Dr. Kannan Athreya is back in Shenfield!
Consultation - £135.
Call us: 01277 503 503
Dr. Kannan Athreya is back in Shenfield!
Consultation - £135.
Call us: 01277 503 503
Dr. Kannan Athreya is back in Shenfield!
Consultation - £135.
Call us: 01277 503 503
Dr. Kannan Athreya is back in Shenfield!
Consultation - £135.
Call us: 01277 503 503

Privacy Policy

  • Home
  • Privacy Policy

Practice Privacy Notice

(Private GP, Menopause, Dermatology, Aesthetics and Minor Surgery)

Who we are

Shenfield Private GP, product of Aesthetk Ltd ("the Practice", "we") is an independent healthcare provider offering various services including but not limited to, private GP services, menopause care, dermatology, aesthetic treatments and minor surgery.

The Practice is the "data controller" for the personal data it collects and uses about you, under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

What information we collect

The Practice collects and uses:

  • Identification and contact details (for example: name, date of birth, address, email, phone number, emergency contact details).
  • Health and medical information (for example: symptoms, diagnoses, treatment plans, test results, photographs of skin conditions or treatment areas, menopause history, medicines, allergies, past procedures, referrals and clinical correspondence).
  • Financial and administrative information (for example: payment details, invoices, insurance policy numbers, correspondence about bookings and payments).
  • Consent records and communication preferences (for example: consent to particular treatments or procedures, consent for before/after photographs, and preferences for text/email reminders).

How and why we use your information

We use your personal data to:

  • Provide you with direct care and treatment including but not limited to GP, menopause, dermatology, aesthetic and minor surgery services, including assessing your needs, planning and delivering care, prescribing medicines and monitoring outcomes.
  • Arrange and manage appointments, tests, referrals and follow up, and to communicate with you about your care (for example: appointment reminders, test result notifications, and administrative messages).
  • Maintain accurate medical records, audit and improve our services, respond to queries or complaints, manage risk and ensure quality and safety.
  • Comply with our legal, regulatory and professional obligations (for example: requirements from the Care Quality Commission, professional regulators and data protection law).

We will not use your information for automated decision making that produces legal or similarly significant effects about you.

Our lawful bases for processing

Under UK GDPR, we must have a lawful basis to process your data. For most of our activities we rely on:

  • Provision of health care and treatment and the management of health or social care systems (UK GDPR Article 6(1)(e)/(f) and Article 9(2)(h)), which covers most of our clinical work.
  • Compliance with legal obligations (Article 6(1)(c)), for example retaining medical records for minimum periods set by law and regulators.
  • Legitimate interests (Article 6(1)(f)), for example practice administration, service quality monitoring and some communications that are necessary to run our services, provided these do not override your rights.
  • Consent (Article 6(1)(a) and Article 9(2)(a)) where we ask you to agree to something optional, such as using identifiable photographs for marketing, or sending you non essential information. You can withdraw consent at any time, which will not affect care already provided.

Special categories of data and images

Because we provide healthcare, we regularly process "special category" data (health information) and sometimes images, including close up photographs of skin, treatment areas or procedure sites.

These are processed only where necessary for your care, our legitimate interests in providing specialist services, or where required by law, and with extra safeguards such as restricted access, secure storage and, where appropriate, explicit consent.

Who we share your information with

We only share your information where it is necessary and appropriate, and we ensure anyone we share information with is subject to strict confidentiality and data protection obligations. Examples include:

  • Other healthcare providers directly involved in your care, such as your NHS GP, hospital specialists, imaging providers, laboratories, pharmacies and allied health professionals.
  • External providers who support our services, such as IT system suppliers (including practice management and electronic records systems), secure messaging services, payment processors and accountants.
  • Regulators, insurers, legal advisers, or law enforcement bodies where there is a legal requirement or where this is necessary to protect you or others from serious harm.

We do not sell your data to third parties. If we ever wish to share your identifiable information for purposes such as teaching or marketing, we will ask for your explicit consent.

Technology and Clinical Systems

Heidi Transcription AI software

Patients are informed that the practice uses Heidi, a secure medical transcription/AI scribe service, to help document consultations. The practice privacy notice explains that Heidi is used solely to support accurate clinical record‑keeping, sets out what personal data may be processed during transcription, and describes how that data is stored, how long it is retained, and the technical and organisational measures in place to protect confidentiality and security.

Semble Clinical system

We use Semble clinical software to manage appointments, medical records and related administration for our services. Semble acts as a secure electronic health record and practice management system, and processes personal data such as your contact details, demographic information, medical history, consultation notes, test results, prescriptions and invoices for the purposes of providing and organising your care. Semble operates under our written instructions and in accordance with UK data protection law, using appropriate technical and organisational measures (including access controls and encryption) to keep your information confidential and secure. Our privacy policy explains what information is stored in Semble, the legal basis for this processing, how long it is retained, who it may be shared with when necessary for your care or legal obligations, and the rights you have over your data, including access, rectification and complaint routes.

Digital phone systems

We use digital phone systems supplied and supported by Interact Technology Technical, to handle incoming and outgoing calls, voicemail and call routing for our services. These systems process personal data such as callers’ phone numbers, call timings, voicemail recordings and, where applicable, brief information you choose to share during calls for the purposes of managing enquiries, booking appointments and supporting your care. Interact Technology provides this service under our instructions and is required to comply with UK data protection law, including implementing appropriate technical and organisational measures (such as access controls, secure transmission and controlled retention of call data) to protect your information. Our privacy policy explains what information may be captured via our phone systems, the lawful basis for processing it, how long it is kept, who it may be shared with where necessary (for example, for clinical, safeguarding or legal reasons), and your rights over your data, including access, rectification and how to raise concerns or complaints.

International transfers

Most data is stored and processed within the UK or European Economic Area.

If we need to use services that store or process data outside the UK/EEA, we will ensure appropriate safeguards are in place, such as UK approved standard contractual clauses or equivalent protections required by data protection law.

How long we keep your information

We keep your information only for as long as necessary for the purposes described in this notice and in line with relevant guidance and legal requirements (for example, recommended minimum retention periods for medical records).

When records are no longer required, they are securely deleted or destroyed in accordance with our retention policy.

How we keep your information safe

We take appropriate technical and organisational measures to protect your data, including secure electronic systems, access controls, staff training and confidentiality agreements.

Only staff and clinicians who need to see your information for their role are allowed to access it, and all staff are bound by duties of confidentiality.

Your rights

You have rights over your personal data, including the right to:

  • Access a copy of your personal data (a "subject access request").
  • Request correction of inaccurate or incomplete information.
  • Request restriction or, in certain circumstances, deletion of your data.
  • Object to certain types of processing, for example direct marketing or processing based on legitimate interests, where your particular situation justifies this.
  • Withdraw consent where we rely on consent (for example, for marketing or the use of identifiable images).

These rights are subject to some legal limitations, particularly in relation to health records where information may need to be retained for clinical or legal reasons.

To exercise your rights, please contact us using the details below.

Marketing and non essential communications

We do not automatically add patients to marketing lists.

If you choose to receive information about new services, events or promotions (for example, aesthetic treatment offers), we will rely on your consent or legitimate interests as appropriate, and you can opt out at any time using the unsubscribe instructions in our messages or by contacting the Practice.

Cookies and website

If you use our website, it may collect limited information such as IP address, device information and browsing behaviour using cookies or similar technologies.

This helps us maintain and improve the website; details are provided in our separate Cookie Policy where relevant.

How to contact us and complain

If you have any questions about this privacy notice or how we use your data, or if you wish to exercise your data protection rights, please contact:

  • Data Protection Lead: Dr M A KHAN
  • Email: contact@shenfieldprivategp.com
  • Phone: 01277 503 503
  • Address: Shenfield Private GP, First Floor, 40 Hutton Road, Shenfield, Brentwood, Essex CM15 8LB

Last updated: February 2026