Privacy Policy — Dr Tom Kaier, Consultant Interventional Cardiologist

Introduction

Dr Tom Kaier ("we", "us", or "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use, and safeguard any personal information you provide when using this website (tomkaier.com) or when contacting us to arrange private medical care.

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our GMC registration number is 7025841.

Information We May Collect

When you use this website or contact us, we may collect the following types of information:

Your name and contact details (telephone number, email address, postal address)
Information provided by your referring clinician, such as GP referral letters
Insurance details, if applicable
Any health-related information you share when making an enquiry or booking an appointment
Technical information such as your IP address, browser type, and pages visited (collected automatically via standard web server logs)

This website does not currently use contact forms. Enquiries are handled by telephone through the private secretary.

How We Use Your Information

We use the information we collect for the following purposes:

To arrange and manage your appointments and private medical care
To communicate with you about your treatment, appointments, or enquiries
To liaise with your GP, referring clinician, or insurer as necessary for the provision of your care
To comply with legal, regulatory, and professional obligations, including those of the General Medical Council
To maintain and improve the functionality and security of this website

Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by UK GDPR:

Consent — where you have given clear consent for us to process your personal data for a specific purpose
Contract — where processing is necessary for the performance of a contract with you, such as providing private medical services
Legal obligation — where processing is necessary to comply with legal or regulatory requirements
Legitimate interests — where processing is necessary for our legitimate interests, such as maintaining and improving our website, provided these do not override your rights

Where we process special category data (such as health information), we do so on the basis that it is necessary for the provision of healthcare and is handled by a professional subject to a duty of confidentiality.

Clinical Records

Clinical records relating to your private medical care are maintained in accordance with the requirements of the General Medical Council, the Data Protection Act 2018, and NHS best practice guidelines. These records are stored securely at the hospitals where care is provided, namely Royal Papworth Hospital and Cambridge Heart Clinic (Addenbrooke's Hospital), and are subject to those institutions' own data protection and information governance policies.

Clinical records are retained in line with NHS Records Management Code of Practice guidelines. For adult patients, this is typically a minimum of eight years after the conclusion of treatment, or longer where clinically or legally appropriate.

Data Sharing

We do not sell, rent, or trade your personal information. We may share your information with the following parties where necessary for the provision of your care or to meet legal obligations:

Your GP or referring clinician
Hospital teams involved in your care at Royal Papworth Hospital or Addenbrooke's Hospital
Your private medical insurer, where relevant to the funding of your care
Professional or regulatory bodies, where required by law

Cookies & Website Analytics

This website may use cookies — small text files placed on your device — to help improve your browsing experience. These may include essential cookies required for the website to function and, where applicable, analytics cookies to help us understand how visitors use the site.

You can control and manage cookies through your browser settings. Disabling cookies may affect the functionality of certain parts of the website.

Third-Party Links

This website contains links to external sites, including hospital booking portals, Doctify, and professional bodies. These third-party sites have their own privacy policies, and we are not responsible for their content or data practices. We encourage you to review the privacy policies of any external site you visit.

Data Security

We take appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. However, no method of transmission over the internet is completely secure, and we cannot guarantee the absolute security of data transmitted via this website.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

The right to access the personal data we hold about you
The right to request correction of inaccurate or incomplete data
The right to request erasure of your data, subject to legal and regulatory retention requirements
The right to restrict or object to the processing of your data
The right to data portability
The right to withdraw consent at any time, where processing is based on consent

To exercise any of these rights, please contact us using the details below.

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

Contact

If you have any questions about this privacy policy or wish to exercise your data protection rights, please contact the private secretary:

Ms Olivia Scholes
Tel: 01223 639763