GDPR & Privacy Statement

At CL Medical, we are committed to protecting the privacy and security of the personal and clinical data we process. As a provider of event medical services and ambulance transport, we handle sensitive health information with the highest level of confidentiality and in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

1. Data Controller

CL Medical Ltd is the Data Controller for the information we collect from event organisers, patients, and staff.

Contact: gdpr@cl-medical.co.uk

 

2. Information We Collect

To provide safe and effective medical care, we collect:

  • Personal Identifiers: Name, date of birth, address, and contact details.
  • Special Category Data: Clinical observations, medical history, medications, injury details, and treatment provided (Patient Clinical Records).
  • Operational Data: GPS location of our vehicles, mobile phone and radio communication logs for incident management.
  • Organiser Data: Contact and billing information for our clients and partners.

 

3. Lawful Basis for Processing

We process data under the following legal frameworks:

  • Vital Interests (Article 6(1)(d)): To protect the life of an individual in an emergency.
  • Direct Care & Healthcare (Article 9(2)(h)): For the provision of health or social care treatment.
  • Contractual Obligation: To fulfil our service agreement with event organisers.
  • Legal Obligation: To comply with clinical record-keeping standards and reporting requirements (e.g., RIDDOR).

 

4. How We Use Your Data

  • To provide immediate medical assessment and treatment at events.
  • To ensure a safe handover of care to NHS Ambulance Trusts, care facilities or Hospitals.
  • To maintain accurate clinical records for legal and audit purposes.
  • To improve our service through internal quality reviews.

 

5. Data Sharing

We only share information when necessary for patient care or legal requirements. This may include:

  • NHS Professionals: Handing over clinical notes to paramedics or A&E staff.
  • Regulatory Bodies: Providing data to the Care Quality Commission (CQC) or HSE if required.
  • Emergency Services: Coordinating with Police or Fire services during major incidents. 

We never sell or release your personal data to third parties for marketing.

 

6. Data Retention

Clinical records are stored securely and retained in accordance with the NHS Records Management Code of Practice:

  • For most adult patients, records are retained for 8 years following the last treatment.
  • For children, records are kept until their 25th birthday.

 

7. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your medical records (Subject Access Request).
  • Rectification: Ask us to correct inaccurate information.
  • Erasure: Request deletion of data (subject to legal retention requirements for medical records).
  • Object/Restrict: Challenge how we process your data.

Please email gdpr@cl_medical.co.uk with any such requests. We will respond to any rights request as quickly as possible, and certainly within one calendar month of receiving your request.

 

8. Security Measures

We use industry-standard encryption for electronic records and robust physical security for paper-based Patient Clinical Records (PCRs). 

All CL Medical staff undergo mandatory Information Governance training and are bound by professional codes of confidentiality. 

 

 

© 2025-2026 CL Medical Ltd. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.