This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.
Our contact details
Name: SSK Healthcare Limited trading as The Baycliff Clinic
Address: 73a Baycliff Road, Liverpool, L12 6QT
General phone number: TBC
General inquiries email address: hello@thebaycliffclinic.co.uk
Website: www.thebaycliffclinic.co.uk
We are the controller for your information. A controller decides on why and how information is used and shared
Our Data Protection Officer is Dr Salman Khan and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at:
clinicmanager@thebaycliffclinic.co.uk
How do we get information and why do we have it?
The personal information we collect is provided directly from you for one of the following reasons:
● you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care
● you have sought funding for continuing health care or personal health budget support
● you have applied for a job with us or work for us
● you have signed up to our newsletter/patient participation group
● you have made a complaint
We also receive personal information about you indirectly from others, in the following scenarios:
● from other health and care organisations involved in your care so that we can provide you with care
● from family members or carers to support your care
What information do we collect?
Personal information
We currently collect and use the following personal information
● personal identifiers and contacts (for example, name and contact details)
More sensitive information
We process the following more sensitive data (including special category data):
● data concerning physical or mental health (for example, details about your appointments or diagnosis)
● data revealing racial or ethnic origin
● data concerning a person’s sex life
● data concerning a person’s sexual orientation
● genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
● data revealing religious or philosophical beliefs
Who do we share information with?
We may share information with the following types of organisations:
● planners of health and care services (such as Integrated Care Boards)
In some circumstances we are legally obliged to share information. This includes:
● when registering births and deaths
● when reporting some infectious diseases
● when a court orders us to do so
● where a public inquiry requires the information
We will also share information if the public good outweighs your right to confidentiality. This could include:
● where a serious crime has been committed
● where there are serious risks to the public or staff
● to protect children or vulnerable adults
We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality. These purposes will include to comply with the law and for public interest reasons.
What is our lawful basis for using information?
Personal information
(a) We have your consent - this must be freely given, specific, informed and unambiguous.
(b) We have a contractual obligation - between a person and a service, such as a service user and privately funded care home.
(c) We have a legal obligation - the law requires us to do this, for example where NHS England or the courts use their powers to require the data. See this list for the most likely laws that apply when using and sharing information in health and care.
(e) We need it to perform a public task - a public body, such as an NHS organisation or Care Quality Commission (CQC) registered social care organisation, is required to undertake particular activities by law. See this list for the most likely laws that apply when using and sharing information in health and care.
(f) We have a legitimate interest - for example, a private care provider making attempts to resolve an outstanding debt for one of its service users.
More sensitive data
Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):
(b) We need it for employment, social security and social protection reasons (if authorised by law). See this list for the most likely laws that apply when using and sharing information in health and care.
(f) We need for a legal claim or the courts require it.
(g) There is a substantial public interest (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.
(h) To provide and manage health or social care (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.
(i) To manage public health (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.
(j) For Archiving, research and statistics (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.
Common law duty of confidentiality
In our use of health and care information, we satisfy the common law duty of confidentiality because:
● you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
● we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent
● we have a legal requirement to collect, share and use the data
● for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service
How do we store your personal information?
Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:
● securely dispose of your information by, for example, shredding paper records, or wiping hard drives to legal standards of destruction.
● archive your information securely
What are your data protection rights?
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information (known as a subject access request).
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at clinicmanager@thebaycliffclinic.co.uk if you wish to make a request.
How do I complain?
If you have any concerns about our use of your personal information, you can make a complaint to us directly. Please view our complaints policy for further details.
Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.
The ICO’s address is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Date of last review
January 2026