Patient Privacy Notice

Surrey Medical Consultancy Limited
Dr Stephen Evans – Consultant Gastroenterologist

Last updated: January 2026

Who we are

Surrey Medical Consultancy Limited is a private medical practice run by Dr Stephen Evans, Consultant Gastroenterologist.

For the purposes of data protection law, Dr Stephen Evans is the Data Controller. This means he is legally responsible for how your personal information is used and protected.

Contact details
Email: pa@surreymed.com
Telephone: 01483 727255 (voicemail)

Dr Stephen Evans also acts as the practice’s Data Protection Officer (DPO).

Why we hold information about you

We hold information about you so that we can:

  • provide safe and effective medical care
  • communicate with you about appointments, results and treatment
  • liaise with other healthcare professionals involved in your care
  • arrange billing and deal with insurers or third-party payers
  • meet our legal, regulatory and professional obligations

We only use your information where there is a lawful reason to do so, most commonly because it is necessary to provide healthcare and manage the practice properly.

What information we collect

Personal information

This may include your name, date of birth, contact details, next-of-kin or emergency contact details, referral information, and billing or insurance details.

Medical information

We also hold medical information relating to your care, such as consultation notes, correspondence from your GP or other clinicians, investigation results, treatment plans and outcomes.

Medical information is classed as special category data under UK GDPR and is handled with a high level of confidentiality.

We only collect information that is relevant to your care and the safe running of the practice.

How we collect your information

Your information may be collected directly from you or from your GP, other healthcare professionals, hospitals, clinics, laboratories, insurers or third-party payers involved in your care.

How we communicate with you

We may contact you by telephone, SMS, email or post. These communications are used for clinical care, administration, appointment reminders, results, invoicing and service-related surveys.

We do not use your information for marketing unless you have specifically agreed to this.

Who we share your information with

We only share your information where it is necessary and appropriate. This may include:

  • your GP
  • other doctors, nurses or healthcare professionals involved in your care
  • hospitals or clinics where you receive treatment
  • laboratories and diagnostic services
  • insurers or third-party payers
  • professional advisers such as accountants or legal advisers
  • regulators or public bodies where required by law

We do not sell your personal information.

Use of Carebit

We use Carebit Health Ltd as a secure, cloud-based patient management and administrative system. Carebit acts as a data processor on our behalf.

  • Your data is stored securely in the UK
  • Appropriate contractual safeguards are in place
  • Access is restricted to authorised users only

Carebit processes data only under our instructions and in accordance with UK data protection law.

How we keep your information secure

We take information security seriously. Measures include secure, password-protected systems, encryption where appropriate, controlled access to records, and secure disposal of data when no longer required.

How long we keep your information

We keep your information only for as long as necessary:

  • Medical records are normally retained for 30 years after the conclusion of care
  • Financial records are retained for at least 6 years, or longer where required

These periods reflect professional guidance, patient safety considerations and legal requirements.

Your rights

Under UK data protection law, you have rights including:

  • the right to access your information
  • the right to have inaccurate information corrected
  • the right to request restriction of processing in certain circumstances
  • the right to object to certain uses of your information
  • the right to complain to the Information Commissioner’s Office (ICO)

Some rights are subject to legal and clinical exceptions, particularly in relation to medical records.

To exercise your rights, please contact us using the details above.

Complaints

If you are unhappy with how your information has been handled, please contact us first so that we can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office:

https://ico.org.uk

Updates to this notice

We may update this Privacy Notice from time to time to reflect changes in law or how the practice operates. The most recent version will always be available on this page.

Proudly powered by WordPress

Scroll to Top