Legal · Data Protection

Privacy Policy

Dr George Zoltan Simon · General Practitioner · Gibraltar

Last UpdatedMay 2025
JurisdictionGibraltar
FrameworkDPA 2004 · UK GDPR
Version1.0

Contents

  1. Who We Are
  2. Legal Framework
  3. Data We Collect
  4. Special Category Data
  5. How We Use Your Data
  6. Legal Basis
  7. Data Sharing
  8. Data Retention
  9. Your Rights
  10. Website & Cookies
  11. Security
  12. Children
  13. Changes
  14. Contact & Complaints

1Who We Are

Data Controller: Dr George Zoltan Simon, General Practitioner

Practice Location: Vithas Xanit Gibraltar, Gibraltar

Contact: simongeo@drgeorgesimon.org · +350 54 003 573

Website: drgeorgesimon.org

Dr George Zoltan Simon is a registered General Practitioner practising in Gibraltar, registered with both the Gibraltar Medical Registration Board (GMRB) and the General Medical Council (GMC) of the United Kingdom. As a healthcare provider, Dr Simon is a Data Controller under applicable Gibraltar data protection legislation and is responsible for how your personal data is collected, used, and protected.

2Legal Framework

This Privacy Policy is governed by the following legislation applicable in Gibraltar:

Important Note

As a medical practice, we are also bound by professional medical confidentiality obligations under the GMC's Confidentiality guidelines and the ethical standards of the Gibraltar Medical Registration Board. These obligations are in addition to, and consistent with, the legal requirements set out in this policy.

3Personal Data We Collect

We collect and process the following categories of personal data:

Identity & Contact Data

Appointment & Administrative Data

Website Usage Data

Please Note

We do not collect or process medical or health information through this website. All clinical information is collected and managed through secure clinical systems within the practice only.

4Special Category Data — Medical Information

Medical Records — Special Category Data

Health and medical information is classified as Special Category Data under the DPA 2004 and UK GDPR and is afforded the highest level of legal protection. All medical records and clinical information are held and managed securely within the practice, subject to strict medical confidentiality.

As your General Practitioner, Dr Simon will collect and process the following within the clinical setting:

This information is processed under the legal basis of provision of healthcare (Article 9(2)(h) UK GDPR / Schedule 3 DPA 2004) and is subject to the duty of medical confidentiality. It will not be disclosed to third parties without your consent, except where legally required or to facilitate your direct care (e.g. referrals to specialists).

5How We Use Your Personal Data

We use personal data collected through this website and the practice for the following purposes:

Healthcare Purposes

Administrative Purposes

Website & Legal Purposes

6Legal Basis for Processing

Under the DPA 2004 and UK GDPR, we rely on the following legal bases to process your personal data:

7Sharing Your Personal Data

We will not sell, rent, or trade your personal data to any third party. We may share your data in the following limited circumstances:

With Your Consent — Clinical Referrals

With your knowledge and consent, your clinical information may be shared with other healthcare professionals involved in your care, such as specialists, hospitals, or diagnostic laboratories, in order to facilitate the best possible treatment for you.

Legal & Regulatory Requirements

We may disclose personal data where required to do so by law, including in response to lawful requests from the Gibraltar Health Authority, courts, law enforcement authorities, or other regulatory bodies.

Third-Party Service Providers

We use the following third-party tools which may process limited personal data on our behalf:

International Transfers

Some third-party providers may process data outside Gibraltar or the UK. Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses or adequacy decisions where applicable.

8Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, in accordance with legal requirements:

On expiry of the applicable retention period, data is securely destroyed or anonymised.

9Your Rights

Under the Gibraltar DPA 2004 and UK GDPR, you have the following rights in relation to your personal data:

How to Exercise Your Rights

To exercise any of these rights, please contact us at simongeo@drgeorgesimon.org or by telephone on +350 54 003 573. We will respond within 30 days. We may need to verify your identity before processing your request. There is no charge for exercising your rights in most circumstances.

10Website, Cookies & Online Services

Cookies

Our website uses cookies — small text files placed on your device. We use only the following categories of cookies:

We do not use advertising, tracking, or profiling cookies. You can manage your cookie preferences at any time using the consent banner on this website, or by adjusting your browser settings.

Appointment Booking via Calendly

Our booking system is provided by Calendly LLC. When you book an appointment, Calendly collects your name, email address, and telephone number. Calendly acts as a data processor on our behalf. Please refer to Calendly's Privacy Policy for full details.

WhatsApp Communications

If you contact us via WhatsApp, your message content and contact details will be received by us through WhatsApp Business (Meta Platforms Inc.). Please be aware that WhatsApp messages are subject to Meta's privacy practices. We recommend not sending sensitive medical information via WhatsApp.

Links to Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

11Security

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction, or alteration, including:

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify you directly.

12Patients Under 18

Dr Simon's practice accepts patients aged 10 years and over. Where patients are under 18 years of age, additional considerations apply:

We do not knowingly collect data from children under 10 years of age through this website.

13Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. The current version will always be available on this website, with the date of last update shown at the top of this page.

For significant changes affecting how we use your health data, we will take reasonable steps to notify you directly.

14Contact Us & How to Complain

Data Controller Contact Details

  • Name: Dr George Zoltan Simon
  • Practice: Vithas Xanit Gibraltar, Gibraltar
  • Email: simongeo@drgeorgesimon.org
  • Telephone: +350 54 003 573
  • WhatsApp: +350 54 003 573

How to Make a Complaint

If you have concerns about how we have handled your personal data, please contact us in the first instance at the details above and we will endeavour to resolve the matter promptly.

If you remain dissatisfied, you have the right to lodge a complaint with the relevant supervisory authority:

Gibraltar Supervisory Authority

Gibraltar Regulatory Authority (GRA)
2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar
Email: info@gra.gi
Website: www.gra.gi
Tel: +350 200 74636

UK Supervisory Authority (if applicable)

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113