Your Data (GDPR)

When you supply your personal details, they are stored.

Personal information about your health is collected, in order to provide you with the best possible treatment. Your requesting treatment and my agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information but that would compromise the standard of treatment offered.

There is a “Legitimate Interest” in collecting that information, because without it, your care may be compromised.

Holding your data means that we can contact you in order to confirm your appointments or to update you on matters related to your care. This again constitutes “Legitimate Interest”.

There is a legal obligation to retain your records for 8 years after your most recent appointment (or age 25, if this is longer) but after this period you can ask that your records be deleted, if you wish. Otherwise, your records will be retained indefinitely in order that I can provide you with the best possible care should you need to return at some future date.

Your records are stored electronically (“in the cloud”), using a specialist medical records service. This provider has given us their assurances that they are fully compliant with the General Data Protection Regulations. Access to this data is protected.

Your data will never be shared with anyone who does not need access, without your written consent. Only the following people/agencies will have routine access to your data: The medical records service who store our files.

Your general practitioner or other health professionals in order that they can provide you with treatment.

You have the right to see what personal data of yours is held and you can also ask that any factual errors be corrected.

Provided the legal minimum period has elapsed, you can also demand that your records be erased.

Please be absolutely confident that your personal data is being treated responsibly and the only people who can access that data, have a genuine need to do so.

Of course, if you feel that that your personal data is being mishandled in some way, you have the right to complain.

Complaints need to be sent to the nominated “Data Controller”. Here are the details you need for that: