1 - We never store and process patient data for marketing. Only to assist with clinical service delivery.

2 - Patients have the right to withdraw or withhold consent at any given time without affecting their access to services.

3 - As part of gaining patient consent, we gain agreement with whom information and reports are shared with before any treatment is progressed.

4 - We have removed all unnecessary patient data from our invoicing and management information reports.

5 - Any data sharing we do undertake is kept to an absolute minimum, through anonymisation and pseudonymisation.

6 - We have a secure Client Relations Portal, which can only be accessed by authorized personnel using their unique username and password to download commercial proposals and management information.

7 - Well established information security principles in place, in accordance with our ISO27001 Accredited status .

8 - We have a Data Protection Officer in place who is responsible for the management of a robust audit process,.

9 - All IPRS Health staff have been trained in privacy, confidentiality, consent and have received updated training on GDPR.

10 - Anyone has the right to access their data at any time they wish with a simple request.

11 - We have updated our IT Framework privacy policies, website security and password policies.

12 - Everyone will have to opt-in to receive marketing. The option is there to opt-out anytime thereafter.