Bridge House Clinic logoBridge House Clinic01244 982032
Legal

Privacy Policy.

How Bridge House Clinic collects, uses and protects your personal and health information.

This policy explains how Bridge House Clinic handles your personal information, including your health information, when you contact us, book an appointment, or receive care. We take your privacy seriously and handle your information in line with UK data protection law — the UK GDPR and the Data Protection Act 2018.

Who we are

Bridge House Clinic Limited (registered in England & Wales, company number 16069908) of Station Road, Rossett, Wrexham, LL12 0HE is the “data controller” responsible for your information. We are registered with the Information Commissioner's Office (ICO), registration number ZB946467, and we are registered with Healthcare Inspectorate Wales (HIW).

We have not appointed a Data Protection Officer. For any question about your information, or to exercise your rights, contact our Manager, Arvin Rodrigues, at arvin.rodrigues@bridgehouse-clinic.co.uk or on 01244 982032.

The information we collect

We may collect and hold:

  • Personal details — your name, date of birth, address, telephone number and email address.
  • Health information (special-category data) — your medical history, symptoms, examination findings, diagnoses, test results, treatment and clinical notes, and any clinical photographs taken as part of your care, including during intimate examinations.
  • Payment and insurance details — the information needed to take your deposit, settle your bill, or bill your insurer.
  • Website information — basic technical data collected through cookies (see “Cookies and our website” below).

We collect most of this directly from you. Sometimes we receive information from others, such as a referral letter from your GP or another clinician, or an authorisation from your insurer.

How we use your information and our lawful basis

We use your information to provide and manage your care, to take payment, to meet our legal and regulatory duties, and — only if you agree — to send you marketing. Our lawful bases under the UK GDPR are:

  • To provide your care. For ordinary personal data we rely on performance of our contract with you (Article 6(1)(b)). Because health information is special-category data, we also rely on Article 9(2)(h) — the provision of health care — with the safeguards in the Data Protection Act 2018 (Schedule 1, Part 1). This processing is carried out by, or under the responsibility of, health professionals who owe a duty of confidentiality.
  • To meet legal obligations (Article 6(1)(c)) — for example record-keeping, safety and regulatory requirements.
  • To bill your insurer. Where you ask us to deal directly with your insurer, we share your information with your explicit consent (Article 9(2)(a)).
  • Marketing — only with your consent (Article 6(1)(a)), which you can withdraw at any time.

How we share your information

We do not sell your information. We share it only where necessary:

  • with other clinicians and consultants involved in your care;
  • with laboratories and diagnostic providers that carry out tests for you;
  • with your insurer, where you ask us to bill them directly (we work with AXA, Vitality, Healix, WPA and BUPA);
  • with our payment provider, to take your deposit and settle your bill;
  • with regulators, or where we are required to do so by law (for example a court order or a safeguarding duty).

We store your information within the UK. Where a service provider processes data outside the UK, we make sure appropriate safeguards are in place. We do not make decisions about you based solely on automated processing.

How long we keep your information

We keep clinical records in line with the Welsh Government's Records Management Code of Practice for Health and Social Care (2022). In summary:

  • adult records — for at least 8 years after your last treatment;
  • children's records — until your 25th birthday (or 26th if treatment ended when you were 17);
  • mental health records — for 20 years;
  • maternity records — for 25 years.

These are minimum periods; we may keep records longer where there is a clear reason, after which we securely destroy them.

Cookies and our website

We currently use only essential cookies needed to make the website work. If we introduce analytics or marketing cookies in future — such as Google Analytics or the Meta (Facebook) pixel — we will ask for your consent through a cookie banner first, and publish a full cookie policy.

Your rights

Under UK data protection law you have the right to:

  • ask for a copy of the information we hold about you (a subject access request);
  • ask us to correct information that is wrong or incomplete;
  • ask us to delete your information — though this right does not apply to clinical records we are required to keep for healthcare and legal record-keeping;
  • ask us to restrict or object to how we use your information;
  • ask us to transfer your information (data portability);
  • withdraw your consent at any time, where we rely on consent.

To exercise any of these rights, contact our Manager (details above). We will respond within one month.

How to complain

If you have a concern about how we handle your information, please contact us first so we can put things right. You also have the right to complain to the Information Commissioner's Office (ICO):

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Helpline 0303 123 1113. Website ico.org.uk.

Changes to this policy

We may update this policy from time to time and will publish any changes on this page.

Last updated: 18 June 2026.