This Privacy Policy explains how [Your Name / Clinic Name] (“we”, “our”, “us”) collects, uses, and protects your personal data when you use our website: drsultan.co.uk, in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

Dr Sultan Ltd is the Data Controller responsible for your personal data under this policy.

Contact details:

Email: info@drsultan.co,uk

2. What Personal Data We Collect

We may collect and process the following data:

Identity Data: Name, date of birth, gender
Contact Data: Email address, phone number, address
Medical Data: Information you provide about your health or treatment needs
Technical Data: IP address, browser type, device, and usage data through cookies or analytics

We only collect data that is necessary for providing medical services or fulfilling a legitimate interest (e.g. improving our services).

3. How We Use Your Data

We use your personal data for the following lawful purposes:

To respond to your enquiries or appointment requests (legitimate interest / consent)
To provide medical consultation and treatment (performance of a contract / legal obligation)
To send relevant updates, reminders, or newsletters (with your explicit consent)
To comply with legal or regulatory obligations

4. Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. We rely on:

Consent – for marketing or non-essential communications
Contractual necessity – to deliver treatment or medical advice
Legal obligation – for compliance with healthcare regulations
Legitimate interest – for internal administration and site security

5. How We Store and Protect Your Data

We store your data securely on encrypted systems. Access is restricted to authorized medical or administrative staff. We implement appropriate technical and organisational safeguards to prevent unauthorised access, loss, or disclosure.

We retain medical data in accordance with clinical record retention laws (usually for a minimum of 8–10 years), and other data only as long as necessary.

6. Sharing Your Data

We will never sell your data. We may share it with:

Medical professionals or labs involved in your care (with your consent)
IT providers and booking platforms who process data on our behalf (bound by data processing agreements)
Regulators or legal authorities, if required by law

All third parties are GDPR-compliant and only process data as instructed by us.

7. Your Rights Under GDPR

You have the following rights:

Access – Request a copy of your personal data
Rectification – Request correction of inaccurate data
Erasure – Request deletion of your data (where legally permissible)
Restriction – Limit how we process your data
Portability – Request data transfer to another provider
Objection – Object to processing (e.g. for direct marketing)
Withdraw consent – at any time where processing is based on consent

To exercise these rights, email us

8. Cookies and Analytics

We use cookies and third-party analytics (like Google Analytics) to understand how visitors interact with our site. You can control cookie settings through your browser. Full details are in our [Cookie Policy] (if applicable).

9. External Links

Our website may contain links to other sites. We are not responsible for their privacy practices.

10. Complaints

You have the right to lodge a complaint with your local data protection authority. In the UK, contact the Information Commissioner’s Office (ICO) via www.ico.org.uk.

11. Updates to This Policy

We may update this Privacy Policy from time to time. The latest version will always be published here, with the effective date noted at the top.

12. Contact Us

If you have any questions or concerns about your privacy or data usage:

Email: info@drsultan.co.uk

Address: 2 North Terrace

BOOK YOUR APPOINTMENT

/

BOOK YOUR APPOINTMENT /