Legal

Privacy Policy

How we protect your personal data when you use this website, in line with UK data protection law.

Last updated: 1 June 2026

Data controller

[To be completed] — The name and postal address of the data controller responsible for this website will be added here. Until then, for privacy enquiries please contact enquiries@willsarakbi.com.

Introduction

We protect your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect through willsarakbi.com, why we process it, how long we keep it, and your rights.

This website is the online presence of Mr Will Sarakbi, Consultant Oncoplastic Breast Surgeon (GMC: 6027127), practising at Cadogan Clinic, Chelsea and Shirley Oaks Hospital, Surrey. It provides information about services and a means to contact the practice.

Pages on other websites that link here have their own controllers and privacy policies. This policy applies only to this website.

Lawful basis for processing

For each activity below we rely on an appropriate lawful basis under UK GDPR:

Enquiry forms

Legitimate interests — responding to your request and arranging care or information you have asked for. Where we need your consent (for example optional marketing), we will ask separately.

Website analytics

Legitimate interests — understanding how visitors use the site so we can improve content and usability. Where cookies are non-essential, we will request consent via our cookie controls where required.

Security & logs

Legal obligation / legitimate interests — protecting the site and data from abuse, and meeting security obligations.

Where we rely on consent, you may withdraw it at any time by contacting us. Withdrawal does not affect processing that was lawful before withdrawal.

What we collect

Information you give us

When you submit the contact or enquiry form, we may collect:

  • Name
  • Email address
  • Telephone number (if provided)
  • Enquiry type, preferred location and message content
  • Any other fields you choose to complete on the form

Please do not include sensitive medical details in web forms unless necessary; clinical correspondence is usually better handled by phone or through established hospital pathways.

Information collected automatically

When you browse the site, standard technical data may be processed, including:

  • IP address (often truncated or pseudonymised in analytics)
  • Browser type and device information
  • Pages viewed and approximate time on site
  • Referring website (if your browser sends it)

This is collected through cookies and similar technologies — see Cookies below.

How we use your data

We use personal data to:

  • Respond to enquiries and arrange consultations or information you have requested
  • Communicate with you about your request (by email or telephone)
  • Maintain records of correspondence where appropriate for the practice
  • Improve this website and measure its effectiveness
  • Protect the security and integrity of the website
  • Comply with legal and regulatory obligations

We do not sell your personal data. We do not use enquiry data for unrelated third-party marketing.

We keep enquiry data only as long as needed for the purposes above, or as required by law, after which it is securely deleted or anonymised.

Your rights

Under UK data protection law you have rights including:

  • Access — to receive a copy of personal data we hold about you
  • Rectification — to correct inaccurate data
  • Erasure — to request deletion in certain circumstances
  • Restriction — to limit processing in certain circumstances
  • Objection — to processing based on legitimate interests
  • Data portability — where processing is automated and based on consent or contract
  • Withdraw consent — where processing is based on consent

To exercise any of these rights, contact enquiries@willsarakbi.com. We may need to verify your identity before responding. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Security

We implement appropriate technical and organisational measures to protect personal data. This website uses TLS encryption (HTTPS) when you submit forms or browse pages. Access to enquiry data is limited to those who need it for their role.

No transmission over the internet is completely secure; we encourage you to use strong passwords on your own devices and email accounts.

Cookies

Cookies are small text files stored on your device. They help the site function, remember preferences, and (with your consent where required) measure how the site is used.

Type Purpose
Strictly necessary Security, load balancing, cookie consent preferences — required for the site to work.
Analytics Google Analytics (often via Google Tag Manager) — aggregated statistics on pages visited and general usage. See Google’s privacy policy.

You can opt out of Google Analytics on all websites using the Google Analytics Opt-out Browser Add-on. You can also control cookies through your browser settings.

Third-party services

We use trusted providers who process data on our behalf (processors) or provide embedded services. Each has its own privacy policy.

WPForms (contact forms)

Enquiry submissions are handled through WPForms on our WordPress site. Form entries are stored securely on our hosting environment and/or emailed to the practice. WPForms privacy policy

Lawful basis: Legitimate interests / steps prior to contract at your request

Website hosting (WordPress)

Our site runs on WordPress, hosted by our web hosting provider. The host processes server logs (IP address, request time, pages accessed) for security and reliability. Details of the host will be listed here when confirmed.

Lawful basis: Legitimate interests / legal obligation (security)

Google Tag Manager & Google Analytics

We use Google Tag Manager and Google Analytics (GA4) to understand how visitors use the site. Google may process data in the USA and other countries under appropriate safeguards. Google privacy policy

Lawful basis: Legitimate interests / consent for non-essential cookies where applicable

Content delivery & security (if enabled)

If we use a CDN or security service such as Cloudflare, it may process IP addresses and request metadata to deliver content quickly and block malicious traffic. Cloudflare privacy policy

Lawful basis: Legitimate interests / legal obligation (security)

Links to external sites (for example GMC, Doctify, hospital websites) are not covered by this policy.

Disclosures

We may disclose personal data where required by law, court order, or to protect the rights and safety of individuals. If we suspect criminal activity we may share relevant information with the appropriate authorities.

We do not routinely share enquiry data with third parties except as described in this policy or with your consent.

Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will change when we do. Material changes that widen how we use data will apply only to data collected after the updated policy is published, unless we are required or permitted to apply changes retrospectively by law.

Contact

For privacy questions or to exercise your rights:

enquiries@willsarakbi.com

This policy is provided for transparency and does not constitute legal advice. The data controller details above should be completed by the practice. Consider independent legal review if your processing activities change.

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by