Mr Neville Dastur

MBBS FRCS MD

Consultant Vascular and Endo-vascular Surgeon

Privacy Policy

This privacy policy explains how Surrey Vascular Surgeon and Mr Neville Dastur collect, use, store and protect personal information when you use this website, contact the practice, or receive private healthcare services.

Last updated: May 2026

Who we are

Surrey Vascular Surgeon is the private vascular surgery practice of Mr Neville Dastur, Consultant Vascular and Endovascular Surgeon. For the purposes of this privacy policy, “we”, “us” and “our” refer to Surrey Vascular Surgeon and Mr Dastur’s private practice. Where administrative, billing or practice management services are provided through CSSL Ltd or another authorised service provider, those services are provided only for the purposes of running the practice and supporting your care.

You can contact us about privacy or data protection matters using the details below:

  • Email: office [at] surreyvascularsurgeon [dot] com

  • Website: www.surreyvascularsurgeon.com
  • Telephone: 0800 020 9511

Information we collect

We may collect and use the following types of information:

  • Identity and contact details, such as your name, date of birth, address, telephone number and email address.
  • Healthcare information relevant to your enquiry, consultation, investigation, treatment, follow-up care and clinical correspondence.
  • Referral information from your GP, consultant, insurer, hospital or other healthcare professional.
  • Appointment, administration and billing information, including invoices, payment status and insurer or membership details where relevant.
  • Communications you send to us, including emails, website enquiries, telephone messages and feedback.
  • Technical information about your use of the website, such as IP address, browser type, device information, pages visited and basic website log data.

How we collect information

We may collect information directly from you when you complete a website form, email or telephone the practice, book an appointment, attend a consultation or provide information during your care. We may also receive information from GPs, hospitals, diagnostic providers, insurers, medical secretaries, other clinicians and healthcare organisations involved in your care.

How we use your information

We use personal information for the following purposes:

  • To respond to enquiries and appointment requests.
  • To assess, diagnose, treat and advise patients.
  • To arrange consultations, investigations, procedures, follow-up appointments and referrals.
  • To prepare and send clinic letters, operation notes, prescriptions, reports and other clinical correspondence.
  • To communicate with GPs, hospitals, insurers, diagnostic providers and other healthcare professionals involved in your care.
  • To manage invoices, payments, insurer authorisations and practice administration.
  • To maintain accurate medical and administrative records.
  • To meet legal, regulatory, professional and clinical governance obligations.
  • To improve the website, monitor website performance and maintain website security.

Lawful basis for using your information

We process personal information under the UK General Data Protection Regulation and the Data Protection Act 2018. Depending on the reason for using your information, we rely on one or more of the following lawful bases:

  • Provision of healthcare: processing is necessary for the provision of health or social care, medical diagnosis and treatment.
  • Contract: processing is necessary to arrange and provide private healthcare services requested by you.
  • Legal obligation: processing is necessary to meet legal, regulatory, tax, accounting or professional obligations.
  • Legitimate interests: processing is necessary for the safe, effective and lawful operation of the practice, including administration, billing, responding to enquiries and maintaining secure services.
  • Consent: we may rely on consent for specific optional activities, such as certain marketing communications, where consent is required.

Healthcare information is special category data. We use it where necessary for the provision of healthcare, medical diagnosis, treatment, clinical governance, safeguarding, legal claims or other reasons permitted by data protection law.

Who we share information with

We only share personal information where it is necessary, lawful and relevant. This may include sharing information with:

  • Your GP, referring clinician or other healthcare professionals involved in your care.
  • Hospitals and clinic providers where you are seen or treated, including Spire Clare Park Hospital or other facilities used by the practice.
  • Diagnostic providers, laboratories, imaging departments and other clinical service providers.
  • Private medical insurers, where you ask us to liaise with them or where this is needed for authorisation or payment.
  • Administrative, secretarial, accounting, payment, IT, email, hosting and secure document service providers that support the practice.
  • Professional advisers, regulators, indemnity organisations, courts or public authorities where required by law or necessary to protect legal rights.

We do not sell personal information.

Website enquiries and email

Information sent through website forms or by email may not be suitable for urgent clinical problems. If you have an urgent medical concern, you should contact your GP, NHS 111, 999 or attend an Emergency Department as appropriate.

We take reasonable steps to protect communications, but ordinary email is not always fully secure. Please avoid sending unnecessary sensitive information by email unless it is needed for your care or enquiry.

Cookies and website analytics

This website may use cookies, server logs and similar technologies to make the website work, understand how visitors use it, improve performance and protect security. Some cookies are essential for the website to function. Others, such as analytics cookies, should only be used where enabled and permitted.

You can usually control cookies through your browser settings. Blocking some cookies may affect how the website works.

How long we keep information

We keep personal information only for as long as necessary for the purposes described in this policy, including clinical, legal, regulatory, tax, accounting and professional record-keeping requirements.

Medical records are usually retained in line with professional guidance and applicable healthcare record retention requirements. Administrative and financial records are retained for appropriate statutory and accounting periods.

How we protect information

We use appropriate technical and organisational measures to protect personal information against unauthorised access, loss, misuse, alteration or disclosure. These measures may include access controls, secure systems, password protection, encryption where appropriate, staff confidentiality obligations and careful selection of service providers.

International transfers

Some service providers, such as cloud, email, hosting or software providers, may process information outside the UK. Where this happens, we take steps to ensure that appropriate safeguards are in place, such as UK adequacy regulations, approved contractual safeguards or other protections required by data protection law.

Your rights

You have rights under data protection law. Depending on the circumstances, these may include the right to:

  • Access a copy of your personal information.
  • Ask for inaccurate information to be corrected.
  • Ask for information to be erased in certain circumstances.
  • Ask us to restrict how we use your information in certain circumstances.
  • Object to certain uses of your information.
  • Ask for transfer of information in a portable format where this right applies.
  • Withdraw consent where we rely on consent.

These rights are not absolute and may be limited where information is needed for clinical care, legal obligations, professional record keeping, the establishment or defence of legal claims, or other lawful reasons.

Complaints

If you have a concern about how we use your personal information, please contact us first so that we can try to resolve it.

You also have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection:

Changes to this policy

We may update this privacy policy from time to time. The most recent version will be published on this page.