Privacy policy Policy.

This Privacy Policy applies to personal information processed by Cardiology Experts in the course of providing independent expert witness reports, medico-legal opinions and related consultancy services to instructing solicitors, barristers, in-house legal teams and other authorised parties.

It also applies to anyone visiting our website at cardiology-experts.co.uk.

If you do not agree with any part of this policy, please do not submit personal information through our website or instruct us. If you have any questions, contact our Data Protection Officer using the details in Section 13.

Cardiology Experts is a UK-based medico-legal consultancy providing independent cardiology expert reports for personal injury, clinical negligence, fatal cardiac event and capacity matters.

The categories of personal information we collect depend on your relationship with us.

Instructing parties (solicitors, barristers, in-house teams)

• Name, professional title and firm or chambers
• Business contact details (email, telephone, postal address)
• Case reference numbers and matter details
• Billing and payment information
• Correspondence and instruction history

Claimants, patients and third parties referenced in case material

When you instruct us, we receive personal information about the individual the report concerns, and sometimes about treating clinicians, witnesses or other parties. This may include:

• Identity data (name, date of birth, address, NHS number)
• Medical records, imaging, test results and clinical correspondence
• Health information including diagnoses, treatment history and prognosis — categorised as special category data under Article 9 UK GDPR
• Witness statements, pleadings and other case papers
• Financial information relevant to loss calculations

Website visitors

• Information you submit through our contact or enquiry forms
• Technical data including IP address, browser type and device information
• Usage data collected through cookies — see our Cookies Policy

We use personal information for the following purposes:

• Preparing independent expert reports under CPR Part 35
• Reviewing medical records, conducting examinations and producing opinions
• Attending case conferences, joint expert meetings and court hearings
• Responding to your enquiries and managing our relationship with instructing parties
• Issuing invoices and managing payments
• Complying with our legal, regulatory and professional obligations
• Improving the security and performance of our website

We rely on the following legal bases under Article 6 UK GDPR:

• Contract — where processing is necessary to perform our agreement with the instructing party.
• Legitimate interests — where processing supports our work as independent experts, our business administration or website security, and our interests are not overridden by your rights.
• Legal obligation — where we must comply with UK law, court orders or professional regulation.

For health and other special category data, we rely on Article 9 UK GDPR — in particular Article 9(2)(f), processing necessary for the establishment, exercise or defence of legal claims, together with Schedule 1 Part 1 of the Data Protection Act 2018 where applicable.

We may share personal information with:

• The instructing party and their wider legal team
• The court and other parties to the litigation, where our report or evidence is disclosed
• Other experts instructed in the same matter (for example, in joint expert meetings)
• Our regulated professional advisers (accountants, insurers, legal advisers)
• IT and case-management service providers acting as our data processors under written contract
• Regulators, law enforcement and public authorities where we are required by law to do so

We do not sell personal information to third parties under any circumstances.

We primarily store and process personal information within the United Kingdom. Where any transfer outside the UK is necessary — for example, where a service provider operates servers in the European Economic Area — we ensure appropriate safeguards are in place, such as UK adequacy regulations, the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.

We implement technical and organisational measures appropriate to the sensitivity of medico-legal material, including:

• Encrypted transmission of case papers and reports
• Access controls limiting personal data to authorised personnel
• Secure storage of physical and electronic records
• Confidentiality obligations imposed on all staff and contractors
• Regular review of our information security practices

No transmission over the internet is entirely secure. Where you send sensitive material, please use the secure channels we provide rather than ordinary email.

We retain personal information only for as long as is necessary for the purposes for which it was collected, taking into account our professional obligations, limitation periods under English law and the possibility of further proceedings.

Case files, expert reports and supporting medical material are typically retained for a minimum of seven years from the date of our final involvement, and longer where the matter concerned a minor, a protected party or a fatal cardiac event. After the retention period, records are securely deleted or anonymised.

Under the UK GDPR you have the right to:

• Be informed about how we process your personal data
• Access your personal data and obtain a copy
• Have inaccurate personal data corrected
• Request erasure of your personal data, where applicable
• Restrict or object to processing in certain circumstances
• Request data portability where the processing is automated and based on consent or contract
• Withdraw consent at any time where consent is the legal basis

Some of these rights are qualified — for example, where personal data forms part of an expert report or court bundle, our ability to delete or restrict it may be limited by our legal and professional duties.

To exercise any of these rights, contact us at privacy@medicalexpertchambers.co.uk. You also have the right to lodge a complaint with the Information Commissioner’s Office at ico.org.uk.

Our website uses a small number of cookies to support core functionality and, where you consent, analytics. For full details — including the cookies we set, their purpose and how to control them — see our Cookies Policy.

We may update this Privacy Policy from time to time to reflect changes in law, professional guidance or our own practices. The “Last updated” date at the top of this page indicates when the policy was most recently revised. Material changes will be communicated to active instructing parties where appropriate.