Privacy Policy
Koval Clinic (“Koval Clinic”, “we”, “us”, “our”) is committed to protecting the privacy and confidentiality of your personal data.
Koval Clinic is operated by Koval Prestige Health Limited.
This Privacy Notice explains how we collect, use, store and protect your personal data when you:
- use our website
- book or attend an appointment at our clinic
- receive healthcare services from us
- contact us by phone, email, website form or social media
This notice also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Last updated: March 05, 2026
Important Information
Data Controller
The data controller responsible for your personal data is:
Koval Prestige Health Limited
Trading as Koval Clinic
1–5 Portpool Lane
London
EC1N 7UU
United Kingdom
Contact
If you have any questions about this Privacy Notice or how your data is handled, please contact:
hello@kovalclinic.co.uk
Complaints
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your personal data has been handled improperly.
Website: https://ico.org.uk
We would appreciate the opportunity to resolve your concerns first. Please contact us at:
hello@kovalclinic.co.uk
Children
Our services are generally intended for adults.
Where services are provided to individuals under 18, personal data will normally be provided by a parent or legal guardian.
Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy policies of those websites.
The Data We Collect About You
We may collect and process the following categories of personal data.
Identity and Contact Data
This may include:
- full name
- date of birth
- home address
- email address
- telephone number
Health Data (Special Category Data)
Where you receive healthcare services from us, we may process health data including:
- relevant medical history
- symptoms or clinical information
- blood test or diagnostic results
- ultrasound or imaging reports
- clinician notes
- treatment records
Health data is classified as special category data under UK GDPR and is processed only where necessary to provide healthcare services.
Transaction and Financial Data
We may process information relating to payments for services including:
- invoices and receipts
- payment amounts
- payment method information (processed via secure payment providers)
Technical Data
When you use our website we may collect:
- IP address
- browser type and version
- device information
- website usage data
This information helps us maintain website functionality and security.
Marketing and Communications Data
We may record:
- preferences for receiving marketing communications
- responses to newsletters or promotional messages
You may opt out of marketing communications at any time.
How We Collect Personal Data
We collect personal data through several methods.
Direct Interactions
You may provide information when you:
- book appointments
- complete website forms
- attend the clinic
- contact us by email, phone or social media
Clinician-Generated Data
Healthcare professionals may generate information during consultations including:
- clinical notes
- diagnostic reports
- treatment records
Third Parties
We may receive information from:
- your GP or referring clinician (with consent)
- laboratories processing diagnostic tests
- other healthcare professionals involved in your care
Automated Technologies
Our website uses cookies and similar technologies to collect technical data.
Further information is available in our Cookies Policy.
How We Use Your Personal Data
We process personal data only where permitted by law.
Providing Healthcare Services
This includes:
- consultations
- diagnostic testing
- medical procedures
- production of clinical reports
- delivery of results
Legal basis:
- provision of healthcare services
- explicit consent for processing health data
Appointment Administration
Including:
- booking and confirming appointments
- processing payments
- responding to enquiries
Regulatory Compliance
Healthcare providers must comply with regulatory obligations including those required by the Care Quality Commission (CQC).
Data may be used for:
- clinical governance
- quality monitoring
- regulatory reporting
Service Improvement
We may analyse anonymised or aggregated information for:
- quality improvement
- internal audit
- staff training
Marketing
We may send marketing communications where:
- you have previously used our services, or
- you have opted in to receive communications.
You may unsubscribe at any time.
Sharing Your Personal Data
We may share personal data where necessary with:
Healthcare professionals
Including doctors, nurses, sonographers or other clinicians involved in your care.
Accredited laboratories
Where samples require external analysis.
Service providers
Including providers of:
- booking systems
- clinical software
- payment processing
- website hosting
- IT infrastructure
Professional advisers
Including accountants, insurers and legal advisers.
Regulators
Where required by law we may share information with regulatory authorities including:
- Care Quality Commission
- HMRC
- law enforcement authorities
International Transfers
Where data is processed outside the UK (for example through cloud software providers), we ensure appropriate safeguards are implemented such as:
- adequacy decisions
- standard contractual clauses
Data Security
We implement organisational and technical safeguards including:
- restricted access to clinical systems
- encrypted storage
- staff confidentiality obligations
- secure record disposal procedures
Data Retention
Healthcare providers must retain medical records for minimum regulatory periods.
Typical retention periods include:
Healthcare records: minimum 6 years
Financial records: 6 years
Where appropriate, data may be anonymised for audit or statistical purposes.
Your Legal Rights
Under UK GDPR you have the right to:
- request access to your personal data
- request correction of inaccurate information
- request deletion where legally permitted
- restrict processing
- object to processing
- request transfer of your data
- withdraw consent
Proof of identity may be required before fulfilling requests.
Updates to This Privacy Notice
We may update this Privacy Notice periodically.
The latest version will always be available on our website.
.
Cookies Policy
Introduction
Our website uses cookies and similar technologies to distinguish you from other users.
Cookies help us to:
- provide core website functionality
- improve the user experience
- understand how visitors use the website
- maintain website security
This policy explains:
- what cookies are
- how we use them
- how you can control your preferences
This policy should be read alongside our Privacy Notice.
What Are Cookies
Cookies are small text files stored on your device when you visit a website.
Cookies may be:
First-party cookies
Set directly by our website.
Third-party cookies
Set by external services integrated into the website.
Cookies may also be:
Session cookies
Deleted when your browser closes.
Persistent cookies
Remain on your device for a defined period.
How We Use Cookies
Koval Clinic uses cookies to operate the website effectively.
Our website uses CookieYes, a cookie consent management platform.
CookieYes allows us to:
- provide transparency about cookies used
- allow visitors to accept or reject cookies
- record consent decisions
- maintain consent logs for regulatory compliance
Strictly Necessary Cookies
These cookies are essential for the operation of the website.
They enable:
- page navigation
- security features
- storage of cookie preferences
Example:
cookieyes-consent
Stores cookie consent preferences.
Functional Cookies
These cookies improve the functionality of the website.
Examples include cookies used for:
- embedded videos
- booking tools
- user interface improvements
Analytical / Performance Cookies
These cookies help us understand how visitors interact with the website.
They may collect information such as:
- number of visitors
- pages visited
- time spent on pages
- traffic sources
Examples include cookies used by:
- Google Analytics
- website analytics tools
Information collected is typically aggregated or pseudonymised.
Advertising / Targeting Cookies
Our website does not use cookies for direct advertising.
However certain third-party services may place cookies when embedded content loads.
Examples may include cookies from:
- YouTube
- Google services
- embedded third-party platforms
Cookies Used on the Website
A full list of cookies used on the website is automatically generated and maintained by the CookieYes consent platform.
Visitors can view this list by clicking Cookie Settings in the website footer.
Third-Party Cookies
Some cookies may be placed by third-party services integrated into the website including:
- CookieYes
- Google Analytics
- YouTube
- appointment booking systems
- payment providers
These providers operate under their own privacy and cookie policies.
Managing Cookie Preferences
You may choose to:
- accept all cookies
- reject non-essential cookies
- customise preferences by category
Cookie Banner
When you first visit the website you will see a cookie banner allowing you to manage your preferences.
You can update preferences at any time via Cookie Settings.
Browser Settings
Most browsers allow you to:
- block cookies
- delete cookies
- receive alerts when cookies are placed
Support pages for common browsers:
Chrome
https://support.google.com/accounts/answer/32050
Safari
https://support.apple.com/guide/safari
Firefox
https://support.mozilla.org
Edge
https://support.microsoft.com
Blocking cookies may affect website functionality.
Changes to This Policy
We may update this Cookies Policy periodically.
The effective date at the top of the document will be updated when changes occur.
Contact
If you have any questions about this Cookies Policy, please contact:
Koval Clinic
1–5 Portpool Lane
London
EC1N 7UU
Email: hello@kovalclinic.co.uk