​​
Last updated: August 2025

​

A1 Reports Ltd (Company No. 12875309), trading as A1 Chronologies (“we”, “us”, “our”), is committed to protecting the privacy and confidentiality of the information you provide. This Privacy Notice explains how we handle personal data when providing medical chronology services.

​

1. Who we are

 

• Controller / Processor roles:

  • The instructing solicitor, insurer, or other professional client (the “Client”) is the data controller in relation to patient data supplied for chronology work.

  • A1 Chronologies acts as a data processor, handling the data only on the Client’s instructions.

• For business contact information (such as email addresses of solicitors instructing us), A1 Chronologies is the controller.

​

2. What data we process

 

When instructed to prepare a chronology, we process:

• Patient personal data, including health data contained in medical records provided by the Client

• Case-related information, such as claim identifiers, reference numbers, or file metadata

• Client contact details (e.g. names, emails, phone numbers of instructing solicitors)

​

We do not collect patient data directly from individuals. All data is provided by the Client.

​

3. How we use data

​

We process data solely for the purposes of:

• Reviewing medical records and producing medical chronologies

• Communicating with the Client about instructions

• Quality assurance, training, and secure record-keeping

• Meeting our legal and regulatory obligations

​

We do not use patient data for marketing or unrelated purposes.

​

4. Legal basis

​

For patient data: we process as a processor under the lawful basis determined by the Client (typically Article 6(1)(f) and Article 9(2)(f) UK GDPR – establishment, exercise or defence of legal claims).

For business contact data: we process under our legitimate interests in managing our business relationships.

 

5. Sharing data

 

We only share personal data where necessary to deliver our services:

• With suitably qualified personnel engaged by us (all bound by confidentiality)

• With standard IT and communication service providers (email, secure storage, transfer) under appropriate contracts

• Where required by law, court order, or regulator

​

We do not sell or trade data.

​

6. International transfers

 

We do not intentionally transfer data outside the UK. If transfer is required (for example, via an IT provider), we will ensure that appropriate safeguards are in place in accordance with the UK GDPR (such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses).

​

7. Data retention

​

We retain chronology case records for six (6) years from the date of settlement of the matter or the date of last correspondence, whichever is later, unless a different period is required by law or agreed with the Client. After this, data is securely destroyed.

​

8. Security

​

We implement appropriate technical and organisational measures to protect personal data, including secure storage, access controls, and staff training.

​

9. Your rights

​

If you are a data subject whose records are processed as part of a chronology, your rights (access, rectification, restriction, erasure, objection, data portability) are exercisable through the data controller (the instructing solicitor or insurer). Where A1 Chronologies is the controller (for Client contact data), you may contact us directly.

​

10. Contact

​

For any questions about this Privacy Notice or our data protection practices, please contact:

 

A1 Chronologies

Email: chronologies@a1reports.co.uk

 

If you are unhappy with our response, you may lodge a complaint with the UK Information Commissioner’s Office (ICO): www.ico.org.uk.

​