Privacy Notice

Privacy Notice & Patient Information Handling
Our Commitment to Your Privacy
We are committed to protecting your personal and medical information and handling it with the highest standards of confidentiality, integrity, and security. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other relevant healthcare confidentiality obligations.
What Information We Collect
We may collect and process the following types of information:
- Personal details (such as name, date of birth, address, email, and telephone number)
- Medical and health information relevant to your care
- Appointment details and clinical correspondence
- Payment and billing information
- Communication records (emails, messages, or phone notes)
Medical information is classified as special category data under UK GDPR and is subject to enhanced protections.
How We Use Your Information
Your information is used only where necessary to:
- Provide safe and effective healthcare
- Assess, diagnose and treat you
- Communicate with you regarding appointments or care
- Maintain accurate clinical records
- Process payments and manage our practice
- Meet legal, regulatory and professional obligations
- We will never use your data for marketing purposes without your explicit consent
Legal Basis for Processing
Under UK GDPR, we process your personal data on the following lawful bases:
- Provision of healthcare (Article 6(1)(e) and Article 9(2)(h))
- Legal and regulatory obligations
- Your explicit consent, where required
Confidentiality and Data Sharing
All patient information is treated as confidential. We will only share your information when:
- It is necessary for your direct care (e.g. referrals, test results)
- You have given explicit consent
- We are legally required to do so
- It is necessary to protect your vital interests or the safety of others
Any third parties we work with are required to meet strict data protection and confidentiality standards.
Data Storage and Security
We take appropriate technical and organisational measures to protect your information, including:
- Secure electronic record systems
- Restricted access to patient data
- Password protection and encryption where appropriate
- Regular review of data protection practices
- Information is retained only for as long as required by law or professional guidance.
Your Rights Under UK GDPR
You have the right to:
- Access your personal data
- Request correction of inaccurate information
- Request erasure of data where applicable
- Restrict or object to processing
- Request data portability
- Withdraw consent at any time (where processing is based on consent)
To exercise these rights, please contact us using the details below.
Complaints
If you have concerns about how your information is handled, we encourage you to contact us first so we can address the issue promptly. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator.
Contact Details
For any questions regarding this Privacy Notice or your personal information, please contact: info@dietitianbythesea.co.uk