Privacy Policy

1. Introduction

At Klaris Mind, we understand that your personal and medical information is deeply private. Protecting it is a responsibility we take seriously.

This Privacy Policy explains how we collect, use, store, and safeguard your information when you visit our website or receive care with us.

We handle your information in accordance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable healthcare confidentiality standards.

2. Who We Are

Klaris Mind Clinic is a trading name of Trinity Edwards Ltd, which is the data controller responsible for your personal information.

If you have any questions about this policy or how your data is handled, you can contact us at:

Klaris Mind Clinic
info@klarismind.co.uk
020 8191 3728

3. Medical Records & Third-Party Processing

As part of delivering safe and appropriate care, Klaris Mind may request and review relevant medical records from your GP or other healthcare providers where clinically necessary and with your consent.

To facilitate this process securely, we may use trusted third-party medical records processing providers, including Medi2Data, who act on our behalf as data processors in accordance with UK data protection legislation.

These providers are contractually required to:

process personal data only on our instructions;
maintain appropriate technical and organisational security measures;
keep all patient information confidential; and
comply with applicable UK GDPR and Data Protection Act requirements.

The information processed may include special category health data, including medical history, medications, diagnoses, consultation notes, and correspondence relevant to your care.

We take the confidentiality and security of your information seriously and only request information that is necessary for the provision of your treatment and clinical assessment.

Your information may be retained in accordance with legal, regulatory, safeguarding, and medico-legal obligations applicable to healthcare providers.

You have rights in relation to your personal data, including rights to access, correct, restrict, or request deletion of your information, subject to applicable legal and clinical obligations.

4. The Information We Collect

To provide safe, personalised care, we may collect:

Personal Details

Your name, date of birth, address, contact details, emergency contact information, and other administrative information relevant to your care.

Medical Information

Relevant health history, medications, consultation notes, treatment records, correspondence, risk assessments, safeguarding information, and other information necessary for safe clinical care.

Payment Information

We use secure third-party providers (such as Stripe) to process payments. We do not store full card details.

Website & Technical Information

Basic technical information such as IP address, browser type, device information, cookies, and website usage analytics to help us improve our website and services.

Communications

Information you provide when contacting us by email, telephone, website forms, or messaging services.

5. Lawful Basis for Processing

Under UK data protection law, we process your personal information where necessary for:

the provision of healthcare and medical assessment;
compliance with legal and regulatory obligations;
safeguarding responsibilities;
our legitimate interests in operating and improving our services; and
where applicable, your consent.

As a healthcare provider, we also process special category health data under the provisions relating to medical diagnosis, healthcare provision, treatment, and the management of healthcare systems and services.

6. How We Use Your Information

We use your information to:

provide safe, consultant-led medical care;
assess your suitability for treatment;
manage appointments, bookings, and payments;
communicate with you about your care;
coordinate with healthcare professionals involved in your treatment;
meet our legal, regulatory, safeguarding, and professional obligations;
improve our services using anonymised or aggregated information where appropriate;
maintain accurate medical records and clinical documentation.

We only use your information where it is necessary for your care, our operations, or where required by law.

7. Sharing Your Information

We keep your information confidential and only share it where necessary and appropriate, including:

with healthcare professionals involved in your care;
with your GP or other healthcare providers, where clinically appropriate and with your consent;
with trusted technology and service providers who support our operations;
with secure payment providers;
with regulators, safeguarding authorities, or law enforcement where we are legally required or professionally obliged to do so.

We do not sell your personal information.

We do not bill insurance providers directly. If you choose to claim through insurance, we can provide documentation for you to submit yourself.

8. Safeguarding & Exceptional Circumstances

While confidentiality is central to the care we provide, there may be exceptional situations where we are legally or professionally required to share information without consent.

This may include circumstances where:

there is a serious concern about your safety or the safety of another person;
safeguarding concerns arise involving children or vulnerable adults;
disclosure is required by law, court order, or regulatory obligation.

Where appropriate and possible, we will aim to discuss this with you first.

9. International Data Transfers

Some of our trusted technology providers may process limited personal data outside the United Kingdom.

Where this occurs, we ensure that appropriate safeguards and contractual protections are in place in accordance with UK GDPR requirements.

10. How Your Information Is Protected

We use secure systems, encryption, access controls, and other technical and organisational safeguards to protect your information.

Only authorised members of our team can access your information, and all staff handling confidential information are subject to professional and contractual confidentiality obligations.

We regularly review our systems and processes to help maintain the security and integrity of the information we hold.

11. How Long We Keep Your Information

We retain medical records in accordance with UK healthcare guidance, regulatory requirements, and medico-legal obligations.

In most cases, adult medical records are retained for a minimum of 8 years after the conclusion of treatment, although some records may need to be retained for longer where clinically or legally appropriate.

12. Your Rights

Under data protection law, you have rights in relation to your personal information, including the right to:

access the information we hold about you;
request correction of inaccurate information;
request restriction of processing in certain circumstances;
object to certain types of processing;
request deletion of information where applicable;
withdraw consent where processing relies on consent.

Please note that some rights may be limited where we are legally required to retain healthcare records or where retaining information is necessary for ongoing clinical care or legal obligations.

If you wish to exercise any of your rights, please contact us and we will guide you through the process. We usually respond within one calendar month.

You also have the right to raise concerns with the UK Information Commissioner’s Office (ICO):

Information Commissioner’s Office (ICO)

13. Marketing Communications

We may occasionally send service updates or relevant clinic information.
Where marketing communications require consent, you can withdraw your consent or unsubscribe at any time.

We do not send unsolicited marketing communications.

14. Website Cookies

Our website uses cookies and similar technologies to help it function properly, improve user experience, and understand how visitors use the website.

You can control or disable cookies through your browser settings. More information is available in our Cookie Policy.

15. CCTV (If Applicable)

For the safety and security of patients, visitors, and staff, CCTV may operate in certain communal areas of our premises where appropriate.

CCTV footage is handled securely and retained only for as long as reasonably necessary.

16. Children & Young People

We do not knowingly collect information from children without appropriate consent, legal basis, and clinical justification.

Where treatment involves younger individuals, we process information in accordance with applicable safeguarding and healthcare laws.

17. Communication & Digital Correspondence

We aim to communicate with you in a way that feels accessible, discreet, and supportive. However, email and digital communications are not always completely secure.

If something is particularly sensitive, we can discuss safer or alternative ways to communicate with you.

18. Third-Party Links

Our website may contain links to external websites. We are not responsible for how those websites handle your information, and we recommend reviewing their privacy policies separately.

19. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or regulatory guidance.

The latest version will always be available on our website.

20. Contact Us

If you have any questions or concerns about this policy or how your information is handled, please contact us: