Effective Date: November 5th 2025
Data Controller: Castle Craig Hospital Ltd, Blyth Bridge, West Linton, Peeblesshire EH46 7DH, Scotland
ICO Registration No.: Z497039X
Contact Email: info@castlehealth.eu
Castle Craig Hospital Ltd (“Castle Craig”, “we”, “us”, “our”) is committed to protecting your privacy and personal information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This Privacy Policy explains what personal data we collect, how and why we use it, the rights you have, and how to contact us or the Information Commissioner’s Office (ICO).
It applies to all website visitors, patients, referrers, and anyone communicating with Dr Peter McCann.
Castle Craig Hospital Ltd is the Data Controller for all personal data collected through our website (https://www.drpetermccann.com/), clinical enquiries and referral forms, and treatment or administrative interactions.
We may collect and process the following categories of personal data:
| Category | Examples |
| Identity & Contact Data | Name, date of birth, address, telephone number, email address. |
| Health Data | Relevant medical history, presenting symptoms, medications, treatment notes. |
| Administrative Data | Payment details, billing address, insurance or referral information. |
| Technical & Usage Data | IP address, browser type, operating system, pages visited, and cookies/analytics data. |
| Marketing Preferences | Consent choices for newsletters or updates. |
| Purpose | Lawful Basis (UK GDPR) |
| Responding to enquiries and booking assessments | Art. 6(1)(b) – Contract |
| Providing clinical care and treatment | Art. 6(1)(b) – Contract; Art. 9(2)(h) – Healthcare Provision |
| Managing administration, billing, and internal operations | Art. 6(1)(f) – Legitimate Interest (efficient service delivery) |
| Meeting legal, safety, and regulatory obligations | Art. 6(1)(c) – Legal Obligation |
| Sending optional marketing communications | Art. 6(1)(a) – Consent |
| Operating and improving the website (cookies/analytics) | Art. 6(1)(a) – Consent (non-essential cookies); Art. 6(1)(f) – Legitimate Interest (essential cookies) |
We use cookies to make our website function and, with your consent, to collect anonymous statistics.
– Essential cookies help the site operate and cannot be turned off.
– Analytics cookies (e.g., Google Analytics) are optional and help improve services.
You can manage your preferences at any time via our Cookie Settings link or your browser. For details, please see our separate Cookie Policy.
We may share data only when necessary and subject to data-sharing agreements and confidentiality obligations with:
– Clinicians and multidisciplinary teams within Castle Health Group.
– Referring GPs, other healthcare providers, or insurers (with consent).
– IT service providers, secure cloud platforms, billing processors, or accredited partners.
– Regulators or law-enforcement bodies where required by law.
All third parties are bound by strict confidentiality and data protection terms.
If your personal data is transferred outside the UK (for example, to cloud service providers), we will apply approved safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs) with UK addendum.
We retain personal data only for as long as necessary for the purposes collected or as required by law.
– Clinical records: typically 8 years (or longer for mental health under NHS guidance).
– Website and enquiry data: typically up to 12 months after resolution.
Retention is periodically reviewed and securely deleted when no longer required.
Under the UK GDPR, you have the right to:
– Access – request a copy of your data.
– Rectify – correct inaccurate or incomplete data.
– Erase – request deletion where data is no longer required.
– Restrict processing – pause processing under specific circumstances.
– Data portability – receive data in a structured, machine-readable format.
– Object – oppose certain processing (e.g., direct marketing).
– Withdraw consent – at any time for optional processing.
To exercise your rights, please email info@castlehealth.eu.
If you remain unsatisfied, you can lodge a complaint with the Information Commissioner’s Office (ICO) via https://ico.org.uk.
Castle Craig Hospital applies technical and organisational measures to protect data, including:
– Encryption and secure servers
– Access controls and authentication
– Audit logging
– Staff confidentiality agreements and training
– Incident response procedures
Marketing communications are optional. You will only receive them if you have explicitly opted in. You may unsubscribe at any time via email or the link in our messages. We do not sell or exchange personal data for marketing purposes.
We may update this Privacy Policy from time to time. The latest version will always be available on our website with a clear “Last Updated” date. If changes are material, we will notify you by email or on our homepage.
Data Protection Officer
Castle Craig Hospital Ltd
Blyth Bridge, West Linton, Peeblesshire EH46 7DH, Scotland
Email: info@castlehealth.eu