Privacy Policy

This Privacy Policy explains how Dr Lo Monaco Cardiologist (“we”, “us”, “our”) collects, uses, stores, and protects your personal information when you interact with our services, website, or clinical team. We are committed to safeguarding your privacy and ensuring that all data is handled in accordance with UK data protection laws, including the UK GDPR and Data Protection Act 2018. 

Please read this policy carefully to understand how and why we process your information. We may update this notice periodically, and any changes will be published on this page.

Who does this Privacy Policy apply to?

This notice applies to any individual who contacts or receives services from Dr Lo Monaco, Cardiologist, whether by phone, email, online forms, or through our website https://drlomonacocardiologist.co.uk/ 

Our Data Protection Principles

We follow strict data protection standards, ensuring that all personal information is:

  • Processed lawfully, fairly, and transparently
  • Collected only for clear, legitimate purposes
  • Relevant, limited, and proportionate to those purposes
  • Accurate and kept up to date
  • Retained only for as long as necessary
  • Securely stored and protected from unauthorised access.

How to Contact Us?

If you have any questions about this Privacy Policy or how we use your personal information, you can contact us at email: [email protected]

How Do We Collect Your Information?

We may collect your personal information in several ways, including:

Directly from you

  • When booking an appointment
  • When communicating by email, phone, online forms, or in person
  • When providing medical history or clinical details

From other healthcare providers

  • Your GP, consultant, or hospital
  • Diagnostic centres where you previously received care
  • Imaging, pathology, and cardiology services

From third parties

  • Insurance companies
  • Referring clinicians
  • Payment or finance providers

By submitting information to us, you confirm that it is accurate and – if supplied on behalf of someone else – you have their permission to do so.

What Personal Information Do We Collect?

General personal data

  • Full name, date of birth, gender
  • Address and emergency contact details
  • Phone number(s) and email address
  • GP details
  • Details of a third-party payor (if applicable)
  • Patient feedback or communication records

Special category (sensitive) data

We collect clinical information necessary to provide safe medical care, including:

  • Medical history, test results, diagnostic images
  • ECG, CT, MRI, ultrasound, and pathology reports
  • Notes from consultations and follow-up appointments
  • Past and current treatment information
  • Details of a thk or communication records

We only process sensitive health data where legally permitted and necessary for your care.

Why Do We Use Your Personal Information?

Your information is processed only when allowed by law. The main reasons include:

  • Providing cardiology and diagnostic services
  • Coordinating care with your GP, consultant, or healthcare team
  • Ensuring clinical safety and maintaining complete medical records
  • Managing appointments, administration, and billing
  • Meeting regulatory, legal, and professional obligations
  • Communicating updates related to your care
  • Improving our clinical systems, processes, and patient experience
  • Fraud prevention and security

We rely on lawful bases such as performing a healthcare contract, legitimate interests, legal obligations, and explicit consent (when required).

Keeping Your Information Safe

We use technical and organisational security measures to prevent unauthorised access, misuse, or loss of your data. Access is restricted only to individuals who require it to deliver your care or manage related services.

We also work with secure IT, imaging, and payment systems compliant with UK healthcare data standards.

Data Retention – How Long Do We Keep Your Information?

Your personal and medical data is retained only for as long as necessary for clinical, legal, and regulatory purposes. Retention times follow:

  • NHS Records Management Code of Practice
  • Department of Health and Social Care guidance

Different types of records may have different retention periods depending on clinical relevance and legal requirements.

How is your information used?

We may process your information for the following purposes:

  • Delivering cardiology consultations and diagnostic services
  • Processing payments and managing invoices
  • Maintaining accurate medical records
  • Coordinating care with other healthcare providers
  • Ensuring clinical governance, auditing, and quality improvement
  • Meeting regulatory obligations (e.g., GMC, CQC)
  • Supporting IT administration and service security
  • Contacting you with essential service updates
  • Facilitating patient finance or insurance claims
  • Improving our website, systems, and patient workflows

We never sell your data or use it for unrelated purposes.

Sharing Your Personal Information With Third Parties

We may share your information only when justified by law, such as:

Healthcare partners

  • Your GP, consultant, or referrer
  • Diagnostic centres (imaging, cardiology, pathology)
  • Hospitals or clinics involved in your care.

Service providers acting on our behalf

These organisations process data under strict contractual controls:

  • Patient administration systems
  • Secure payment processors
  • Picture Archiving and Communication Systems (PACS)
  • Medical transcription or clinical documentation services
  • IT, hosting, and cybersecurity providers
  • Billing and finance service providers
  • External debt collection agencies (for unpaid balances)

Insurance and third-party payors

If your care is funded through insurance, corporate payors, or embassies, we may share relevant information to support authorisation and payment.

Regulators

Where required by law, we may share information with healthcare regulators or public authorities.

All third parties are legally required to protect your data and use it only for the agreed purpose.

International Data Transfers

We do not routinely transfer your information outside the UK or EEA.
If a transfer becomes necessary—such as through a service provider—we will:

  • Ensure a lawful basis for transfer
  • Use appropriate safeguards (e.g., Standard Contractual Clauses)
  • Maintain equivalent protection for your personal data.

More details can be provided upon request.

Your Data Protection Rights

You have the following rights under UK GDPR:

  • Right of access – Obtain a copy of your personal data
  • Right to rectification – Correct inaccurate or incomplete information
  • Right to erasure – Request deletion of certain data
  • Right to restrict processing – Limit how your data is used.
  • Right to object – Object to certain types of processing (including marketing)
  • Right to data portability – Receive your data in a digital format
  • Right to withdraw consent – Withdraw consent at any time

These rights are subject to certain legal limitations, especially regarding health records.

To exercise any of your rights, contact us at email: [email protected].

We may request identification before processing your request.
We aim to respond within one month, or 21 days for automated decision-related requests.

Concerns, Complaints, or Further Information

If you have questions or concerns about how your data is handled, you can contact our Registered Manager or Data Protection Lead at email: [email protected].

You also have the right to raise concerns with the Information Commissioner’s Office (ICO).