Privacy Policy & Data Protection Notice

Last Updated: March 2026

1. Introduction

Welcome to the private surgical practice of Mr Saqib Rahman ("we", "us", or "our"), trading as Rahman Medical Services Ltd (Company Number: 17000773).

As a medical practice and a data-driven surgical service, we take the privacy and security of your personal information exceptionally seriously. This Privacy Policy explains how we collect, use, and protect your personal and medical data when you visit www.rahmanmedical.co.uk or engage our clinical services, in strict accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. The Data We Collect

Depending on how you interact with our website and practice, we may collect the following categories of data:

  • Identity & Contact Data: Name, email address, telephone number, and date of birth (collected when you submit an enquiry).

  • Special Category (Health) Data: Medical history, symptoms, GP details, and clinical imaging (collected only when you register as a patient via our secure clinical portal).

  • Financial Data: Billing information and private medical insurance details (e.g., Bupa authorisation codes).

  • Technical Data: IP address, browser type, and operating system (collected automatically via website cookies to ensure the site functions correctly).

3. Our Legal Basis for Processing Your Data

Under the UK GDPR, we must have a lawful basis for processing your data. We rely on the following:

  • Provision of Healthcare (Article 9(2)(h)): To provide medical diagnosis, surgical care, and treatment.

  • Contractual Necessity (Article 6(1)(b)): To process billing, communicate regarding appointments, and deliver the services you have requested.

  • Legitimate Interests (Article 6(1)(f)): To maintain accurate practice records, ensure network security, and analyze website traffic to improve our digital services.

4. How We Secure and Store Your Data

We operate a modern, paperless clinical environment designed to maximize data security:

  • Clinical Records: All sensitive health data is stored off-website in Carebit, an encrypted, cloud-based Electronic Patient Record (EPR) system that is fully GDPR-compliant and specifically designed for UK healthcare professionals.

  • Network Security: We utilize Virtual Private Networks (VPNs) and end-to-end encryption when accessing patient data to ensure unauthorized interception is prevented.

  • Website Data: Our website is hosted on Squarespace, which utilizes secure server infrastructure (SSL/TLS encryption) to protect data transmitted through our online forms.

5. Who We Share Your Data With

We will never sell your data or share it for marketing purposes. Your data is only shared with authorized third parties required for your clinical care and practice administration, including:

  • Your NHS General Practitioner (GP): To ensure continuity of care via clinic letters.

  • Hospitals & Facilities: e.g., Nuffield Health Wessex Hospital, for theatre bookings and admission.

  • Diagnostic Services: Radiology and pathology laboratories.

  • Insurers: e.g., Bupa, for the purpose of fee authorization and billing.

  • IT Processors: Carebit (EPR) and Squarespace (Website hosting).

6. Data Retention

We retain personal and medical data only for as long as necessary to fulfill the purposes we collected it for, including satisfying legal, accounting, and regulatory requirements. In accordance with British Medical Association (BMA) guidelines, adult medical records are securely retained for a minimum of 8 years following the conclusion of your treatment.

7. Cookies & Tracking

Our website uses essential cookies to allow the site to function and secure your connection. We may also use analytical cookies to understand how visitors interact with our site (e.g., which medical conditions are searched for most frequently), helping us improve our patient resources. You can manage or disable non-essential cookies via your browser settings.

8. Your Legal Rights

Under UK data protection law, you have the right to:

  • Request access to your personal data (Subject Access Request).

  • Request correction of incomplete or inaccurate data.

  • Request erasure of your data (Note: this is subject to overriding medical and legal retention requirements).

  • Object to or restrict the processing of your data.

If you have any questions about this Privacy Policy, or wish to exercise your rights, please contact our secretarial team:

  • Email: julie@medexpm.co.uk

  • Phone: 02382 543444

  • Address: Mr Saqib Rahman, Nuffield Health Wessex Hospital, Winchester Road, Chandler's Ford, Eastleigh, SO53 2DW

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.