Legal

Privacy policy

How Clinical Data Intelligence handles your data — and your clinic's data. Written in plain English.

Legal & GDPR documentation

Download our full compliance pack — Data Processing Agreement (DPA), International Data Transfer Agreement (IDTA), and Data Security & Infrastructure Statement.

View on Google Drive

Who we are

Clinical Data Intelligence (CDI) is a clinical data consultancy providing data cleaning, structuring, and revenue recovery services to UK private clinics. We are based across India and the United Kingdom.

You can reach us at: contact@clinicaldataintelligence.uk

What data we process

We process only anonymised clinical data exports. We explicitly never request or handle:

  • Patient names
  • Email addresses or phone numbers
  • NHS numbers or national identifiers
  • Dates of birth
  • Medical diagnoses or clinical notes
  • Any special category health data

We work with anonymised fields only — typically patient ID, treatment type, last visit date, and appointment or billing codes. Because we never receive personal data as defined by UK GDPR, the files we process do not constitute personal data under the legislation.

How we keep your data secure

Zero local storage

We operate a strict zero-local-storage policy. Data is never downloaded to laptops, hard drives, or physical devices. All processing occurs exclusively within secure, browser-based cloud environments.

Encryption in transit and at rest

All data transfers use HTTPS/TLS encryption in transit. Data is encrypted at rest using AES-256 within Google's enterprise infrastructure.

Automatic deletion

All client data files are permanently deleted from our systems within 30 days of completing the service. We confirm deletion in writing on request.

International data transfers

CDI processes data across India and the United Kingdom. Where data is transferred internationally, we operate under an International Data Transfer Agreement (IDTA) issued by the UK Information Commissioner's Office (ICO). A copy is available in our GDPR documentation above.

Because we work exclusively with anonymised data, the UK GDPR transfer restrictions do not apply to the data itself — however we maintain these safeguards as a matter of best practice and transparency.

Website visitors

When you visit this website, standard web analytics (Google Analytics) may collect anonymised data about your visit — such as browser type, pages viewed, and approximate location. This data is never linked to any personally identifiable information.

If you submit our contact form, we collect your name, clinic name, email address, and message. This is used only to respond to your enquiry. We will never add you to a mailing list without your explicit consent.

Your rights

Under UK GDPR, you have the right to access, correct, delete, or restrict the processing of any personal data we hold about you. To exercise any of these rights, email us at contact@clinicaldataintelligence.uk. We will respond within 30 days as required by law, at no charge.

You also have the right to raise a concern with the UK Information Commissioner's Office (ICO) at ico.org.uk — though we'd always appreciate the chance to resolve any concern directly with you first.

Contact us

Clinical Data Intelligence
United Kingdom & India
Email: contact@clinicaldataintelligence.uk