Privacy Policy

Endovenous Laser Ablation (EVLA), an interventional radiology procedure and treatment, for varicose and thread veins on a female patient's legs


Dr Mark Regi is a Director of JMR Medical Limited, a company registered in England and Wales, company number 09126549. JMR Medical Limited Limited is hereafter referred to as “we”, “us”, “our” and “ours”.

We only collect and use the personal data about you that we need to provide you with our services. We do this in accordance with the General Data Protection Regulation (GDPR), the new Data Protection Act (DPA) 2018 and any other applicable laws and regulations (hereafter referred to as ‘Data Protection Legislation’) that we need to in order to process your data legally and securely.

For the purposes of legal compliance with said Data Protection Legislation, we are the ‘data controller’. This means that we’re responsible for deciding how we collect, hold and use personal data about you, and that we’re required to notify you of the information contained in this privacy policy.

This policy affects your legal rights and obligations so please read it carefully to understand our practices regarding the collection and storage of your personal data and how we will treat it. If you have any questions, please contact us.


When you request information or services from us, we need to know your name, email address, telephone number and the nature of your enquiry. This information allows us to respond to your enquiry appropriately and provide you with accurate information about what you can expect, and the potential costs of our services.


  • your personal details (such as your name, address, telephone number and email address)
  • details of your current and past health and medical conditions, as provided by you in relation to your enquiry
  • details of contact we have had with you in relation to the provision, or the proposed provision, of our services
  • details of any services you have received from us
  • our correspondence and communications with you

You don’t need to provide us with any personal data to view our website. However, we still collect a small amount of anonymised information as set out in the ‘Cookies’ section of this policy.

As we ask our clients to pay via BACS, we don’t generally collect or store any payment information, unless you’ve requested to pay by another means, in which case we’ll discuss this with you.


A cookie is a small text file containing a unique identification number that is placed on your device when you visit a website or application. Your web browser (such as Google Chrome, Microsoft Internet Explorer or Mozilla Firefox) then sends these cookies back to the website on each subsequent visit so that they can remember things like preferences.


To protect the input forms of our websites against spam and abuse, we use the external service reCAPTCHA. This is a service provided by Google. reCAPTCHA makes it possible to differentiate between inputs of human origin and those that are abused by automated software (also called bots). When using the service, the following data will be transmitted to Google’s servers in the USA:

  • referrer URL
  • IP address of the user
  • the input behavior of the user as well as mouse movements in the area of the “reCAPTCHA” checkboxes
  • Google Account: If the user is logged in to their Google Account at the same time, this will be recognized and assigned
  • information about the browser used, browser size, browser resolution, browser plug-ins, language settings, date
  • mouse and touch events within the page
  • scripts and presentation instructions of the website
  • cookies

On behalf of us, Google will use this information to evaluate your use of our services. The IP address sent by your browser as part of the reCAPTCHA service will not be aggregated with other data held by Google. These other items of data are covered instead by Google’s separate privacy policy.

For further information please read Google’s privacy policy.


We’ll only use your personal data lawfully to provide our services and respond to enquiries/feedback. Generally we’ll use contractual obligation rather than consent as a legal basis for processing your personal data.

We’ll use your personal data to:

  • provide you with the information about our services that you’ve requested from us, or which we feel may interest you
  • carry out our obligations in relation to any agreements entered into for the provision of our services
  • notify you about any changes to our services
  • respond to any feedback you have provided about our business or services

In some circumstances we may anonymise or pseudonymise your personal data so that it can no longer be associated with you, in which case we may use it without further notice to you.

If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you or we may be unable to comply with our legal or regulatory obligations.

We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.

Most commonly, we’ll use your personal data in the following circumstances:

  • where we need to perform the contract we are about to enter into or have entered into with you
  • to respond to an enquiry or complaint you have made about our company or services
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • where we need to comply with a legal or regulatory obligation, including for audit purposes


We’ll only keep your personal data for as long as is necessary to fulfil the purposes for which it was collected. When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business and the services provided
  • any statutory or legal obligations
  • the purposes for which we originally collected the personal data
  • the lawful grounds on which we based our processing
  • the types of personal data we have collected
  • the amount and categories of your personal data
  • whether the purpose of the processing could reasonably be fulfilled by other means

For example, if you make an enquiry with us, but we do not hear anything back from you, or you decide not to take up any of our services, we will only keep your data for approximately two weeks. If you take up any of our services, we will keep your data on file for as long as you remain a client, and for up to twelve months following the end of our business relationship in case of any feedback or follow up required.


We may share your personal data with any service providers, sub-contractors and agents that we may appoint to perform functions on our behalf and in accordance with our instructions, including medical staff e.g. nurses, anaesthetists etc, IT service providers, accountants, auditors and lawyers.

Under certain circumstances we may have to disclose your personal data under applicable laws and/or regulations, for example, as part of anti-money laundering processes or protect a third party’s rights, property, or safety.

We may also share your personal data in connection with, or during negotiations of, any merger, sale of assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company.


We’ll process your personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We’ve put in place reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, suppliers and/or contractors who have a business need to know.

They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.


All personal data that you provide to us must be true, complete and accurate. If you provide us with inaccurate or false data, and we suspect or identify fraud, we’ll record this.

It’s important that the personal data we hold about you is accurate and current. Should your personal information change, please contact us to notify us of these changes.


Under certain circumstances, by law you have the right to:

  • request access to your personal data; this enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully
  • request correction of the personal data that we hold about you
  • request erasure of your personal data; you may ask us to delete or remove personal data where there is no good reason for us continuing to process it, plus you have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing

Please note, we reserve the right to charge an administrative fee if your request is manifestly unfounded or excessive.


In the limited circumstances where you’ve provided your consent to the collection, processing and transfer of your personal data for a specific purpose (outside of any contractual obligation), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us.

Once we’ve received notification that you’ve withdrawn your consent, we’ll no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law (in which case we will notify you of this).


If any provision of this policy is held by a court of competent jurisdiction to be invalid or unenforceable, then such provision shall be construed, as nearly as possible, to reflect the intentions of the parties and all other provisions shall remain in full force and effect.

This policy shall be governed by and construed in accordance with the law of England and Wales, and you agree to submit to the exclusive jurisdiction of the English Courts.


We may update or change the terms of this policy from time to time by posting a new version on our website. You’re responsible for regularly reviewing this policy so that you’re aware of any changes to it. If you continue to use our website after the date we state any changes will take effect, you will have accepted the changes.

This privacy notice was last updated on 3rd September 2023.


If you have any queries or concerns with regard to our data protection and privacy policy, please contact us.

If you have any complaints in relation to this policy or otherwise in relation to our processing of your personal data, you should contact the UK supervisory authority: the Information Commissioner’s Office.