Privacy Notice

Cliniscape Ltd — how we collect, use and protect your personal data

Document Version1.0
Effective Date03/02/2026
Last Reviewed04/02/2026
Next Review Due04/02/2027

1. Who We Are

Cliniscape Ltd is an independent medicolegal expert witness service providing medical expert reports, assessments, and court testimony to instructing solicitors and, where appropriate, directly to claimants or defendants.

Company NameCliniscape Ltd
Company Registration Number13648703
ICO Registration ReferenceZB768536
Registered OfficeCliniscape, Atrium, York Eco Business Centre, Amy Johnson Way, York, YO30 4AG
Trading Address10 Harley Street, London, W1G 9PF
Data Protection Contact[email protected]

Cliniscape Ltd is the data controller for the personal data described in this notice, meaning we determine the purposes and means of processing your personal data.

2. What This Notice Covers

This privacy notice explains how Cliniscape Ltd collects, uses, stores, and shares your personal data when:

  • you visit our website at www.cliniscape.co.uk;
  • you submit an enquiry through our website contact form;
  • you instruct us to provide medicolegal expert witness services;
  • you are a claimant, defendant, or other individual whose personal data we receive in connection with medicolegal instructions; or
  • you otherwise communicate with us.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

3. Personal Data We Collect

3.1 Website Enquiries

When you submit an enquiry through our website, we collect:

  • your name;
  • your email address;
  • any additional details you choose to provide in your enquiry.

3.2 Medicolegal Instructions

In the course of our medicolegal expert witness work, we may receive and process the following categories of personal data, typically provided by instructing solicitors or, where appropriate, directly by claimants or defendants:

  • full name, date of birth, address, and contact details;
  • medical records, clinical notes, hospital records, GP records, and allied health records;
  • imaging and diagnostic results;
  • details of the claim or legal proceedings, including accident or incident reports;
  • employment and occupational history where relevant to the instruction;
  • witness statements and other legal documents; and
  • any other personal or sensitive information provided in connection with the instruction.

3.3 Special Category Data

Much of the data we process in the context of medicolegal work constitutes special category data within the meaning of Article 9 of the UK GDPR, in particular data concerning health. We process this data on the lawful bases set out in Section 4 below.

4. Lawful Bases for Processing

We rely on the following lawful bases under Article 6 of the UK GDPR for processing personal data:

PurposeLawful Basis (Article 6)Special Category Condition (Article 9)
Responding to website enquiriesLegitimate interests (Art. 6(1)(f)) — to respond to prospective client communicationsN/A
Providing medicolegal expert witness services under instructionPerformance of a contract (Art. 6(1)(b)) with the instructing party; Legitimate interests (Art. 6(1)(f)) in relation to subjects of reportsSubstantial public interest — administration of justice (Schedule 1, Part 2, DPA 2018, Paragraph 6(2)(a)); or explicit consent where obtained
Preparing expert reports, addenda, and supplementary opinionsLegitimate interests (Art. 6(1)(f)) — fulfilling our professional obligations as an expert witnessSubstantial public interest — administration of justice (Schedule 1, Part 2, DPA 2018, Paragraph 6(2)(a))
Compliance with court orders and directionsLegal obligation (Art. 6(1)(c))Substantial public interest — administration of justice
Invoicing and financial administrationPerformance of a contract (Art. 6(1)(b)); Legal obligation (Art. 6(1)(c)) for tax and accounting purposesN/A

5. How We Use Your Personal Data

We use personal data for the following purposes:

  • to respond to enquiries submitted via our website;
  • to accept and process medicolegal instructions from solicitors;
  • to review medical records and other documentation provided in connection with instructions;
  • to conduct clinical assessments and examinations where required;
  • to prepare expert witness reports, supplementary reports, and joint statements;
  • to attend court and give oral evidence as required;
  • to communicate with instructing solicitors, other parties' representatives, and the court;
  • to comply with our legal, regulatory, and professional obligations; and
  • to administer our business, including invoicing and record-keeping.

6. Who We Share Your Data With

We may share personal data with the following categories of recipients, only to the extent necessary for the purposes described in this notice:

  • instructing solicitors and their clients;
  • other expert witnesses involved in the same proceedings (for example, when preparing joint statements);
  • courts and tribunals, as required by law or court direction;
  • opposing parties' legal representatives, where disclosure is required by rules of procedure or court order;
  • our professional indemnity insurers, in the event of a claim or potential claim;
  • our accountant and/or auditor, for financial and tax compliance purposes;
  • regulatory bodies (including the General Medical Council), if required; and
  • any other person or body where we are required to do so by law or court order.

We do not sell, rent, or trade your personal data to any third party. We do not use your personal data for marketing purposes.

7. Third-Party Data Processors

We use the following third-party service providers who may process personal data on our behalf:

  • Microsoft OneDrive (Microsoft Corporation) — for secure cloud storage of documents and case files, utilising enterprise-grade encryption and security;
  • Google Workspace / Google Drive (Google LLC) — for document storage and collaboration.

These processors are contractually bound to process data only on our instructions and in compliance with the UK GDPR. We have satisfied ourselves that each processor provides appropriate technical and organisational measures to protect your data.

8. International Data Transfers

We primarily store and process data within the United Kingdom and the European Economic Area. However, some of our third-party processors (in particular, Google LLC) may transfer data to servers located outside the UK.

Where international transfers occur, they are protected by one or more of the following safeguards:

  • an adequacy decision by the UK Secretary of State under Section 17A of the Data Protection Act 2018;
  • Standard Contractual Clauses (International Data Transfer Agreement or UK Addendum) approved by the Information Commissioner; or
  • other appropriate safeguards as permitted under Chapter V of the UK GDPR.

9. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • encryption of data in transit and at rest;
  • use of enterprise-grade cloud storage with multi-factor authentication;
  • restricted access to personal data on a need-to-know basis;
  • secure disposal of physical documents and records;
  • regular review of our security practices and procedures; and
  • staff awareness of data protection obligations.

10. Retention of Personal Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law or professional obligation. Our general retention periods are as follows:

Type of DataRetention Period
Website enquiries12 months from the date of enquiry, unless instructions are accepted
Medicolegal case files (including reports and correspondence)7 years from the date of the final report or conclusion of proceedings, whichever is later
Financial records (invoices, payment records)6 years from the end of the relevant financial year, in accordance with HMRC requirements
Data subject access requests and complaints3 years from the date of resolution

At the end of the applicable retention period, personal data will be securely deleted or anonymised.

11. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — you have the right to request a copy of the personal data we hold about you;
  • Right to rectification — you have the right to request that we correct any inaccurate or incomplete personal data;
  • Right to erasure — in certain circumstances, you have the right to request that we delete your personal data;
  • Right to restriction of processing — in certain circumstances, you have the right to request that we restrict the processing of your personal data;
  • Right to data portability — in certain circumstances, you have the right to receive your personal data in a structured, commonly used, and machine-readable format;
  • Right to object — you have the right to object to processing based on legitimate interests; and
  • Rights in relation to automated decision-making — you have the right not to be subject to decisions made solely by automated means that have a significant effect on you.

Please note that some of these rights are subject to limitations and may not apply in all circumstances, particularly where we are processing data for the purposes of legal proceedings or in compliance with a legal obligation.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one calendar month.

12. Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: www.ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We would, however, appreciate the opportunity to address your concerns before you approach the ICO, and we encourage you to contact us in the first instance.

13. Changes to This Notice

We may update this privacy notice from time to time to reflect changes in our practices or legal requirements. We will publish the updated notice on our website and update the "Last Reviewed" date accordingly. We encourage you to review this notice periodically.

14. Contact Us

If you have any questions about this privacy notice or our data protection practices, please contact us:

  • Email: [email protected]
  • Post: Cliniscape Ltd, Atrium, York Eco Business Centre, Amy Johnson Way, York, YO30 4AG
Cliniscape

Independent medicolegal psychiatric assessment and expert reporting for legal proceedings in England and Wales.

GMC No. 7565623

Getting Help in a Crisis

Cliniscape does not offer emergency or crisis mental health services. If you or someone else is at immediate risk, call 999. For urgent mental health support, contact NHS 111 (mental health option).

Scope of Practice

  • Independent medicolegal psychiatric assessment and expert reporting
  • Private outpatient services subject to CQC registration

Dr Flavian Naclad
Consultant Psychiatrist
GMC Specialist Register — General Adult Psychiatry
Endorsement: Rehabilitation Psychiatry

© 2026 Cliniscape Ltd. Company Registration No. 13648703. Registered in England and Wales.

ICO Registration: ZB768536

This site uses only strictly necessary cookies required for it to function. Privacy Policy