UPDATED PRIVACY NOTICE (May 2018 EU GDPR)
Lawful Basis For Processing Client Data
Under the new legislation as the Data Controller and Data Processor I need to collect personal information about your health in order to provide you with the best possible treatment. Processing the special category of personal data necessary for healthcare is classed as a legitimate interest.
Your requesting treatment and my agreement to provide that treatment constitutes a contract.
It is important that I can contact you in order to confirm your appointments with me. This constitutes a legitimate interest however this time it is your legitimate interest.
I have a legal obligation to retain your records for 8 years after your most recent appointment, but after this period you can ask me to destroy your records if you wish.
Your records are stored on paper in a locked filing cabinet within an alarmed space.
None of your personal details are kept on a computer.
I will never share any of your data without your written consent and your email address is not held on a database nor used for any marketing purposes.
Only I will have routine access to your personal information
If you are not satisfied with my response, then you have the right to raise the matter with the Information Commissioner’s Office