Terms of Use

Welcome to our website. If you continue to browse and use this website, you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern Dr Barry Grimaldi's relationship with you in relation to this website. If you disagree with any part of these terms and conditions, please do not use our website.

The term ‘Dr Barry Grimaldi’ or ‘us’ or ‘we’ refers to the owner of the website whose registered office is 6th Floor, Charles House, 108-110 Finchley Road, London, NW3 5JJ . The term ‘you’ refers to the user or viewer of our website.

The use of this website is subject to the following terms of use:

  • The content of the pages of this website is for your general information and use only. It is subject to change without notice.
  • This website uses cookies to monitor browsing preferences and other data . See our Privacy Policy below for more details.
  • Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
  • Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.
  • This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
  • All trademarks reproduced in this website, which are not the property of, or licensed to the operator, are acknowledged on the website.
  • Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
  • From time to time, this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).
  • Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Northern Ireland, Scotland and Wales.

Website Privacy Policy

What is a Privacy Notice?

A privacy notice is a statement that describes how we collect, use, retain and disclose personal information. Different Organisations sometimes use different terms and it can be referred to as a privacy statement, a fair processing notice or a privacy policy.

Under the terms of the new GDPR (General Data Protection Regulation), Dr Barry Grimaldi Diagnostics Ltd has a legal duty to explain what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law. This information also explains what rights you have to control how we use your information.

The law determines how organisations can use personal information. The key laws are: The Data Protection Act 1998 (DPA), the Human Rights Act 1998 (HRA), the General Data Protection Regulation (GDPR) 2018 and the common law duty of confidentiality.

Information obtained from you

When you register with the practice you provide us with personal data on your registration form. This data can include past and current medical condition, previous treatments or procedures, radiographs, X-rays, clinical photographs, correspondence from other healthcare professionals, name, address, date of birth, contact details, next of kin, etc.

We may also keep information contained in any correspondence or conversations.

Information collected from other sources

When you register with the practice your medical history from your previous practice(s) may be sent to us. The provision of such information enables us to deliver effective patient centred medical care. We may also collect records of your health records, treatment and medications, test results, X-rays, etc. and any other relevant information to enable us to deliver effective medical care.

Why do we hold information about you?

Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective medical care and treatment. We have a legitimate interest to process your data as it is essential for the provision of our healthcare service.  We have a legal obligation to keep your data as medical records of our care.  We will ask you to update your medical history and contact details as appropriate.

We will process your information in line with what is set out in this privacy policy and in accordance with GDPR guidelines.

How we will use your information

We use your information to make appointments for you, to generate prescriptions, to electronically file hospital and clinic records, and to provide test results as requested by you. The admin team only access your medical information on a “need to know” basis in order to perform their duties.

Your mobile phone number will be used to send you text reminders of your appointments, to send texts regarding flu clinics and other clinics you may attend, and to send texts regarding administrative matters, e.g. surgery closures. We may share your mobile phone number with other healthcare professionals involved in your care.

If you have provided your email address, we may communicate with you in this way or send referrals by email to other services involved in your medical treatment who may then communicate with you by email.

Your medical information is used to provide you with care and medical treatment. Your data is collected for the purpose of providing direct patient care.

What is the Lawful Basis for processing Personal Data?

The Law says we must tell you that these purposes are supported under the following sections of the GDPR:

Article 6(1)(f) ‘…necessary for the purposes of the legitimate interests pursued by the controller or by a third party…’; and

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...” 

We will also respect and comply with our obligations under the common law duty of confidence.

So far as any marketing information that you may request from us is concerned, the lawful basis for the collection of this data specifically is under the following section of the GDPR:

Article 6(1)(a) ‘the data subject has given consent to the processing of his or her personal data for one or more specific purposes’.

Who might we share your data with?

We can only share data if it is done securely and it is necessary to do so. Patient data may be shared with other healthcare professionals who need to be involved in your treatment or care (for example if we refer you to a specialist or need laboratory work undertaken). Or we will send details about your prescription to your chosen pharmacy.

Your data will also be shared with your insurer. We share information about your treatment, its clinical necessity and its cost, only if they are paying for all or part of your treatment with us.  We provide only the information to which they are entitled.

We may be requested – and in some cases can be required - to share certain information (including personal data and sensitive personal data) about you and your care with medical regulators such as the General Medical Council.

We can also disclose your data if it is required by UK laws and guidelines of professional bodies or if you give consent or if it is justified in the public interest.

Maintaining confidentiality

We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR) as well as guidance issued by the Information Commissioner’s Office (ICO) and with all applicable clinical confidentiality guidelines.

How long is the Personal Data stored for?

We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended. This will be for at least 11 years after you cease to be a patient.

The security of your personal data

Your information is held in the practice's computer system or in a secure manual filing system. The information is only accessible to authorised personnel. Personal information will not be removed from this practice without the patients authorised consent.

Your Personal information is carefully protected by the staff at this practice. All access to information is held securely and can only be accessed by regularly changed passwords. Data is encrypted and computer terminals are closed if unattended. Our computer system has secure audit trails and we back up information routinely.

Access to your records

You have the right of access to the data that we hold about you and to receive a copy. Formal applications for access must be in writing.

Patient Rights (as the Data Subject)

The right to erasure

The right to erasure is also known as “the right to be forgotten” and in general refers to an individual’s right to request the deletion or removal of personal information where there is no compelling reason for Dr Barry Grimaldi Diagnostics Ltd. to continue using it.

The individual does not have an automatic right to erasure. The right to erasure would only apply if the Controller could not justify the legitimacy of the processing after the individual had objected to the processing.

Individuals have the right to have their personal information being deleted or removed in the following circumstances:

  • when it is no longer necessary for the purpose for which it was collected or processed;
  • when the Controller no longer has a legal basis for using your personal information, you object to the processing of their data, and there is no overriding legitimate interest to continue this processing;
  • when you object to Dr Barry Grimaldi Diagnostics Ltd. using your personal information and there is no overriding legitimate interest for them to continue using it;
  • if Dr Barry Grimaldi Diagnostics Ltd. has processed your personal information unlawfully; or
  • if there is a legal obligation to erase your personal information for example by court order.

The right to erasure does not apply if processing is necessary for one of the following reasons:

  • to exercise the right of freedom of expression and information;
  • to comply with a legal obligation;
  • for the performance of a task carried out in the public interest or in the exercise of official authority;
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
  • for the establishment, exercise or defence of legal claims.

The GDPR also specifies two circumstances where the right to erasure will not apply to special category data (which includes medical data):

  • if the processing is necessary for public health purposes in the public interest (e.g. protecting against serious cross-border threats to health, or ensuring high standards of quality and safety of health care and of medicinal products or medical devices); or
  • if the processing is necessary for the purposes of preventative or occupational medicine (e.g. where the processing is necessary for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services). This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (e.g. a health professional).

The right to access and correct

The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why Data Controllers are using their data, and check that they are doing it lawfully. Individuals also have the right to have inaccurate personal data rectified.

We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.

The right to object

The GDPR gives individuals the right to object to the processing of their personal data. This effectively allows individuals to ask Data Controllers to stop processing their personal data.

The right to object only applies in certain circumstances and is not an absolute right. Processing will continue if:

  • the Data Controller can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • the processing is for the establishment, exercise or defence of legal claims

You have the right to object to information being shared between those who are providing you with direct care.  This may affect the care you receive – please speak to the practice.

You are not able to object when information is legitimately shared for safeguarding reasons.

Who is the Data Controller?

The contact details of the Data Controller are: Dr Barry Grimaldi MRCP, Harley Street Clinic Diagnostic Centre, 16 Devonshire Street, London, W1G 7AF

What if you are not happy or wish to raise a concern about our data processing?

You can complain in the first instance to Dr Grimaldi and we will do our best to resolve the matter. If this fails, you have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/ or call the helpline 0303 123 1113.

Changes to our privacy policy

We regularly review our privacy policy and any updates will be published on our website, in our newsletter and on posters to reflect the changes.

Cookies and website visitor tracking

When using this website, you have the choice to agree to or decline cookies. Cookies are small files installed on your browser device that allow websites (including ours), to find out more about your browsing behaviour. For Dr Barry Grimaldi, the purpose of using cookies is to better understand visitor demographics to this site so that improvements can be made, as well as informing marketing and sales strategies in the future.

This website makes use of several cookies, most notably ones relating to Google Analytics.

The lawful basis for the use of these cookies is your given consent. Since July 2018, this website has made use of a Cookie Notice that actively seeks confirmation of your acceptance or denial to the use of cookies, such as the ones listed above. To see a full list of cookies in use on this website, please click here.