administering your membership subscription and payments.


We will use your information collected from our website to personalise your repeat visits to our website. This information is held on your computer web browser as “cookies”. You can set your browser not to accept cookies. However, in a few cases some of our website features may not function as a result.


How do we maintain the confidentially of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act, and the Common Law Duty of Confidentiality.

All of our staff, contractors and committee members receive appropriate and regular training to ensure they are aware of their personal responsibilities and have legal and contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff have access to personal information where it is appropriate to their role and is strictly on a need-to-know basis.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.

Who are our Partner Organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:


• Private Hospital Providers (SPIRE/NUFFIELD for example) inpatient and outpatient care

• Health Insurers (e.g. BUPA/WPA, PPP, AVIVA…)

• NHS Trusts

• Specialist Trusts

• Independent Contractors such as dentists, opticians, pharmacists, psychologists and other certified allied healthcare practitioners.

• Voluntary Sector Providers (rarely and only if requested by client/patient)

• Ambulance Trusts (exceptional and rare circumstances)

• Social Care Services (as above)

• Education Services (as above and only as a result of patient/client request)

• Fire and Rescue Services (exceptional safety critical issues)

• Police


Access to personal information

You have a right under the Data Protection Act 1998 to access/view information the practice holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you we will:

give you a description of it

tell you why we are holding it

tell you who it could be disclosed to

let you have a copy of the information in an intelligible form

If you would like to make a ‘subject access request’, please contact Crockett and Crooke Ltd in writing. There may be a charge for this service. Any changes to this notice will be published on our website.

How long can we keep your records?

The GDPR allows us to retain our records about you while you are alive.

If you want to make a complaint about the way we hold your data

You have a right to lodge a complaint with the Information Commissioner’s Office. Details on how to do this are available at You can ring the Information Commissioner’s Office at 0303 123 1113.

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.