Genetic Experts UK Privacy Policy

This Privacy Policy sets out important details about information (“personal data”) that Genetic Experts UK and the healthcare professionals responsible for your care will collect and hold about you, how we use your personal data and how we protect it. It also provides information on your rights in relation to your personal data.


This Privacy Notice applies to anyone who receives healthcare services at Genetic Experts UK (“care”) and describes how we handle your personal data regardless of the way you interact with us (for example, in person, by email, through our website, by phone and so on). Please take your time to read this Privacy Notice carefully.


About us

In this Privacy Notice we use “we” or “us” or “our” or “Genetic Experts UK” to refer to the Genetic Experts company who is using your personal data, and the healthcare professionals who provide your care.


This policy was last updated on 6th October 2021.


The type of personal information we collect

We will collect and use personal data about you including:

  • your name, address and contact details
  • financial information, such as credit card details used to pay us and/or health insurance details
  • occupation
  • emergency contact details, including next of kin
  • background referral details

Special categories of personal data

We also collect and use more sensitive personal data (known as “special category data”) about you, such as information relating to your physical and mental health. Special category data must be handled even more sensitively than “standard” personal data. For example, if you are a patient, we will need to use personal data about your health in order to provide your care. Your special category personal data will be managed in accordance with the law and this Privacy Notice and also all applicable


professional standards including guidance from the General Medical Council and British Medical Association.

The special category personal data we hold about you includes the following:

  • details of your current or former physical or mental health. This may include personal data about any healthcare services you have received or need, including about clinic and hospital visits and medicines administered. We provide further details below on the manner in which we handle such personal data
  • details of care you have received from us including any images taken in relation to your care
  • details of your nationality, race and/or ethnicity
  • details of your religion
  • details of any genetic data

The confidentiality of your medical information is important to us. We make every effort to prevent unauthorised access to and use of information relating to your current or former physical and mental health. In doing so, Genetic Experts UK complies with UK data protection law, including the Data Protection Act 2018, and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council and the Nursing and Midwifery Council.


Other people’s personal data

If you provide us with personal data about another person, you must inform that person about the contents of this Privacy Notice.


Changes to your personal data

In addition, if you change personal data which we already hold about you (for instance by changing a pre-populated form) then we will update our systems to reflect the changes, but our systems will also continue to hold the originally recorded personal data.


How we get your Data Directly from you

We may collect personal data directly from you when you:

  • enter into a contract with us for the provision of your care
  • use that care
  • have remote consultations with a healthcare professional including virtual or by telephone
  • complete enquiry forms on our website
  • send us a question including through our website, by email or by social media
  • correspond with us by letter, email, telephone or social media

From other healthcare providers

Our patients will usually receive healthcare services from other organisations in addition to Genetic Experts UK, and so in order to provide you with the best care possible we may have to collect personal data about you from other organisations. This may include medical records from:

  • your GP
  • your healthcare professional (including their medical secretaries)
  • the NHS or any private healthcare organisation
  • mental health providers

Medical records include personal data about your tests and diagnosis, clinic and hospital visits and medicines administered.


How will we communicate with you?


We are likely to communicate with you by telephone, SMS, email, and/or post. If we call the telephone number(s) which you have provided, and the call directs to a voicemail and/or answering service, we may leave a voice message on your voicemail and/or answering service.

In particular:

  • to provide you with timely updates and reminders about your care, we may send you SMS messages and/or unencrypted email where you have stated a preference in the patient registration form to be contacted by SMS and / or email)
  • to provide you with your medical information (including test results and other clinical updates) and/or invoicing information, we may communicate with you by encrypted email where you have stated a preference in the patient registration form to be contacted by email. The first time we send you any important encrypted email g. one that we are not also sending by post

or which requires you to take an action, we will try to contact you separately to ensure that you are able to access that encrypted email

  • if we have your mobile number or your email address, we may use them to ask you to complete patient surveys which are for the purpose of improving our service or monitoring outcomes and are not a form of

How do we use your personal data?

We use (or “process”) your personal data for a number of different purposes but in all cases, we must have a legal basis for doing so. When we use “special category of personal data” such as personal data relating to a person’s health, (see section on Special categories of personal data above) we must have a specific additional legal basis to do so.

Generally, we will rely on the following legal bases:


  • we need to use your personal data to take steps so that you can enter into a contract with us to provide your care
  • we need to use your personal data to provide your care in accordance with a contract between you and Genetic Experts We will rely on this for activities such as supporting your care and other benefits, supporting your genetic counsellor and providing other services to you; and/or

Health or social care: to provide your care; and Vital interests: to protect your vital interests where you are physically or legally incapable of giving consent, for example in an emergency if you are incapacitated.


Legitimate interests: we need to use your personal data for our legitimate business interest to process your personal data and such interest does not cause harm to you. We will rely on this for activities such as quality assurance, maintaining our business records, developing and improving our products and services and helping with medical research.


Legal obligation: we need to use your personal data to comply with our legal or regulatory obligations.


Consent: you have given us your consent to use your personal data for this purpose.


Where we are relying on consent to use your personal data you have the right to withdraw your consent at any time by contacting us (contact details can be found at the bottom of this document) and we will stop using your personal data for that purpose.


Reasons we use your data:

Purpose 1: To set you up as a patient on Genetic Experts UKs systems.

Purpose 2: To provide your care and related services

Purpose 3: To settle your account

Purpose 4: For internal clinical audit, National Clinical Audit and medical research purposes

Internal clinical audit: There may be a clinical audit of health records, including medical information, carried out by Genetic Experts UK to assess care standards and identify any improvements we could make, or as required by law.


Medical research

We also participate in medical research and may share anonymised personal data with ethically approved research projects.

Purpose 6: Contacting you and resolving queries or complaints

Purpose 7: Liaising with other healthcare professionals about your care and updating others (such as your emergency contact)


If we relied on legitimate interests in using your personal data, you can object to us using your personal data for this purpose, and we may have to stop doing so. If you would like to object then please contact our us (contact details can be found at the bottom of this page).


How do we protect your data?

We are committed to looking after your personal data and have implemented appropriate physical, technical, and organisational security measures designed to protect against accidental loss and unauthorised access, use, alteration, or disclosure.


In doing so, we comply with UK data protection law, including the Data Protection Act 2018, the EU General Data Protection Regulation and all applicable medical confidentiality guidelines issued by professional bodies including, but not limited to, the General Medical Council and the Nursing and Midwifery Council.


In addition, we limit access to your personal data to those employees and healthcare professionals who have a business need to know it. They will only use your personal data on our instructions, and they are subject to a duty of confidentiality.


For how long do we store your personal information?

We will only hold your personal data for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. We will generally keep personal data about your care for 30 years after you have finished your treatment.


International Transfers of Personal Data

We may use or hold personal data that we collect about you in countries outside the United Kingdom or the European Economic Area) (“UK/EEA“). Where we transfer your personal data outside of the UK/EEA we take steps to ensure that your personal data is protected.

We will only transfer your personal data outside of the UK/EEA for the purposes set out in this Privacy Notice and to the extent that it is relevant and necessary.


In particular, we may transfer your personal data outside of the UK/EEA to the United States to suppliers of:

  • Genetic and genomic testing eg we send blood, salvia and pathology samples to a lab in the US for testing

If you would like further information regarding the steps, we take to safeguard your personal data, please contact us (contact details can be found at the bottom of this page).


Our IT services Medesk uses servers which are based outside of the UK/EEA. For more information about Medesk please see their Privacy Policy Medesk


We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy. In particular this means that your personal data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission or the UK Data Commissioner has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission (“Standard Contractual Clauses”).


Medesk Site and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Site or Services from outside the EEA or the UK. This means that where you chose to post your personal data on our Site or within the Services, it could be accessed from anywhere around the world and therefore a transfer of your personal data outside of the EEA or the UK may be deemed to have occurred.


Your rights

You have certain rights in relation to your personal data that we hold about you. These include rights to know what personal data we hold about you and how it is used. We will use and hold your personal data in accordance with our obligations and these rights.


You may ask to exercise these rights at any time by contacting us (contact details can be found at the bottom of this page). You will not usually be charged for exercising your rights.


These rights do not always apply in all cases, and we will let you know how we will be able to meet your request. If we cannot meet your request, we will explain why. If you make a large number of requests or it is not reasonable for us to meet a request, then we do not have to respond. Alternatively, we can charge for responding.


The right to access your personal data

You have the right to request details and a copy of the personal data we hold about you and details about how we use it. We must confirm whether we have personal data about you, and we also need to provide you with a copy of your personal data.


We will usually provide you with your personal data in writing, unless you request otherwise. If you have made the request electronically (eg by email) the personal data will be provided to you electronically where possible.


In some cases we may not be able to fully comply with your request, for example if your request involves another person’s personal data and it would not be fair to that person to provide it to you.


The right to rectification


You have the right to have inaccurate personal data about you corrected or removed.


The right to erasure (“right to be forgotten”)

You have the right to request that we delete certain personal data we hold about you. However, there are exceptions to this right. For example, we can refuse to delete your personal data if we need to keep for tasks which are in the public interest.


The right to restrict processing

You have the right to ask us to restrict our use of your personal data. We do not have to comply with all requests to restrict our use of your personal data. For example, if we need to use it for tasks which are in the public interest or for establishing, exercising or defending legal claims.


The right to data portability

You have the right to ask us to transfer your personal data to you or to someone else in a format that can be read by computer.


The right to withdraw consent

You have the right to withdraw any consent you have given us to use your personal data.


The right to complain to the Information Commissioner’s Office (“ICO”)

You can complain to the ICO if you are unhappy with the way that we have dealt with a request from you to exercise any of these rights, or if you think we have not complied with our legal obligations.


More information can be found on the ICO website: https://ico.org.uk/

Making a complaint will not affect any other legal rights or remedies that you have.


External Websites

We may from time to time include on our website’s links to and from the websites of other organisations. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies and notices before you submit any personal data to these websites.


How to Contact Us



If you have any questions about this Privacy Notice or would like to exercise any of your rights set out in this Privacy Notice, please contact us at:

Vicki Kiesel

15 Ploughman’s Court. Lincoln. LN2 4FP 0333 339 2680

[email protected]

Genetic Experts UK

Copyright © 2021 Genetic Experts UK – All Rights Reserved.

