Privacy policy

Privacy and data security


QS Enterprises is committed to ensuring that the data we collect is stored securely, and only used for the explicit purpose that it has been collected for.  This privacy notice explains how we use and protect the information that you have provided to us.

What does this policy cover?

QS Enterprises is committed to providing the highest quality services to our patients, our referrers and those who we collaborate with.

To comply with both EU and UK laws, we must manage your personal information fairly, lawfully and transparently.

All of our employees are responsible for maintaining patient confidentiality. We provide training and education to all employees and we regularly review our policies and procedures. Our aim is to make sure that you have confidence in our staff and services and feel comfortable about giving us your information. We believe that safely looking after your information is a key part of our relationship with you.

We have dedicated staff that looks after data privacy rights. We also have a Data Protection Officer (DPO) to guide us and oversee your personal information.  This team can be contacted at:

Data Protection
QS Enterprises
8-11 Queen Square

Data Protection

Under the terms of the Data Protection Act and the new General Data Protection Regulations, QS Enterprises must protect any information collected from you. We use the latest technologies and encryption software to protect your data, and maintain strict security standards to prevent any unauthorised access to it.

From time to time, we may need to make changes to this privacy policy. Changes will be posted here and are effective immediately. You should visit this page regularly so you know:

  • What personal information we may collect
  • How we use your personal information
  • When (if ever) QS Enterprises shares your personal information with someone else


What information do we collect?

We collect personal information from people who have registered with our private patient facilities.  Patients attending our facilities will be asked to complete a registration document which allows us to collect pertinent information that we need in order to discharge our duty of care to our patients effectively and efficiently.  We do not collect any information which does not have a specific purpose or role to play in your care.

We also collect the following kinds of information from people visiting our website.

  • Feedback (through visitors emailing us or completing online forms), and
  • Site usage information

How we use your information

Information collected by QS Enterprises may be used for a number of reasons, including:

  • Contacting patients (with their permission)
  • Making appointments
  • Training
  • Research purposes
  • Service improvements
  • Improving the content and design of our website

We will never share your information with other organisations for marketing, market research or commercial purposes and we will not pass on your personal information without your consent.

How long will we keep your information?

We keep your information in line with the Department of Health records retention schedule. We’ll also keep your personal information for a certain period after your health care has ended or you’ve completed your treatment.

When determining how long this period will last, we take into account our legal obligations, the expectations of data protection regulators, and the amount of time we may strictly need to hold your personal information to carry on our work. For example, if you have a patient record with us, we will keep your information and patient details for a specific length of time. To meet our legal and regulatory requirements, we must keep much of this information for many years.

We’ll also need to keep your information in archived form in order to protect our legal rights. This may be for the period during which legal claims can be made under applicable law. In the UK this is six years for contractual claims. We have policies and procedures in place to make sure that we safely delete information no longer needed for any of these purposes.

How you can access your information?

For a copy of any information collected about you through the above, please email:

Please note that this policy does not apply to information collected during consultations at the Queen Square Private Consulting Rooms.  To access medical information collected during a consultation with a medical consultant, subject access requests should be submitted to the specific consultant, who will address the request under their obligations as data controller.  For assistance with subject access requests relating to consultations or procedures undertaken at the Queen Square Private Consulting Rooms, please email

Passing your information to others

We treat your personal information as private and confidential. In some instances, we may disclose it outside of QS Enterprises including sharing information with partners who help us provide healthcare.  For example, we work in close partnership with the UCLH NHS Foundation Trust and many of our high quality outpatient and inpatient services are provided by UCLH staff using UCLH facilities.  This means that your data, where necessary, will be inputted and stored securely within UCLH Trust IT systems, so that we may discharge your care efficiently and effectively.

We will only disclose information to others when:

  • It is needed by other parties connected with your patient record and where other healthcare bodies have an interest in your care.

We’ll also disclose information where strictly necessary to comply with our legal obligations, including where:

  • NHS or other authorities require it
  • the law, a regulatory body or the public interest requires it
  • it’s required as part of our duty to protect your patient record
  • It’s required by us or others to detect, investigate or prevent crime or fraud.


We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit  for detailed guidance.

We have a separate Cookie Policy which explains precisely what cookies we use, and what they are for.  However, most can be attributed to the following purposes:

Google Analytics

We use Google Analytics to collect information about visitor behaviour on our websites. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

You can find out more about Google’s position on privacy as regards its analytics service at

Third Party Cookies

These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site which allow visitors to share content onto social networks. Cookies are currently set by LinkedIn, Twitter, Facebook, Instagram and YouTube. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

Following a link to another website

When you go to another website, please read the privacy policy on that website if you want to know what it does with your information. QS Enterprises does not pass on any of your personal information to other organisations without your consent.

Third party website content

We may embed external content from third party websites such as YouTube and include cookies. This content is not published on our website. It is delivered using tools and services from third party sites that can be inserted into our site such as media players, RSS feeds and widgets. These websites may use cookies. Their content is subject to the privacy policy of the relevant third party provider and not ours.

Finding out what information we have about you

You may want to look at your patient health record. You have the right to make a subject access request for information that we hold about you.

To make a subject access request (SAR), you should:

  • Make the request in writing.
  • Provide enough personal information to identify you. When you send us your written request, you will need to include copies of at least two official documents, which show your name, date of birth and current address. These could be a driving licence, a birth or adoption certificate, passport or a recent utility bill.

Send your completed request and copies of relevant official documents to:

Data Protection
QS Enterprises
8-11 Queen Square

Your rights

You have certain rights over your personal information. These include the right to access a copy of your personal information or have some elements of it transmitted to you or another health provider in a common electronic format. In certain circumstances you can have your personal information corrected or erased, or you can restrict our use of it. You also have the right to object to the way we use your personal information as described above.

We generally won’t charge you to exercise these rights. You have the following rights:


You have a right to ask us if we have your personal information. If we do, you have a right to know:

  • why we have it
  • what type of information we possess
  • whether we have or will send it to others, especially outside the European Economic Area
  • how long we will keep it
  • where we got it from
  • Details of any automated decision-making.

If you want, you can ask for a copy of your information.


Where any of your information is incorrect, you have a right to tell us to correct it promptly. Please tell us as quickly as possible if you change your address or other contact details. If your information is incomplete, you can ask us to correct this too.

In certain circumstances, you’ll have the following extra rights:

Right to object

Depending on the legal basis on which we are using your information, you may be entitled to object. For example, where we’re using your information connected with marketing, we will stop if you object. However, if we’re using your information to meet certain legal obligations, we may continue to do so even if you object.

Erasure (right to be forgotten)

You may have a right to have some or all of the information we hold about you deleted. However you should be aware that, as a provider of healthcare, we are required to retain many records even after your treatment ends.


In certain circumstances you may be entitled to receive some of your information from us electronically. We can either pass the information to you, or to another person or organisation if you want.


You might also be entitled to ask us to restrict our use of your information — for example, if you think the information we hold on you is incorrect.

Withdrawing consent

If you consent to us using your information, you have the right to withdraw that consent at any time.

You can do this by contacting the Data Rights Team:

Data Protection
QS Enterprises
8-11 Queen Square

We aim to work with you on any request, complaint or question you have about your personal information. However, if you believe we have not adequately resolved a matter, you have the right, at any time, to complain to the Information Commissioner’s Officer

As an independent UK authority, the ICO upholds information rights in the public interest, promotes openness by public bodies and data privacy for individuals. You can visit their website at or ask for details from our Data Rights Team.