General Data Protection Regulation

The Glade is committed to protecting the privacy and security of your personal information.

This privacy notice describes how we collect and use personal information about you in accordance with the General Data Protection Regulation (GDPR). We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in
relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so, we are regulated under the GDPR which applies across the European Union (including in the United Kingdom).

1 The personal information we collect and use:

1.1   Information collected by us

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are "special categories" of more sensitive personal data which require a higher level of protection. These specifically include medical data processed as part of our service to you.

In the course of providing our services we collect information about you such as your name, address, GP and contact details alongside any health related information required for the delivery of health care services. This will enable us to provide the appropriate care and treatment that you need. We also collect information to help our equality and
diversity monitoring and any other information lawfully required to be held by us during the course of your interaction with us.

1.2   How we use your personal information

We may use the information we collect to help us provide services to you in the following ways:

  • Doctors, nurses or healthcare professionals involved in your care need accurate information about you to assess your health and deliver the care you need
  • To ensure information is available if you need to be referred to another health professional or another part of the NHS
  • To assess the type and quality of care you have received and require in the future
  • To support clinic and treatment appointments by sending you electronic and or paper based appointment reminders
  • To ensure your concerns can be properly investigated if you are unhappy with the care you have received

1.3  Who we share your personal information with

There are times when it is appropriate for us to share information about you and your healthcare with others. We may share your information with the following main partners:

    Sexual Health / GUM Clinics
    Local Authority

If you are receiving care from other people (such as Social Services) as well as the NHS, we may also need to share relevant information to help us work together for your benefit.

We will not disclose your information to third parties without your permission unless there are exceptional circumstances such as the health and safety of another
person is at risk or where the law requires information to be passed on. We will only provide your personal information which we consider is necessary for the performance of that reason. We will not share your personal information with any other third party not having lawful access to it under current GDPR.

1.4   Whether we need your consent

We do not need your consent if we use personal information in accordance with our written policy to carry out our legal obligations. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your treatment by us that you agree to any request for consent from us.  However, if you do not provide us with such consent, we may be restricted in terms of the processing activities that we are able to perform, and we will have to make decisions based on the information that we do have.

1.5  How long your personal information will be kept

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. We will manage your personal information in accordance with our Data Retention Policy or applicable laws and regulations.

1.6   Reasons we can collect and use your personal information

We seek your consent for medical treatment as part of our assessment and treatment processes, and also to share information with other parties who may need to be involved in your treatment.  We also rely on legal and contractual obligations in some cases as the lawful basis on which we collect and use your personal data. 2 Transfer of your information out of the EEA

Personal data may only be transferred outside of the EU in compliance with the conditions for transfer set out in Chapter V of the GDPR. We do not transfer your personal information out of the EEA, but should this change this will be communicated to all affected parties.

3 Your rights

Under the GDPR you have a number of important rights free of charge. Under certain circumstances, you have the right to:

3.1  Fair processing of information and transparency over how we use your use personal information - we have set this out in this document and if you have any questions over this please contact 

Request access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are processing your personal information for direct marketing purposes.

Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

Object in certain other situations to our continued processing of your personal information.

Request the transfer of your personal information to another party.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under the General Data Protection Regulation.  If you would like to exercise any of those rights, please: email, call or write to at
let us have enough information to identify you, let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card
bill or NHS Number), and Let us know the information to which your request relates.

In circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time unless we have the lawful right to refuse that request. To withdraw your consent, please contact Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

4  Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

5  Changes to this Privacy Notice

This Privacy Notice was last updated on 23/05/2018. We reserve the right to update this Privacy Notice at any time, and we will provide you with a new Privacy Notice via display of local notices and paper copies on request.

6  How to contact us

Please contact our Data Protection Officer via
if you have any questions about this privacy notice or the information we hold about you.