GDPR/Privacy Policy

Private Practice of Mr Nabeel Bhatti & Prof Simon Holmes

Last updated: 14 October 2025

1. Introduction

This privacy policy explains how we collect, use, store and protect your personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Caldicott principles of patient confidentiality.

We are committed to respecting your privacy and protecting your personal information. This policy applies to all patients seen by Mr Nabeel Bhatti and Professor Simon Holmes in a private capacity.

2. who we are

  • Mr Nabeel Bhatti - Consultant Oral and Maxillofacial Surgeon
  • Professor Simon Holmes – Consultant Oral & Maxillofacial Surgeon

Both are registered with the General Medical Council and provide private consultations and treatments at various private hospitals and clinics in London.

3. What Information We Collect

We may collect and process the following personal data about you:

a) Personal Identifiable Information

  • Full name, date of birth, address, telephone number, email address
  • NHS number or private insurance membership details (if relevant)

b) Health Information

  • Medical history, diagnosis, treatment records
  • Radiographs (X-rays, CT, MRI), clinical photographs
  • Referral letters, clinic notes, lab results

c) Administrative Information

  • Billing and payment details
  • Insurance information
  • Appointment history and correspondence

4. How We Collect Your Data

  • Directly from you (in person, by phone, email or via secure online forms)
  • Directly from you (in person, by phone, email or via secure online forms)
  • From your GP, dentist or referring clinician
  • From private hospitals or clinics where you are seen
  • From diagnostic services (e.g., imaging centres, laboratories)

5. Why We Collect Your Data

We only process your data where there is a lawful basis under UK GDPR. Most commonly, this is under the provision of healthcare and legal obligations. Specifically, we use your data to:

  • Provide appropriate medical assessment, diagnosis, and treatment
  • Maintain accurate and up-to-date medical records
  • Communicate with you about your care
  • Share relevant information with other healthcare providers (only with your consent or where legally required)
  • Comply with legal and regulatory obligations
  • Manage appointments, billing, and insurance claims

6. How We Store and Secure Your Data

We take data security seriously and implement technical and organisational measures to protect your data:

  • Records are stored securely in encrypted digital systems and/or in secure paper files
  • Access to your records is restricted to authorised personnel only
  • Emails containing clinical data are sent via secure, encrypted platforms
  • Clinical images and scans are anonymised where possible and stored in compliance with GDPR

7. How Long We Keep Your Data

We retain your medical records in accordance with UK law and guidance:

  • Adults: 8 years from the date of last treatment
  • Children: Until age 25 (or 26 if treated at age 17)

After this period, records are securely destroyed unless required for legal or regulatory reasons.

8. Sharing Your Data

We only share your data where it is necessary and lawful, such as:

  • With other healthcare professionals directly involved in your care (e.g. anaesthetists, physiotherapists, radiologists)
  • With your referring clinician, GP, or dentist (with your consent
  • With private hospitals and clinics for administration of your care
  • With insurers or third-party payers (with your consent)
  • When required by law (e.g., for safeguarding or public health reporting)

We never share your data for marketing or commercial purposes.

9. Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Correct inaccuracies in your data
  • Request erasure of your data (subject to legal requirements)
  • Restrict or object to certain types of processing
  • Request transfer of your data (data portability)
  • Withdraw consent where it has been given (this does not affect past lawful processing)

To exercise these rights, please contact us in writing (see contact details below).

10. Cookies and Website Usage

Our website may collect basic analytics using cookies, such as:

  • Page views
  • Device/browser type
  • Referring website

This data is anonymised and used only to improve site performance and user experience. You can manage cookie preferences through your browser settings.

11. Contact Us

For any data protection questions, concerns, or to make a data access request, please contact:

Data Controller: Mr Nabeel Bhatti & Prof Simon Holmes (Private Practice)

If you are not satisfied with our response, you may contact the Information Commissioner’s Office (ICO):
www.ico.org.uk