This Privacy Policy explains how Orchid Medical Secretarial Services collects, uses, and protects personal data. We are committed to safeguarding the privacy and confidentiality of all patients, consultants, and website users in compliance with applicable data protection laws, including the UK General Data Protection Regulation (GDPR).

Who We Are

Orchid Medical Secretarial Services provides medical administrative support to consultants and patients. We are registered with the Information Commissioner’s Office (ICO) and adhere to strict data protection standards.

GDPR Compliance

We comply fully with GDPR requirements, ensuring that personal data is processed lawfully, fairly, and transparently. We only collect data necessary for providing our services and maintain accurate records, in accordance with Article 6(1)(b) of the UK GDPR.

Data We Collect

We may collect and store the following types of personal data:

• Patient details (name, date of birth, contact information)
• Medical information
• Billing and payment details
• Communication records (emails, phone calls)

We may also collect, store and use the following kinds of personal information about individuals who visit and use our website:

• Information you supply to us. You may supply us with information about you by filling in forms on our website. This includes information you provide when you submit a contact/enquiry form, for example our “contact us” form. The information you give us may include your name, address, e-mail address and phone number.

How We Use Your Data

Personal data is used solely for the purpose of delivering our services, including:

• Scheduling appointments
• Preparing medical correspondence
• Processing billing and insurance claims
• Responding to enquiries

Data Security Measures

We maintain a secure IT environment with layered security controls and proactive monitoring. Our systems are managed by professional IT service providers and include encryption, secure email communication, and Cyber Essentials accreditation.

Patient Confidentiality

All patient information is treated with the highest level of confidentiality. Access to data is restricted to authorised personnel only, and all staff are trained in data protection and confidentiality protocols.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal and regulatory requirements. After this period, data is securely deleted or anonymised.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Third-Party Processors

We may engage trusted third-party service providers for IT support and payment processing. All third parties are contractually obligated to comply with GDPR and maintain appropriate security measures.

Your Rights

Under GDPR, you have the following rights:

• Access to your personal data
• Correction of inaccurate data
• Erasure of data where applicable
• Restriction or objection to processing
• Data portability

To exercise these rights, please contact us at: enquiries@orchid-medical.co.uk

Third Party Links

Our website www.orchid-medical.co.uk may include links to third party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Inform Us of Changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Contact Information

If you have any questions about this Privacy Policy or how we handle your data, please contact:

Named Data Protection Officer (DPO) Miss Lynn Seymour

Orchid Medical Secretarial Services
Evolve Business Centre, Cygnet Way, Houghton-le-Spring, DH4 5QY
Email: enquiries@orchid-medical.co.uk
Tel: 0191 920 1011

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, so we request that you please contact us in the first instance.