Last Updated: 24.09.25

At Clearwave Clinic, we are committed to protecting your privacy and handling your personal information with the utmost care and transparency. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our ear micro-suction services.

As a healthcare provider, we understand the sensitive nature of the information we collect, and we are dedicated to complying with all relevant data protection laws in the UK, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner's Office (ICO).

Questions or Concerns? If you have any questions about this Privacy Policy or our data protection practices, please contact us at:

• Clearwave      Clinic
• 71-75, Shelton Street,      Covent Garden, London, WC2H 9JQ, UNITED KINGDOM
• Phone: 
• 07772393113
• Email: 
• clearwaveclinic@outlook.vom

We collect personal information that you provide to us directly when you interact with Clearwave Clinic. This includes:

a) Personal Identifiable Information (PII):

• Contact      Details: Your full name, date of birth, postal address,      email address, and phone number.
• Identification      Information: For identity verification purposes as      required for clinical safety and legal obligations.

b) Special Category Data (Health Information): As a healthcare provider, a significant portion of the information we collect is classified as 'special category data' due to its sensitive nature. This includes:

• Medical      History: Relevant past and present medical conditions,      allergies, medications, and family medical history pertinent to your ear      health.
• Aural      Health History: Details of past ear infections, surgeries,      hearing issues, tinnitus, and any symptoms you are experiencing related to      your ears.
• Consultation      & Examination Details: Records of your assessment,      clinical findings from otoscopic examinations, and details of any      procedures performed (or not performed, and why).
• Treatment      & Aftercare: Information about the micro-suction      procedure, any advice given, and follow-up plans.
• Consent      to Treatment: Records of your informed consent for      treatment.

c) Financial Information:

• Details related to payments      for services (e.g., invoice details, payment status). We do not store your      full payment card details.

We use your personal information primarily to:

• Provide      Safe and Effective Clinical Care: To assess your      suitability for micro suction, perform the procedure, and ensure your      safety and well-being.
• Manage      Your Healthcare: To maintain accurate and comprehensive      patient records, track your progress, and provide appropriate aftercare      advice.
• Communicate      with You: To send appointment confirmations, reminders,      aftercare instructions, and respond to your enquiries.
• Clinical      Audit & Quality Improvement: To review our services,      ensure high standards of care, and identify areas for improvement. This      may involve reviewing anonymised or pseudonymised data where possible.
• Comply      with Legal and Regulatory Obligations: To meet our      responsibilities to regulatory bodies such as the Care Quality Commission      (CQC) and the Nursing and Midwifery Council (NMC), and to comply with UK      data protection laws, tax laws, and other legal requirements.
• For      Billing and Payments: To process payments for our services      and manage our clinic's finances.

Under UK GDPR, we must have a valid legal basis for processing your personal information. For the sensitive health data we collect, we rely on specific conditions.

a) For General Personal Data (Article 6 UK GDPR):

• Performance      of a Contract: To fulfil our contractual obligations to      you by providing the ear micro-suction service.
• Legal      Obligation: Where processing is necessary to comply with a      legal obligation (e.g., submitting tax returns, responding to lawful      requests from regulatory bodies).
• Vital      Interests: In rare circumstances, where necessary to      protect your vital interests or those of another person (e.g., in a      medical emergency).

b) For Special Category Data (Health Information - Article 9 UK GDPR):

• Provision      of Health or Social Care: Our primary legal basis for      processing your sensitive health data is that the processing is necessary "for      the purposes of preventative or occupational medicine, for the assessment      of the working capacity of the employee, medical diagnosis, the provision      of health or social care or treatment or the management of health or      social care systems and services" (Article 9(2)(h) UK      GDPR). This ensures we can provide you with the healthcare you need.

We treat your personal and sensitive health information with the utmost confidentiality. We will only share your information in the following situations:

• With      Your Consent: We will share your health information (e.g.,      consultation notes, recommendations for further assessment) with other      healthcare professionals involved in your care (such as your GP, an ENT      specialist, or an audiologist) only with your explicit consent.      This is typically done via a referral letter.
• With      Third-Party Service Providers: We may use trusted      third-party service providers (e.g., our secure Electronic Patient Record      (EPR) system provider, payment processors) to help us operate our clinic.      These providers are strictly bound by confidentiality agreements and      robust data processing agreements to ensure they also comply with UK GDPR.      They will only process your data on our instructions.
• Legal      & Regulatory Obligations: In rare circumstances, we      may be legally required to disclose your information to law enforcement      bodies, regulatory agencies (like the CQC or ICO), or courts if there is a      legal duty to do so (e.g., court order, safeguarding concerns, public      health requirements).
• Business      Transfers: In the event of a merger, acquisition, or sale      of assets, your information may be transferred to the new entity, ensuring      it continues to be protected under a similar privacy policy.

We do not share your personal information with any third parties for marketing or promotional purposes.

We retain your personal information, especially your health records, for as long as necessary to fulfil the purposes outlined in this Privacy Policy, and to comply with our legal and professional obligations.

• Adult      Patient Records: We typically retain adult patient records      for a minimum of 8 years after your last      contact with Clearwave Clinic or after your death. This is in line with      the NHS Records Management Code of Practice 2021 (for      all non-specified secondary care records) and general guidance from the Nursing      and Midwifery Council (NMC) regarding professional      record-keeping.
• Children's      Records: Records for patients seen as children (under 18)      are retained until their 25th birthday, or 8 years      after their last contact if seen after the age of 17,      whichever is longer. This is also in line with the NHS      Records Management Code of Practice 2021.
• Financial      Records: Financial records are retained for a minimum of 6 years      plus the current tax year to comply with HM      Revenue & Customs (HMRC) requirements for businesses.

When your information is no longer required, we will securely delete or anonymise it.

We are committed to protecting your personal information through a combination of appropriate technical and organisational security measures. These include:

• Secure      Electronic Patient Record (EPR) System: All digital      patient records are stored on a dedicated, cloud-based EPR system that      uses industry-standard encryption for data both in transit and at rest.      This system is designed to be UK GDPR compliant.
• Access      Control: Access to patient information is strictly limited      to authorised personnel (our Registered Nurses) who require it for their      roles. Access is password-protected and monitored.
• Data      Encryption: All data transferred between your devices and      our EPR system is encrypted.
• Physical      Security: Any limited paper records (e.g., signed consent      forms) are stored in a secure, locked environment within the clinic      premises.
• Staff      Training: All staff are regularly trained on data      protection, confidentiality, and information governance best practices.
• Regular      Audits: We conduct regular internal audits of our data      handling practices and security measures.

While we implement robust security safeguards, no electronic transmission over the Internet or data storage system can be guaranteed to be 100% secure. However, we strive to protect your personal information to the best of our ability.

Under UK GDPR, you have specific rights regarding your personal information. These include:

• The      Right to Be Informed: To be informed about how your      personal information is collected and used (which is the purpose of this      Privacy Policy).
• The      Right of Access: To request access to the personal      information we hold about you.
• The      Right to Rectification: To request that inaccurate      personal information about you is corrected.
• The      Right to Erasure (the "Right to Be Forgotten"):     To request the deletion of your personal information. Please note that      this right is not absolute, especially for health records where retention      is legally required for ongoing care and regulatory compliance.
• The      Right to Restriction of Processing: To request that we      limit the way we use your personal information in certain circumstances.
• The      Right to Data Portability: To receive your personal information      in a structured, commonly used, and machine-readable format.
• The      Right to Object: To object to the processing of your      personal information in certain situations.

To exercise any of these rights, please contact us using the contact details provided at the beginning of this policy. We will respond to your request in accordance with applicable data protection laws.

If you have concerns about how we are handling your personal information, we encourage you to contact Clearwave Clinic first to allow us to address the issue directly. We are committed to resolving any complaints or concerns fairly and promptly.

If you believe we are unlawfully processing your personal information or have concerns that we cannot resolve, you have the right to complain to the UK's data protection supervisory authority:

The Information Commissioner's Office (ICO)

• Website: www.ico.org.uk
• Helpline:     0303 123 1113

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated version will be indicated by an updated 'Last Updated' date at the top of this policy and will be effective as soon as it is accessible. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.