top of page

Privacy Policy

Introduction

This Privacy Policy explains how Stanilov Medical Ltd trading as SML Surgical Care ("we", "us", "our") collects, uses, stores and protects your personal data when you visit our website, contact us, submit an enquiry, request an appointment, or otherwise interact with us.

We are committed to protecting your privacy and handling your personal data in accordance with UK data protection law.

For the purposes of data protection law, we are the data controller of the personal data described in this Privacy Policy.

1. The personal data we collect

We may collect and process the following categories of personal data:

1.1 Information you provide directly to us

This may include:

  • your name

  • email address

  • telephone number

  • postal address

  • date of birth

  • preferred appointment details

  • the contents of messages, contact forms or appointment requests

  • information you provide when corresponding with us by email, telephone or online form 

1.2 Health and medical information

Where you choose to provide it, or where it is reasonably necessary for us to respond to an enquiry, triage a request, arrange an appointment or provide healthcare services, we may collect limited information relating to your health, symptoms, medical history, medications, allergies, investigations or treatment needs.

Information about health is treated as a special category of personal data under UK data protection law and receives additional protection. and website usage information
When you use our website, we may automatically collect certain technical information, such as:

  • IP address

  • browser type and version

  • device type

  • operating system

  • pages viewed

  • dates and times of visits

  • referring website addresses

  • website usage patterns

1.3 Marketing and communications information

This may include:

  • your communication preferences

  • records of whether you have consented to receive marketing

  • records of whether you have withdrawn consent

  • whether you opened or clicked on emails we sent, where such tracking is lawfully used

2. How we collect your personal data

We may collect personal data:

  • directly from you when you complete forms on our website

  • when you contact us by email, phone or other means

  • when you request an appointment, callback or further information

  • from cookies and similar technologies used on our website

  • from third-party service providers who support our website, booking systems, analytics or communications, where lawful

3. How we use your personal data

We may use your personal data for the following purposes:

  • to respond to enquiries

  • to contact you about your request

  • to arrange, confirm or manage appointments

  • to assess whether a service may be suitable or to direct your enquiry appropriately

  • to provide healthcare-related administrative support

  • to operate, maintain and improve our website

  • to analyse website traffic and user behaviour

  • to send service-related communications

  • to send marketing communications where permitted by law

  • to establish, exercise or defend legal claims

  • to comply with legal and regulatory obligations

4. Lawful bases for processing

Under the UK GDPR, we must have a lawful basis for processing your personal data.

Depending on the circumstances, we may rely on one or more of the following:

  • consent

  • performance of a contract or taking steps at your request before entering into a contract

  • legal obligation

  • legitimate interests

  • vital interests, where relevant

Where we process health information, we also identify an additional condition for processing special category data under Article 9 UK GDPR, as health data cannot be processed lawfully on an Article 6 basis alone. ircumstances, this may include:

  • processing necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems and services

  • your explicit consent

  • the establishment, exercise or defence of legal claims, where relevant

5. Special category health data

Where you provide medical or health-related information through our website, by email, by telephone, or in connection with an enquiry or appointment, we will process that information only where we have a lawful basis and an appropriate condition under UK data protection law.

We will collect only the information that is reasonably necessary for the relevant purpose and will handle it with appropriate confidentiality and safeguards.

You should avoid sending detailed or urgent medical information through general website contact forms unless we have expressly indicated that this is appropriate and secure.

6. Cookies and similar technologies

Our website may use cookies and similar technologies, including analytics tools, tracking pixels, scripts, tags or comparable technologies.

Some cookies are strictly necessary for the website to function. Others, such as analytics, advertising or personalisation cookies, are optional and will be used only where lawful and, where required, with your consent.

The UK rules on cookies and similar technologies sit under PECR alongside UK GDPR requirements, and consent for non-essential cookies must be handled separately from the general terms of website use. Please see our Cookie Policy.

7. Marketing communications

We may send you marketing communications only where permitted by law.

Where consent is required for electronic marketing, we will ask for it separately. Where you have consented, you may withdraw that consent at any time by using the unsubscribe option in the communication or by contacting us directly.

Withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal.

8. Who we may share your data with

We may share your personal data where necessary with:

  • website hosting providers

  • IT and website support providers

  • analytics and cookie management providers

  • online booking or enquiry management providers

  • secure email or communications providers

  • payment processors, where relevant

  • insurers, legal advisers, professional advisers or regulators, where necessary

  • healthcare professionals or organisations where this is necessary for your care and lawful to do so

We require service providers acting on our behalf to process personal data only in accordance with our instructions and with appropriate security measures.

We do not sell your personal data.

11. International transfers

We aim to store and process personal data within the UK or countries recognised as providing an adequate level of protection.

If any personal data is transferred outside the UK, we will take steps to ensure that appropriate safeguards are in place in accordance with data protection law.

12. How long we keep your personal data

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, regulatory, clinical, accounting or reporting requirements.

Retention periods may vary depending on the type of information and the reason it was collected.

For example:

  • general website enquiry records may be kept for a limited administrative period

  • patient records, where a patient relationship is established, may be retained for longer in accordance with applicable legal, regulatory and professional requirements

You can request more information about our retention practices by contacting us.

13. Your rights

Subject to the requirements and limitations of data protection law, you may have the right to:

  • request access to your personal data

  • request correction of inaccurate personal data

  • request erasure of your personal data

  • request restriction of processing

  • object to processing based on legitimate interests

  • request transfer of certain personal data to you or another provider

  • withdraw consent where we rely on consent

These rights are not absolute and may not apply in every case.

14. Complaints

If you have concerns about how we use your personal data, we would appreciate the opportunity to address them first.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection matters. ICO privacy guidance expects privacy information to explain people’s rights and how to complain. e take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

However, no method of transmission over the internet is completely secure, and we cannot guarantee the absolute security of information transmitted online.

16. Third-party websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites, and we recommend that you read their privacy notices separately.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date.

CONTACT US

01920 455522

info@sml.surgery

6-7 East Street,

Ware, SG12 9HJ

  • Facebook
  • Google Business Profile
  • Instagram

BUSINESS HOURS

Monday – Friday: 09:00 - 19:00

Saturday: 09:00 - 17:00

Sunday: Closed​

Terms of Use | Privacy Policy

Booking & Cancellation Policy

Medical Disclaimer | Cookies Policy​​

CQC-logo

Registered and 

 

 

 

 

Registration number :

CRT1-23311915608​

SML Surgical Care is the trading name for Stanilov Medical Ltd,

registered as a limited company in England and Wales under company number: 12440298.
Registered Company Address: Unit 4 Stirling Court Yard, Stirling Way, Borehamwood, Herts, United Kingdom, WD6 2FX.​

© 2026. The content on this website is owned by us. Do not copy any content (including images) without our consent.

© 2026 all rights reserved SML SURGICAL CARE

bottom of page