Privacy Policy

Last Updated: 08 March 2026

Dr. Apostolos Koffas ("we", "our", or "us") is committed to protecting and respecting your privacy. As a healthcare provider, we handle a wide range of information about you in order to support you and your medical needs.

This policy explains how we collect, use, and protect your personal information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Data (Use and Access) Act, and the guidelines set by the General Medical Council (GMC).

1. Who We Are

For the purposes of data protection legislation and the use of this website, the Data Controller is Dr. Apostolos Koffas, Consultant Hepatologist. We are responsible for deciding how we hold and use your data, and ensuring that anyone we work with who might need to access your data also takes care of it.

Contact Email: info@livercarelondon.co.uk

What we do and don't do with your data

  • Do we have your personal data? Yes, if you are a current, previous, or referred patient.
  • Do we process special category data? Yes. Because we provide healthcare, we process sensitive medical and health data to provide your care and meet our legal obligations.
  • Do we share your personal data? We may share your data with other medical professionals, hospitals, and secure service providers where it is necessary for the delivery of your care or compliance with a legal obligation.
  • Do we sell your personal data? No, never.
  • Do we keep your data secure? Yes, we pride ourselves on following industry best practices and utilizing secure, encrypted systems.

2. How We Use Your Data

We use your data in specific scenarios, primarily to:

  • Operate this website: Ensuring the website is secure, functions properly, and protects against spam.
  • Support your care: Whether you are a direct patient or referred to us through another medical professional or insurance company, we use your data to assess, diagnose, and treat your medical condition.
  • Manage administrative processes: Such as booking appointments, responding to enquiries, and processing billing or insurance claims.

3. What Data We Collect From You

We keep the data we need to a minimum. The sorts of data we collect include:

  • Contact and Demographic Data: Name, date of birth, home address, email address, and telephone number. Why? To identify you and communicate with you.
  • Health Data (Special Category Data): Medical history, symptoms, test results, referral letters, and current treatments. Why? To provide your care. Your medical practitioner needs all relevant details to ensure safe and effective examination and treatment.
  • Race, Ethnic Origin & Religious Data: Why? Where medically relevant (e.g., conditions more prevalent in certain demographics, or religious beliefs that impact treatments such as blood transfusions), we may record this to ensure we meet your specific clinical needs.
  • Technical Data: IP address, browser type, and operating system. Why? Collected momentarily by our website's security firewall strictly to protect against cyber attacks and ensure website functionality. We do not store or use your IP address for analytics or tracking purposes.
  • Other People's Data: Details of your next of kin or family medical history. Why? For emergency contact purposes or to identify hereditary medical conditions relevant to your care.

4. Our Cookie & Tracking Policy

We are committed to a "privacy-first" approach. We do not use any tracking, advertising, or marketing cookies. This is why you did not see a cookie consent banner when you visited our site.

We only use "Strictly Necessary" technologies provided by our website security and hosting partners to keep the website safe and functioning:

  • cf_clearance: Used by our Web Application Firewall (WAF) to distinguish between human visitors and malicious bots, preventing cyber attacks. It does not track your identity.
  • CF_AppSession: Used exclusively for security purposes if an authorized administrator logs into a restricted area of the website.

5. How We Lawfully Process Your Data

We generally process your personal data under the following legal bases:

  • Provision of Health Care (Article 9 UK GDPR): Necessary for the purposes of preventive or occupational medicine, medical diagnosis, or the provision of health or social care.
  • Legitimate Interest: To respond to your initial enquiries, manage appointment bookings, and manage our business operations safely and effectively.
  • Legal Obligation: To meet specific legal and regulatory obligations placed on us as a healthcare provider.
  • Consent: In limited circumstances, where no other legal grounds apply, we may ask for your explicit consent (e.g., ticking a consent box on our contact forms). You have the right to withdraw this consent at any time.

6. Where We Get Your Data From

We mostly collect your personal data directly from you when you contact us or attend a consultation. However, we may also receive data about you from other organisations, such as:

  • Your General Practitioner (GP) or other referring medical Consultants.
  • Private hospitals or diagnostic clinics where you have had tests or scans.
  • Your private medical insurance company or embassy.

7. Who We Share Your Data With

Where possible, we avoid sharing your data outside of our practice. However, there are times we need to share information to ensure you receive the best care:

  • Medical Professionals & Facilities: Other doctors, nursing staff, NHS trusts, or private hospitals involved in your treatment and diagnostic testing.
  • Administrative & IT Partners: We use secure third-party processors to facilitate our services. This includes our global cloud infrastructure and security providers for hosting, web application firewall (WAF), and spam protection, as well as secure form processing services that route messages directly to our email system.
  • Website Analytics: We use a privacy-first analytics service that does not use cookies and does not collect personally identifiable information (PII).

8. International Transfers

Some of our external third-party service providers (such as our secure email or hosting providers) may be based or operate servers outside the UK or the European Economic Area (EEA).

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

9. How Long We Keep Your Data

We only keep your data as long as it is required by English Law, health regulatory best practice, or our own legitimate business needs.

  • Enquiries: If you contact us but do not become a patient, your data will be deleted from our systems after 6 months.
  • Patient Records: If you become a patient, your medical records will be retained in accordance with the Records Management Code of Practice for Health and Social Care (usually 20 years, or 8 years after death).

10. How We Protect Your Data

We are committed to ensuring a high level of protection for your data. Measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way include:

  • Access Control: Only Dr. Koffas and strictly authorized administrative staff have access to patient data on a need-to-know basis.
  • Device Security: All devices accessing email and patient records are strictly password-protected and mandate Two-Factor Authentication (2FA).
  • Encryption: Our website uses HTTPS/SSL encryption to protect data in transit.
  • Physical & Organisational Controls: Adherence to strict physical security protocols at clinical locations and regular reviews of data handling standards.

11. What Your Rights Are

Under the UK GDPR, depending on our legal basis for processing, you have rights including:

  • Right to Access: You can ask for copies of your personal data and medical records.
  • Right to Rectification: You can ask us to correct or update inaccurate medical or personal information.
  • Right to Erasure: You can ask us to delete your data in certain circumstances (note that this right may be restricted for medical records due to legal retention obligations).
  • Right to Object or Restrict Processing: You can object to or ask us to restrict the processing of your data under specific conditions.

To exercise any of these rights, please contact us at info@livercarelondon.co.uk.

12. Changes to This Policy

We keep our privacy policy under regular review to ensure it accurately reflects our practices and regulatory obligations. This version was last updated on 08 March 2026.