This notice is to explain why I collect your personal data, what I do with it, and to ensure I am working in accordance with the EU General Data Protection Regulation (GDPR)
Personal information you provide is only used by me to enable me to safely and effectively provide services you request regarding your health.

Personal Data collected and held:
Contact details (‘phone number, email address)
GP practice
Date of birth
Occupation (as this may be relevant to the cause of a health problem)
Case history (health history)

Reason for collection and recording of information:
To allow me to address your current health-related problems.
To allow me to contact you regarding appointment times and dates, or your health care, should the need arise.
Reason for holding information:
To monitor progress whilst addressing current health-related problems.
To enable re-assessment of health-related problems should you return to my clinic again in the future.
As a requirement of my Insurer.
Privacy of information collected and held:
All records are collected and stored securely in paper format (not electronically).
I am the only person with access to these records.

I have a legal obligation to retain your records for 8 years after your most recent appointment (or after you have reached age 25, if this is longer), after which time they are shredded.

Email communications relevant data is extracted and documented in paper format in notes, email then deleted.

Text messages – relevant data is extracted and documented in paper format in notes, text then deleted.
Payment facilities I use comply with data protection regulations, and are password protected.
Information is never shared with anyone without your permission (see exception below). It may be appropriate for me to suggest I consult another healthcare practitioner who may be able to help with your care or to offer a second opinion. This would never be done without your prior permission.

Duty of confidentiality breached only if you are felt to be a serious risk to yourself or others.

You have the right to see the data of yours which I hold.
You have the right to ask me to correct any factual errors.
You can ask for me to erase your personal data (provided the legal minimum period has elapsed).
You have a right to complain to me and to the ICO if you believe there is a problem with data handling.