Facebook | Instagram | WhatsApp |

Privacy Policy

Last updated: March 2026

1. Who We Are

Data Controller: AristoGp, 1-5 Portpool Lane, London EC1N 7UU. AristoGp operates as a private medical clinic providing gynaecology and general practice services. We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

We collect the following categories of personal data:

  • Identity data: Full name, date of birth, gender
  • Contact data: Address, telephone number, email address
  • Medical history: Past and current medical conditions, medications, allergies, family history, test results, clinical notes, and investigation reports
  • Appointment data: Booking details, consultation records, treatment plans
  • Financial data: Payment records (we do not store full card details)
  • Communications data: Messages sent via WhatsApp or email for appointment booking and clinical queries
  • Technical data: IP address and cookies when you visit our website (see Section 10)

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing clinical assessment, diagnosis, and treatment
  • Managing appointments and sending appointment reminders
  • Maintaining accurate medical records
  • Processing payments for services
  • Communicating with you about your care and follow-up
  • Making referrals to NHS services, specialists, or laboratories where clinically indicated
  • Complying with our legal and regulatory obligations as healthcare providers

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent (Article 6(1)(a) UK GDPR): For processing sensitive health data and for communications you have agreed to receive
  • Contract performance (Article 6(1)(b)): Where processing is necessary to provide services you have requested
  • Legal obligation (Article 6(1)(c)): Where we are required by law to process data (e.g. CQC regulatory requirements, GMC obligations)
  • Vital interests (Article 6(1)(d)): Where processing is necessary to protect your life or the lives of others
  • Legitimate interests (Article 6(1)(f)): For practice management and quality improvement, where not overridden by your rights
  • Special category health data (Article 9(2)(h)): Processing necessary for the purposes of preventive or occupational medicine, medical diagnosis, provision of health or social care

5. Data Sharing

We do not sell your personal data. We may share your data with the following parties, only where necessary and with your consent where required:

  • NHS services and hospitals: For referrals, shared care, or emergency treatment
  • Specialist consultants: For second opinions or specialist referrals, with your consent
  • Laboratories and diagnostic services: For test processing and reporting
  • Insurance providers: Where you have requested an insurance report
  • Regulatory bodies: Such as the GMC or CQC where legally required
  • IT and software providers: Who assist with practice management, subject to Data Processing Agreements

6. Data Retention

We retain medical records in accordance with NHS Records Management Code of Practice guidelines. Adult patient records are generally retained for a minimum of 8 years from the date of last treatment. Records relating to children are kept until the patient’s 25th birthday, or 26th if the young person was 17 at the conclusion of treatment. Financial records are retained for 7 years in line with HMRC requirements. When records are no longer required, they are destroyed securely and confidentially.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you (Subject Access Request)
  • Right to rectification: You may request correction of inaccurate or incomplete data
  • Right to erasure: You may request deletion of your data in certain circumstances
  • Right to restrict processing: You may ask us to limit how we use your data
  • Right to data portability: You may request your data in a portable, machine-readable format
  • Right to object: You may object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing

To exercise any of these rights, please contact us using the details in Section 8. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

8. Contact for Data Requests

For any data protection enquiries, Subject Access Requests, or to exercise your rights, please contact us:
AristoGp
1-5 Portpool Lane
London EC1N 7UU
WhatsApp: +44 7490 643706

9. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. All clinical data is stored securely and access is restricted to authorised personnel only. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

10. Cookies

Our website uses cookies to improve your browsing experience. Cookies are small text files placed on your device. We use:

  • Strictly necessary cookies: Required for the website to function. Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use our site. These are only set with your consent.
  • Functional cookies: Remember your preferences to enhance your experience.

You can manage or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on this page, with the “Last updated” date revised accordingly. We encourage you to review this policy periodically. Continued use of our services after any changes constitutes acceptance of the updated policy.

Scroll to Top
Recommended by patients on Doctify