top of page

Privacy Policy

PRIVACY NOTICE

Drip on Demand

Effective date: 01/12/2025
Last reviewed: 01/12/2025
Next review: 01/12/2027

 

1. Who We Are

Drip on Demand (“we”, “us”, “our”) provides community-based clinical services including intravenous (IV) therapy, intramuscular (IM) injections, blood testing, and associated healthcare services.

For the purposes of UK data protection law, Drip on Demand is the Data Controller.

Contact details:
Email: info@dripondemand.co.uk
Clinic address: 2nd Floor, 10 Spring Villa Park, Spring Villa Road, Edgware, HA8 7EB.

Data protection oversight is provided by the Clinic Director, supported by the Quality / Data Protection Lead.

 

2. Our Commitment to Privacy

We are committed to protecting your privacy and handling your personal and medical information lawfully, fairly, transparently, and securely, in accordance with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Common Law Duty of Confidentiality

  • Care Quality Commission (CQC) requirements

This Privacy Notice explains how we collect, use, share, and protect your data, and outlines your rights.

 

3. What Personal Data We Collect

3.1 Personal and Contact Information

  • Name, date of birth, address

  • Telephone number and email address

  • Photographic ID (where required to verify identity)

3.2 Special Category (Health) Data

  • Medical questionnaires and health history

  • Allergies and current medications

  • Clinical assessments, observations, and treatment records

  • Consent forms

  • Blood test results and reports

  • Adverse reactions, incidents, or safeguarding records

3.3 Administrative and Operational Data

  • Appointment records

  • Communications with you

  • Complaints or feedback (if applicable)

3.4 Payment Information

Payment details are processed via PCI-compliant third-party providers. We do not store full card details.

 

4. Why We Use Your Data

We use your personal data to:

  • Provide safe, effective, and appropriate clinical care

  • Assess suitability for treatment

  • Maintain accurate medical records

  • Meet professional, legal, and regulatory obligations

  • Communicate with you regarding appointments and care

  • Manage incidents, complaints, and safeguarding concerns

  • Undertake quality assurance, audit, and governance activities

 

5. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Article 6(1)(e) – task carried out in the public interest (healthcare provision)

  • Article 6(1)(c) – compliance with legal obligations

  • Article 9(2)(h) – provision of health or social care and treatment

Where consent is required (e.g. optional communications), this will be obtained separately and may be withdrawn at any time.

Clinical consent for treatment is not the same as GDPR consent and does not limit your data protection rights.

 

6. How We Share Your Data

We follow strict procedures for sharing personal and medical information, as set out in our Data Sharing SOP.

6.1 Sharing for Direct Care

Your information may be shared, where necessary, with:

  • Clinicians involved in your care

  • Referral laboratories for blood tests

  • Other healthcare providers directly supporting your treatment

This sharing is necessary for safe and effective care.

 

6.2 Sharing With Your Consent

With your explicit consent, we may share your information with third parties such as:

  • Another healthcare professional or provider

  • An insurance company

  • Another organisation you nominate

Consent-based sharing is documented using formal record-sharing processes.

 

6.3 Sharing Without Consent (Lawful Disclosure)

In limited circumstances, we may share information without your prior consent where required by law or to protect safety, including:

  • Safeguarding concerns

  • Immediate risks to your safety or others

  • Notifiable infectious diseases (e.g. UKHSA)

  • Requests from lawful authorities (e.g. police, ambulance services)

Only the minimum necessary information is shared, and all disclosures are documented.

 

6.4 Publication of Clinic Information

Certain clinic documents (e.g. policies or brochures) may be published publicly.
These documents:

  • Do not contain patient-identifiable information

  • Are reviewed, approved, and version-controlled before publication

 

7. International Data Transfers

Some administrative or IT service providers may store data outside the UK or EEA. Where this occurs, appropriate safeguards are in place to ensure compliance with UK GDPR.

 

8. Data Security

We protect your data through:

  • Secure electronic clinical systems

  • Restricted staff access on a need-to-know basis

  • Secure storage of paper records

  • Staff training in confidentiality and data protection

  • Organisational controls aligned with our Data Protection Policy

 

9. How Long We Keep Your Data

We retain records in line with our Records Management and Retention Policy:

  • Clinical records are retained for a minimum of six years

  • Some records may be retained longer where legally required

  • Data is securely destroyed when retention periods expire

 

10. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request restriction of processing in certain circumstances

  • Object to certain processing

  • Request erasure where legally permitted

  • Complain to the Information Commissioner’s Office (ICO)

 

11. Subject Access Requests (SARs)

You may request a copy of your personal data at any time.

Requests can be made verbally, in writing, or by email and are handled in accordance with our Subject Access Request Policy. We usually respond within one month.

 

12. Data Breaches

Any suspected data breach is managed in line with our Data Protection and Data Sharing procedures.
Where required, breaches are reported to:

  • Affected individuals

  • The Information Commissioner’s Office (ICO)
    within statutory timescales.

 

13. How This Privacy Notice Is Provided

This Privacy Notice is:

  • Available on our website

  • Available in clinic on request

  • Referenced in our medical consent forms

14. Changes to This Privacy Notice

This notice is reviewed regularly and updated as required to reflect changes in law, guidance, or clinic practice. The most current version is always available on request.

​

The Drip on Demand Team

bottom of page