Privacy Notice

Privacy Notice

Updated 11th March 2020

At Medical Billing and Collection (MBC) we take data privacy very seriously and we are committed to protecting and respecting the rights of all individuals. We are dedicated to ensuring the confidentiality and privacy of information entrusted to us and aspire to be transparent when we collect and use personal data. We treat the privacy of our clients, their patients, our suppliers and our employees with the highest level of importance and this privacy notice details the measures we take in preserving and safeguarding your privacy when you make use of our services, communicate via our website or with our employees, or visit our offices.

This privacy notice covers the following:

  • Our contact details
  • How MBC collects personal information
  • MBC’s purposes and lawful bases of personal data processing
  • How we store your information
  • Sharing information
  • International transfers
  • Your rights
  • Rights related requests
  • How to complain
  • Changes to this privacy notice

This privacy notice is made available on our website. An electronic copy can also be requested from DPO@medbc.co.uk where we aim to respond to all enquiries within 48 working hours. Alternatively, please write to the address below:

Our Contact Details
Medical Billing & Collection
Connery House
Repton Place

MBC is registered with the Information Commissioner’s Office (ICO), with registration number Z140064X.

If you have questions or comments about this privacy notice or how we handle your personal data, then please direct your correspondence either to the above postal address (marking the envelope FAO – Data Protection Officer), or to DPO@medbc.co.uk.

How MBC Collects Personal Information

At MBC we may obtain personal data directly from individuals in a number of ways including:

  • When you become a client
  • When you use our online services
  • When you email or call us
  • When you fill in a form on our website
  • When you give us your business card
  • When you submit a job application
  • When you visit our offices or attend events, conferences and meetings
  • When you subscribe to our newsletters

MBC may also obtain personal information indirectly from a variety of sources including:

  • Consultants, groups, clinics and hospitals that share patient information with us
  • Existing clients may share their employees contact details with us, for example medical secretaries
  • Publicly available sources such as LinkedIn, Companies House or freely available news articles
  • Recruitment services will provide us with CV’s
  • Companies providing security background checks
  • CCTV located at MBC offices

We will always ensure that you know we are processing your personal information except where it is
disproportionately difficult to do so.


MBC’s Purposes and Lawful Bases of Personal Data Processing
MBC processes personal data for the following reasons.

To Provide Access to Online Services and Customer Support

When you become a customer of ours we collect your data in order to deliver contracted services to you via our cloud software, email or over the telephone for invoice creation, invoice mailing, billing and collection services. We also provide online and telephone support services to help deliver the contracted services. If you access our online services, you remain responsible for keeping your user ID and password confidential. Our legal basis for processing this data is for the performance of a contract to provide our services to you.

For Purposes of Financial Management

We gather and retain business contact and account details for financial management purposes. Personal information such as names and contact information will be needed to ensure invoices and debts are handled appropriately.

Our legal basis for processing financial information is the performance of a contract. The retention period for this type of information is up to 7 years in line with legal and tax regulations.

To Send you Marketing Materials by Email

We use your contact information to send you marketing and product information. You can opt out of marketing messages at any time using the unsubscribe capability provided.

Our legal basis for this processing is our legitimate interests in promoting our relevant services to you.

To Tell You about Our Products and Services

If you complete an enquiry form on our website or give us your details in person, for example at a conference, we will contact you by email or phone so that we can discuss the products or services in which you have indicated an interest.

Our lawful basis for processing is our legitimate interests in selling our products and services.

To Invite You to Conferences or Exhibitions

We use your data to invite you to conferences and events. Sometimes MBC uses this information to provide assistance with travel and/or hotel arrangements at the request of the individual.

Our lawful basis for processing data for these purposes is our legitimate interests in looking after our clients.

To Host Meetings with You at MBC Offices, Conferences or Exhibitions

We need to process your data in order to manage access and physical security at our offices. Our lawful basis is our legitimate interests to ensure the security of our business premises and authorised attendance at our events.

We may also ask for dietary restrictions or access requirements that reveal religious beliefs or physical health conditions. Our legal basis for processing this data is your consent that you can withdraw at any time.

To Fill Job Vacancies

If you submit a job application either directly or through a recruiter, we will use your information in connection with the specific job that you have applied for and, in the event you are unsuccessful in your application, we will keep your information on file in case additional vacancies come up for which you may be suitable. We store the information of unsuccessful candidates for 400 days.

Sometimes we use publicly available sources of data such as LinkedIn in order to source candidate’s information.

The legal basis for processing your data for recruitment is our legitimate interests in operating our business.

Prior to the interview process, we will ask whether you need modified access because of a disability. Our legal basis for processing this information is a legal obligation.

To Manage the Security of our Facilities

Our offices have a CCTV system that monitors the perimeter of the building. This collects location and time based images of you and, sometimes, of your vehicle in order to our protect buildings and assets from damage, vandalism or another crime.

Our lawful basis for the processing this data is our legitimate interests to ensure the security of our business premises and help prevent and detect crime

Our policy is to automatically overwrite CCTV footage within 60 days.

How We Store Your Information

MBC is dedicated to keeping your data safe. We have put technical and organisational policies and procedures in place to protect personal data from loss, misuse, alteration or destruction. We ensure that access to your personal data is limited only to those who need to access it and those individuals are required to maintain the confidentiality of such information. Where necessary, we apply encryption and anonymisation techniques in efforts to further protect personal data. Your data is stored in a highly secured UK data centre managed for us by Rock It.

Information submitted by you is stored on secure servers. Any payment or transaction details will be encrypted for full safety measures to be in use.

Sharing Information

We will never sell your data to third parties.

We use third party data processors to host your data and to provide development services for us. We have contracts in place with these data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation and they will hold it securely and retain it for the period we instruct.

The legal basis for sharing this data is for the performance of the contract we have with you.
Third party disclosure may be necessary regarding personal information in the following circumstances:

  • A sale of our business or its assets, in full or part, to a third party may require personal data sharing.
  • Legally, we may be asked to share and disclose personal data.
  • To assist in reducing credit risk and fraud protection.

The legal basis for sharing this data is a legal obligation.

International Transfers

We will only send your data outside of the European Economic Area (EEA) to:

  • Work with our suppliers who help us to support our services.
  • Process invoices with international insurance providers.

We will only do this under the instruction of the Data Controller and when appropriate protection is in place. In the case of our suppliers we have Standard Contractual Clauses (SCCs) which provide legal safeguards for such transfers.

Your Rights

No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

Your Right of Access

You have the right to ask us for copies of your personal information; this is known as a Subject Access Request. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your Right to Rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your Right to Erasure

You have the right to ask us to erase your personal information in certain circumstances. Records pertaining to our core business have to be retained for 7 years by law, therefore your personal information will be anonymised.

Your Right to Restriction of Processing

You have the right to ask us to restrict the processing of some or all of your information in the following situations:

    • Some or all of the information we hold on you is not correct.
    • We are not lawfully allowed to process it.
    • You need us to retain your information in order for you to establish, exercise or defend a legal claim.
    • You believe your privacy rights outweigh our legitimate interests to use your information for a
      particular purpose.

Your Right to Object to Processing

You have the right to object to processing if we are using legitimate interests as our lawful basis for processing.


Your Right to Data Portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or as part of a contract, or in talks about entering into a contract and the processing is automated.

Your Right to Withdraw Consent

You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.

Rights Related Requests

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it.


Along with our digital advertising, promotional and social media providers we may have the occasion to collect information regarding your computer, its software and apps for our services. The information is gained in a statistical manner for our use.

Any data gathered will not identify you personally. It is strictly aggregated statistical data about our visitors and how they used resources on our site. No identifying personal information will be shared at any time via cookies.

Close to the above, data gathering can be about general online use through a cookie file. When used, cookies are automatically placed in your hard drive where information transferred to your computer can be found. These cookies are designed to help us correct and improve our sites, resources and services for you.

You may elect to decline all cookies via your computer. Every computer has the ability to decline file downloads like cookies. Your browser has an option to enable the declining of cookies. If you do decline cookie downloads you may be limited to certain areas of our site, as there are parts of our site that require cookies. For the management of the operation and performance of the website and our other web resources we may have a use for cookies. To manage how these are managed on your device please consult your browser supplier information or help pages. For example, use this link to see how to manage Cookies when using Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internetexplorer-delete-manage-cookies

How to Complain

If you disagree with how we are processing your data, please contact our DPO at DPO@medbc.co.uk or address your letter to our DPO at the MBC address listed in the Contact Details section.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Helpline number: 0303 123 1113

Changes to this Privacy Notice.

MBC will occasionally update this privacy notice to reflect changes in legislation, our practices and services. When we post changes to this privacy notice, we will revise the ‘last updated’ date at the top of this privacy notice. If we make any material changes in the way we collect, use, and share personal data, we will notify you by prominently posting notice of the changes on our website. We recommend that you check this page from time to time to inform yourself of any changes in this privacy notice.