Privacy Policy

Last updated: 28 February 2026

This Privacy Policy explains how Medical and Dental Limited, trading as Allergy Clinic (“we”, “our”, “us”), collects, uses, stores, and protects your personal data when you use our website (allergyclinic.co.uk) or book our diagnostic allergy blood testing services. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller is Medical and Dental Limited, registered at 20 Old Brampton Road, South Kensington, London, SW7 3DL. For data protection queries, contact us at info@allergyclinic.co.uk.

2. What Data We Collect

We may collect the following categories of personal data:

Information you provide directly

  • Identity data: full name, date of birth, gender
  • Contact data: email address, telephone number, postal address
  • Health data: information you provide about your symptoms, medical history, or allergies when booking a test or completing a patient form (this is “special category data” under UK GDPR)
  • Payment data: payment card details are processed securely by our third-party payment processor and are not stored on our systems

Information collected automatically

  • Technical data: IP address, browser type and version, device type, operating system
  • Usage data: pages visited, time spent on pages, referral source
  • Cookie data: see our Cookie section below

3. How We Use Your Data

We process your personal data for the following purposes:

  • To provide our testing service: processing your booking, conducting venepuncture, sending samples to the laboratory, and delivering your test report. The legal basis is performance of a contract (Article 6(1)(b) UK GDPR) and, for health data, explicit consent (Article 9(2)(a) UK GDPR).
  • To communicate with you: confirming bookings, sending test results, responding to enquiries. The legal basis is performance of a contract or legitimate interests.
  • To comply with legal obligations: maintaining clinical records, meeting CQC regulatory requirements, and fulfilling tax and accounting obligations. The legal basis is legal obligation (Article 6(1)(c) UK GDPR).
  • To improve our website: analysing usage patterns to improve user experience. The legal basis is legitimate interests (Article 6(1)(f) UK GDPR).

We will never sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

4. Who We Share Your Data With

We may share your data with:

  • Laboratory partners: accredited UK laboratories that analyse your blood samples. They process your data as data processors acting on our instructions.
  • Payment processors: third-party payment services that securely handle card transactions.
  • Regulatory bodies: the Care Quality Commission (CQC), the General Medical Council (GMC), or the Nursing and Midwifery Council (NMC) if required by law or regulation.
  • Your chosen clinician: if you request that we send your test results directly to your GP or specialist.

We do not transfer your data outside the United Kingdom unless required for a specific laboratory analysis, in which case appropriate safeguards (such as Standard Contractual Clauses) will be in place.

5. How Long We Keep Your Data

  • Clinical records: retained for a minimum of 8 years for adults and until the patient’s 25th birthday (or 26th if the patient was 17 at the time of treatment) for children, in line with NHS Records Management Code of Practice.
  • Booking and contact data: retained for up to 6 years after your last interaction with us.
  • Website analytics data: retained for up to 26 months.

6. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your data, subject to our legal retention obligations (e.g., clinical records).
  • Right to restrict processing: request that we limit how we use your data in certain circumstances.
  • Right to data portability: request your data in a structured, commonly used, machine-readable format.
  • Right to object: object to processing based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent (e.g., health data), you can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at info@allergyclinic.co.uk. We will respond within one month as required by law.

7. Cookies

Our website uses cookies to provide essential functionality and improve your experience. Types of cookies we use:

  • Strictly necessary cookies: required for the website to function (e.g., session management). These cannot be disabled.
  • Analytics cookies: help us understand how visitors use our website. These are only set with your consent.

You can manage cookie preferences through your browser settings. For more information about cookies, visit aboutcookies.org.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (SSL/TLS), secure storage, access controls, and regular security reviews.

While we take all reasonable precautions, no data transmission over the internet can be guaranteed to be 100% secure.

9. Children’s Data

Where we provide testing services for patients under 16, we require parental or guardian consent before collecting or processing the child’s data. Health data for minors is treated with additional care and in accordance with the Information Commissioner’s Office (ICO) Children’s Code.

10. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We encourage you to review this page periodically.

12. Contact

For any questions about this Privacy Policy or your personal data, please contact: