Privacy Policy

At Chiefs Medicals Ltd, we take your privacy seriously! All information collected by us will be kept strictly confidential and will not be sold, reused, rented, loaned, or otherwise disclosed. We adhere to the UK’s General Data Protection Regulation (UK GDPR).Any information you have given to Chiefs Medicals and our associations will be held with the utmost care and will not be used in ways you have not consented to, unless we are required to do so by law, or at the discretion of your clinical team, in cases of emergency where we believe it to be in the best interest of your health. Please read the following for a more detailed explanation about how we safeguard your personal data.

We need to collect personal data in order for us to provide you with a service, to answer enquires about our services and to maintain our records. We are committed to ensuring that the information we collect, and use is appropriate for this purpose and does not constitute an invasion of your privacy.

How we use your information

This privacy policy tells you how we use your personal data:

  • To make your clinical records available to Chiefs Medicals staff  offering you medical advice 
  • To process your request for clinical treatment and/or engagement
  • To provide our products and services
  • To provide information on our products and services (where such consent has been given)
  • To process financial information and process payments for our products and services
  • To provide our hospitals partners with the necessary relevant clinical information for your pre-operative assessments,  surgery, any tests and in-patient care.
  • To contact you in response to a specific enquiry or follow-up
  • To improve or modify our services
  • For audits, regulatory purposes, and compliance with industry standards.  Such information to be provided in an anonymised format

We ask for personal data only when is needed to provide services you have enquired about or asked us to provide or to respond to your requests for information. 

What sort of data do we collect?

We need certain details in order to process your request for treatment.  This information includes:

  1. Your name; Your age, date of birth and sex; postal address; phone and email details
  2. Any relevant medical details that you have chosen to declare
  3. Information for processing payments, we do not store credit/debit card numbers, data contained within the magnetic strip or electronic chip or  bank account details once payment has been processed
  4. Clinical details, test and investigative results and any other information gathered in the course of providing you with our treatments
  5. Information about complaints and incidents
  6. Financial information in relation to your treatment or care

How do we protect your personal data?

We know how much data security matters to all our patients. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. All your data is stored securely on servers that are encrypted and are located within the EEA and we do not transfer your data outside of the EEA. These are kept with our partner hospitals who adhere to UK GDPR

How long will you keep my personal data?

We will process medical data during the duration of any treatments.  After eight years any medical data not needed will be deleted according to the law.

We send clinical letters to your GP or other relevant healthcare professionals involved in your treatment with your consent,  copies of these clinical letters will also be sent to you.

You have the right to request full copies of the clinical records we hold on you at any time. Should you wish to obtain copies of your clinical records you must do so within the timeframe set out above.

IT Services Providers

We will record your data electronically on IT and email systems. In order to process and store electronic data we engage the services of third-party IT providers. All third party IT service providers will have appropriate confidentiality and security agreements in place to ensure your data is secure in line with the GDPR requirements.

If you book a consultation

Should you wish to book a consultation we will need to collect more information from you in order to secure an appointment for you. The information we collect will include, but is not limited to:

  • Your address
  • Date of Birth
  • Height
  • Weight
  • BMI
  • GP details

Third-Party Disclosure


We are bound by the GMC (General Medical Council) to inform your GP of any medical outcomes from your appointments including your procedure of choice. If you do not want us to contact your GP you need to let us know at the time of booking your consultation.

Treatment Centre

We will also share your contact details with the treatment centre in which you are having your consultation, this is a regulatory requirement.  Some treatment centres will also require us to provide them with copies of your consultation notes for their records. Again, this is line with the regulations set out by the CQC.  All our treatment centres are tightly regulated, have a duty of care to you and your data and are subject to the laws of data processing as set out in the General Data Protection Regulation.

IT Services Providers

We will record your data electronically on IT and email systems. In order to process and store electronic data we engage the services of third-party IT providers.  All third party IT service providers will have appropriate confidentiality and security agreements in place to ensure your data is secure in line with the GDPR requirements.

When using email  as an associate of Streamline Surgical Ltd/clinics, we have teamed up with Microsoft 365.  Microsoft offers among the highest level of data security to it 365 users and is the preferred choice of email provided within the NHS due to this.  Whilst we have chosen to this provider to maximise our email security within Streamline, we cannot guarantee the safety of email communication we may send to you directly.  Once an email leaves our domain it is susceptible to hackers.  We always ask that you consider this before consenting for us to liaise with you via email.

Treatment Hospital

Chiefs Medicals Ltd do not own any hospitals or employ hospital staff, we ( and our partners/associates Streamline Surgical do however carefully select and work in partnership with certain hospitals from which your treatment is conducted. The surgeries offered in these treatment hospitals may differ and our consultants will advise you on the most appropriate treatment hospital for your procedure.

In order to ensure your procedure can be booked at your treatment hospital we will have to share with them certain relevant personal and clinical information about you. This will include the following:

  • Contact details
  • Date of birth
  • Treatment required
  • Any appropriate clinical information to assist the hospital in preparing for the patient’s treatment and care.

Your treatment hospital may use IT services from a third party provider, including archiving patient files. Any such third party provider will be subject to all regulations and data protection duties required for the processing of “sensitive data” in line with the CQC and General Data Protection Regulations.


We will not disclose information we hold about you to any person or party without your permission except in the following exceptional circumstances:

  • as is reasonable and necessary for the purposes of your care, such as your treatment hospital, referrals to a third party clinical team;
  • to process and store electronic data on our systems which are supported by third party providers. All third IT service providers will have appropriate confidentiality and security agreements in place to ensure your data is secure;
  • where we are required by a governing body or regulatory authority to disclose our clinical data and outcomes, such as the National Bariatric Surgery Registry or Care Quality Commission. All information shared in these circumstances will be entirely anonymised;
  • as required by law including any requests made by a court order or the police.

If you have any concerns how your personal data is processed ot handled, contact us immediately. Alrenatively you have the right to contact Informtion Commissioner’s office (ICO), on the following details:

ICO Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone 0303 123 1113 or email: