Privacy Policy

Bilba Clinic Ltd

Effective Date: 23/02/2026

Last Updated: 23/02/2026

1. Who We Are

Bilba Clinic Ltd is a private limited company registered in England and Wales (Company No. 14932413).

Registered Address:

57 Great Titchfield Street

London

W1W 7PN

United Kingdom

Bilba Clinic provides private medical, aesthetic, diagnostic and wellbeing services.

We are committed to protecting your personal data and respecting your privacy in accordance with:

UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Applicable healthcare and regulatory standards

For the purposes of data protection law, Bilba Clinic Ltd is the Data Controller of your personal information.

2. Information We Collect

To provide safe and effective care, we collect and process the following categories of personal data:

2.1 Personal Information

Full name
Date of birth
Gender
Address
Email address
Telephone number
Emergency contact details

2.2 Medical & Special Category Data

As a healthcare provider, we process sensitive health information, including:

Medical history
Diagnoses and treatment plans
Clinical notes and consultation records
Test results and prescriptions
Medication history
Allergies and vaccination status
Mental and physical health information
Appointment records and outcomes

This information is processed under Article 9(2)(h) UK GDPR (healthcare provision).

2.3 Financial & Payment Information

Billing details
Invoices and receipts
Insurance information (where applicable)
Payment transaction records

Payment card data is processed securely through regulated payment providers.

2.4 Website & Technical Information

When you visit our website, we may collect:

IP address
Browser type
Device information
Cookie and analytics data
Pages visited and interaction data

3. How We Use Your Information

We process your personal data lawfully, fairly and transparently for the following purposes:

3.1 Clinical Care

To assess suitability for treatment
To deliver medical, aesthetic and wellbeing services
To maintain accurate medical records
To communicate test results or treatment recommendations

3.2 Appointment & Administration Management

Booking and confirming appointments
Sending reminders
Managing follow-up care
Internal audits and quality assurance

3.3 Financial Processing

Processing payments
Issuing receipts
Handling insurance claims (where applicable)

3.4 Legal & Regulatory Compliance

Complying with CQC requirements
Responding to safeguarding concerns
Meeting statutory reporting obligations
Cooperating with regulators and law enforcement where required

3.5 Website & Service Improvement

Monitoring website performance
Analysing user experience
Ensuring cybersecurity and fraud prevention

4. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

Article 6(1)(b) – Contract (providing healthcare services)
Article 6(1)(c) – Legal obligation
Article 6(1)(f) – Legitimate interests (service improvement and security)
Article 9(2)(h) – Provision of healthcare

Where consent is required (e.g., marketing communications), it will be obtained separately and can be withdrawn at any time.

5. How We Protect Your Data

We implement robust technical and organisational safeguards, including:

Encrypted data storage and transmission
Secure clinical systems (including controlled access practice management software)
Role-based access controls
Password protection and secure authentication
Regular staff confidentiality and data protection training
Audit logs to monitor access to records

We only allow access to personal data where it is necessary for clinical or administrative purposes.

6. Sharing Your Information

We do not sell or rent your personal data.

We may share your information where necessary for safe care or legal compliance:

6.1 Healthcare Professionals

With laboratories, specialists, GPs or other healthcare providers involved in your care.

6.2 Insurance Providers

Where relevant for claims processing and authorisation.

6.3 Service Providers

With trusted third parties providing:

IT systems
Payment processing
Clinical software support
Professional advisory services

All third parties are subject to strict data processing agreements.

6.4 Legal & Regulatory Bodies

Where required by law, including:

Safeguarding authorities
Courts
Regulators
CQC inspections

7. Data Retention

We retain medical records in accordance with NHS and professional healthcare retention guidelines.

Records are securely archived and disposed of when no longer required for:

Clinical purposes
Legal defence
Regulatory compliance

Retention periods may vary depending on the type of record and applicable legal requirements.

8. Your Rights Under UK GDPR

You have the right to:

Access your personal data
Rectify inaccurate or incomplete data
Request erasure (where legally permitted)
Restrict processing
Object to processing (including marketing)
Data portability
Withdraw consent (where applicable)

Requests can be made using the contact details below. We will respond within one month, as required by law.

9. Cookies

Our website uses cookies and similar technologies to:

Improve website performance
Analyse traffic
Enhance user experience

You may manage cookie preferences through your browser settings.

Full details are available in our Cookie Policy.

10. Data Security & Breach Management

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the Information Commissioner’s Office (ICO) where required
Inform affected individuals where appropriate
Take immediate remedial action

11. Complaints

If you are concerned about how your data is handled, please contact us first.

You also have the right to lodge a complaint with:

Information Commissioner’s Office (ICO)

www.ico.org.uk

Helpline: 0303 123 1113

12. Contact Details

If you have questions or wish to exercise your data protection rights, please contact:

Data Protection Lead

Bilba Clinic Ltd