Privacy notice for consultants and other external individual

We are committed to respecting and protecting your privacy whenever we use your personal information.

The following privacy notice sets out what information about you GenesisCare collects, how that information be used and your legal rights.

This Privacy Notice applies to the following groups of individuals:

What information does GenesisCare collect?

We will collect, use and store your personal data for a wide variety of reasons in connection with the professional relationship between us. Set out below are the main categories of personal data which we may collect:

How do we obtain your information?

GenesisCare works closely with Consultants and External Individuals to support the delivery of our services. First and foremost, we will look to identify potential compatible business opportunities. We do this by collecting information:

How does GenesisCare use my information?

We use a third party service provider called Broadley Speaking to identify and progress potential business opportunities. Broadley Speaking may contact you on our behalf to talk about our services. We may also contact you directly.

Where you choose to apply for practising privileges, we will collect and retain information about you relevant to your application and if successful, information needed to manage your ongoing relationship with us. We will carry out checks such as obtaining references, DBS, confirming your previous employment, professional and regulatory registrations and right to work. This will entail collecting information directly from you, your previous employer/s and relevant regulatory and professional bodies.

Once your practising privileges have been granted, your name, role, department or section, work email address and telephone number will appear in the GenesisCare UK internal directory. This information may also appear on externally facing webpages and publications.

We will use your information to help fulfil other contractual obligations such as annual reviews, processing payments and ensuring you are up to date with your statutory and mandatory training.

We keep a log of and record incoming telephone calls to GenesisCare Centres to ensure individuals contacting GenesisCare receive an appropriate response and for quality monitoring, training and compliance purposes.

We may monitor use of GenesisCare IT equipment, systems, network and internet access through user names and log-ins to ensure adherence to the Acceptable Use Policy, statistical purposes or monitoring systems access to ensure access is appropriate and identifying/preventing security breaches.


As a company pursuing healthcare activities, we may sometimes need to process your data to pursue our legitimate business interests. This will be in ways that you would reasonably expect, the nature of which include;

If you participate in the eMDT platform we will store your name, telephone number and email address so that we can invite you to provide your expertise, either individually or in collaboration with other consultants, in the treatment of patients.  The eMDT platform can also store your professional opinions on treatment.  The core record of the eMDT will not be erased.


Base information will be transferred via secure API into the GC Data Warehouse for business reporting.  In the event of a complaint or claim, this base level of information allows:

Data processed in the eMDT function is jointly controlled by GenesisCare and consultants and a legal arrangement is in place between the parties.  Data processed in the audit function is controlled by GenesisCare. Data processed in relation to patient outcomes is controlled jointly by the collaborating consultants.


In order to safeguard our staff, doctors, patients and visitors (including all their families), you will be required to complete a test for SARS-CoV-2, which will be on-going until all government shielding and social distancing measures due to SARS-CoV-2 have been lifted.

To protect your health and care needs we may share your confidential information including health and care records with clinical and non-clinical staff internally within GenesisCare and with other health and care providers and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by the NHS and other health and social care organisations to support the COVID-19 response can be found here.

Innova Lateral Flow Antigen Test (LFT)

An LFT is a rapid test for Covid-19 which can be self-administered to allow to faster results which will further mitigate the risk of transmission in our centres. All Consultants, visitors and contractors attending a GenesisCare Centre will be provided with a test kit on arriving at reception and will be required to evidence a negative result before being allowed further access to our Centres. All tests and results, irrespective of the outcome will be recorded by our reception team. Our lawful basis for processing your personal data is legitimate interest as the processing is necessary during the Covid-19 pandemic to control, and wherever possible, prevent the spread of infection. We may also be legally required to share personal data under the Notice issued by the Secretary of State under Regulation 3(4) of the Health Service Control of Patient Information Regulations issued on the 1st April 2020.  In relation to your special category data, the processing is necessary for the provision of health or social care or treatment or the management of health or social care systems and services.


Other purposes may also include;

Lawful Basis for Processing

Whenever we use your personal data, we will have a lawful bases for processing the data in accordance with data protection law. Our lawful basis for processing generally fall into the following categories:


Data type Lawful bias of processing Examples
Data type

Personal Data 

Lawful bias of processing

The processing is necessary for the purpose of legitimate interests

  • Marketing and engagement training
  • Training, monitoring and reporting
  • Administration, management of user accounts, communication and collaboration
  • Profile your GenesisCare related activity
Data type

Personal Data 

Lawful bias of processing

The processing is necessary for the performance of a contact

  • Determining whether you should be offered practising privileges
  • Payments
  • Annual reviews
Data type

Personal Data 

Lawful bias of processing

The processing is necessary to comply with the law

  • Response to court orders or regulatory bodies
  • Data subject rights requests
  • Checking your legal entitlements to work in the UK
Data type

Sensitive Data 

Lawful bias of processing

Processing is necessary for the purpose of carrying out the obligation and exercising specific rights of the controller or of the data subject in the file of employment and social security and social protection law

  • Carrying out criminal background checks to meet safeguarding requirements and protect people from harm
Data type


Lawful bias of processing

Processing is necessary for the purpose of the provision of health or social care or treatment or the management of health or social care systems and services

  • Ascertaining your fitness to work

Who will my information be shared with?

Where you hold practising privileges with GenesisCare, you will have access to certain information about you via Workday. This platform provides self-service functionalities so you can complete, correct or remove the personal data you have added to your personal file in Workday. Please note if you remove certain types of information this may have an effect on your relationship with us.

Relevant information will be shared internally within GenesisCare with individuals who directly support the Practising Privileges process e.g. our Chief Medical Officer, Quality Team and the relevant Centre Leader.

We use a third party service provider to support our business development and marketing activities.

Your personal data will be accessed by other relevant GenesisCare UK departments such as finance e.g. payroll, but only to the extent necessary to fulfil their respective tasks. GenesisCare Australia also has access to this personal data to provide functional support to GenesisCare UK.

We may share information about you with our regulators, including the Care Quality Commission and supervisory authorities during the course of enquiries or necessary reporting.

We participate in programmes run by the Private Healthcare Information Network (PHIN) which enabling patients to compare privately-funded healthcare (both hospitals and consultants).

Sometimes, we are required to disclose information about you because we are legally required to do so. This may be because of a court order or because a regulatory body has statutory powers to access Consultants’ records as part of their duties to investigate complaints, accidents or Consultants’ fitness to practice.

Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime.


On occasion, we may need to share information about you without obtaining your explicit consent. This will only occur if the processing is necessary:

International transfers of your personal information

GenesisCare UK is part of a global organisation and we (or third parties acting on our behalf) may store or process personal information within the GenesisCare group of companies for administrative and management purposes. The group companies are located in Spain and Australia and the United States. This processing is based on our own or a third party’s legitimate business interests.

As a global organisation we may engage global suppliers for the provision of services to the GenesisCare Group of companies and such suppliers may also be located outside the UK.

Where we transfer your personal data to a third country or international organisation, we will ensure adequate safeguards and measures are in place to protect your personal data from unlawful use and ensure your fundamental rights are capable of being upheld. We would normally achieve this by:

  • Only transferring personal data to countries deemed capable of providing an adequate level of protection; or
  • Implementing Standard Contractual Clauses; and
  • Adopting technical, organisational and contractual measures, where required, having undertaken a Data Transfer Impact Assessment to ensure that your rights in the country of transfer are essentially equivalent to your rights in the UK.

In certain situations, it may be possible to legitimise the transfer by relying on a derogation. For example, if:

  • You have explicitly consented to the proposed transfer; or
  • The transfer is necessary for the performance of a contract.

In all cases any transfer of your personal information will be compliant with applicable data protection law. If you would like further information regarding the steps we take to safeguard your personal information when making international transfers, please contact the DPO using the details at the foot of this Privacy Notice.


How we will secure your personal data

How long do we keep your personal data?

We retain your records for certain periods (depending on the particular type of record) in accordance with our Records Lifecycle and Retention Procedure.

Direct Marketing

You have the right to “opt out” of receiving direct marketing. If you ask us not to call or contact you again in relation to marketing activities, we will add you to our “opt-out” list, ensuring we do not accidentally send you further information.

Your rights and your data

If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data.

You are entitled to

Unless an exemption applies, you have the following rights with respect to your personal data:

Further Information

Independent advice about data protection is available from the UK Information Commissioner’s website at

You have the right to lodge a complaint with the Information Commissioners Office if you believe that we have not complied with the requirements of the data protection legislation.

You can contact the Information Commissioners Office on 0303 123 1113 or via email
or, at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.

Revised November 2021