Privacy Policy

Last updated: March 2026

1. Who we are

London Cardiology Clinic is a private cardiology service operated by Dr Mahmood Ul Hassan, Specialist in Cardiology (GMC no. 6071047). We are the data controller for the personal information we collect about you.

Contact for data protection queries: drmahmoodclinic@pm.me

Clinic address: 40–44 The Broadway, London SW19 1RQ

2. What information we collect

We may collect and process the following categories of personal data:

• Identity data: your name, date of birth
• Contact data: email address, phone number, postal address
• Health data: symptoms, medical history, medications, ECG findings, clinical assessment notes, and any correspondence with your GP (special category data under UK GDPR Article 9)
• Financial data: payment is processed by Stripe; we do not store your card details
• Booking data: appointment dates, times, and attendance records, processed via Cal.com

3. How we collect your information

We collect information directly from you when you:

• Book an appointment via our website (processed by Cal.com)
• Pay for a consultation (processed by Stripe)
• Attend a consultation and provide your medical history
• Contact us by email

4. Lawful basis for processing

We process your personal data on the following legal bases under UK GDPR:

• Contract (Article 6(1)(b)): to provide the cardiology consultation service you have booked and paid for
• Explicit consent (Article 9(2)(a)): for processing your health data (special category data). You will be asked to provide explicit consent before your consultation
• Legitimate interest (Article 6(1)(f)): for administrative purposes, improving our services, and responding to enquiries
• Legal obligation (Article 6(1)(c)): to comply with regulatory requirements including GMC record-keeping obligations

5. How we use your information

We use your information to:

• Provide your cardiology consultation
• Prepare a written clinical report
• With your explicit consent, share your report and recommendations with your GP
• Process your payment
• Manage your booking and send appointment reminders
• Respond to your enquiries
• Comply with legal and regulatory obligations

6. Data processors

We use the following third-party services to deliver our service. Each acts as a data processor on our behalf:

• Cal.com (Cal.com Inc.) — appointment booking and scheduling. Privacy policy: cal.com/privacy
• Stripe (Stripe Payments Europe Ltd) — payment processing. Your card details are handled entirely by Stripe and are never stored on our systems. Privacy policy: stripe.com/gb/privacy
• Proton Mail (Proton AG) — email communications. End-to-end encrypted. Privacy policy: proton.me/legal/privacy

7. Data retention

• Clinical records: retained for 8 years from the date of your last consultation, in accordance with GMC and NHS record-keeping guidance
• Payment records: retained by Stripe in accordance with their retention policy and UK financial regulations
• Booking records: retained by Cal.com for the duration of our account
• Email correspondence: retained for 3 years unless related to clinical matters (8 years)

8. Your rights

Under UK GDPR, you have the right to:

• Access your personal data (Subject Access Request)
• Rectification of inaccurate data
• Erasure of your data (subject to our legal obligations to retain clinical records)
• Restrict processing in certain circumstances
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time for health data processing (this does not affect the lawfulness of processing before withdrawal)

To exercise any of these rights, contact us at drmahmoodclinic@pm.me. We will respond within one month.

9. International transfers

Cal.com Inc. is based in the United States. Data transferred to Cal.com is protected under appropriate safeguards in accordance with UK GDPR requirements. Stripe Payments Europe Ltd processes EU/UK payments within the EEA. Proton AG is based in Switzerland, which has an adequacy decision from the UK.

10. Cookies

Our website does not use cookies or tracking technologies. All fonts are self-hosted and no third-party analytics are used. The Cal.com booking embed may set functional cookies necessary for the booking process; these are covered by Cal.com’s cookie policy.

11. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

12. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top of this page will be revised accordingly. We encourage you to review this page periodically.