Privacy Policy (updated June 2025)
What Data Do We Hold About Our Patients?
In order to provide Functional Medicine consultations and support your healthcare journey, we maintain secure records using our patient platform – Semble, Healthpath and encrypted G Suite storage. We may hold the following information:
- Your contact details and your NHS healthcare provider information (as provided by you)
- Health-related communications sent to us
- Test results (supplied by you or via our partner laboratories)
- Assessments and correspondence between us and your healthcare team
This may also include identity and transaction data, such as your name, date of birth, and payment records, necessary for the delivery of clinical services.
Why Do We Hold and Process Your Data?
We maintain medical records to ensure continuity and quality of care. Data is held on secure systems and in locked storage where applicable. Records support accurate clinical tracking and allow us to plan appropriate reviews or follow-ups.
Information We Collect from Online Program Participants
When you enrol in our online program (Break Free From Fatigue via Thinkific), we collect:
- Name and contact information
- Payment and enrolment status (via Stripe)
- Program interaction data (e.g. module completion, download history)
We may also collect browser and device data, IP addresses, and analytics information to optimise your experience on our website and within the course platform.This data allows us to provide course access, manage your learning experience, and uphold digital security standards.
Lawful Basis for Processing
We process your data under the following legal bases:
- Consent – for optional communications (e.g. newsletters)
- Performance of a contract – for clinical services and digital course delivery
- Legal obligation – to maintain required health records
- Legitimate interests – e.g. service improvements or safety monitoring
How We Collect Data
You may provide personal data to us through direct interactions (e.g. submitting forms on our website, emailing us, or attending consultations), automated technologies (e.g. cookies), or from third parties (e.g. payment processors, analytics tools, or labs).Offline data may also be collected through forms completed in the clinic, telephone calls, or postal correspondence. (Charterhouse Clinic, 98 Crawford Street, Marylebone London W1H 2HL)
When Do We Share Your Information?
Identifiable information is only shared:
- With your GP or other healthcare providers for collaborative care
- With partner labs or clinical collaborators for test or treatment purposes
- With the Care Quality Commission (CQC) during inspections
- Where legally required (e.g. safeguarding or court order)
- With third-party platforms (Thinkific, Stripe, Zoom, Active Campaign, Keap, G Suite, Semble, Whereby) strictly for purposes of service delivery. These processors are contractually bound by GDPR compliance.
Practice administration staff may access your data to perform necessary duties. All staff are subject to the same rules of confidentiality as clinical staff.
International Transfers
Where any of our third-party processors or cloud-based services transfer your personal data outside the UK (for example, G Suit, Keap and Thinkific), we ensure your data is protected by:
- Standard Contractual Clauses (SCCs) approved by the UK government
- International Data Transfer Agreements (IDTAs) where required
- Robust contractual obligations on the service provider to maintain data security and privacy
Data Security
We have put in place appropriate technical and organisational measures to prevent your data from being lost, used or accessed unlawfully. These include encryption, restricted access, and regular security reviews. We will notify you and any regulator where we are legally required to do so in the event of a breach.
Data Retention
For clinical patients, we retain records for 7 years from the last contact (or until age 21 years + 3 months for minors) in line with medico-legal requirements.
If you’re a past patient and no longer wish your data to be accessed, your data will be moved offline into secure storage, only accessible if required to defend a legal claim. Contact details will be removed from our active systems.
For online program participants who are not clinical patients, we retain your data for up to 5 years from the last interaction unless you request deletion sooner.
Your Legal Rights
Under UK GDPR, you have the right to:
- Access, correct, delete, or restrict your personal data
- Object to processing where our legal basis is legitimate interest
- Withdraw consent for any processing based on consent (e.g. marketing)
- Request a copy of your data in a portable format
- Be notified of any unauthorised data access
We will respond to valid requests within one month and may request ID to confirm your identity.
Contact and Communication
When contacting us by email, you do so at your own discretion and provide personal details at your own risk. Although every effort is made to secure communications, we advise caution with sensitive information.
We do not use your contact details for third-party marketing. However:
- Clients and course participants are added to our newsletter list by default
- You may unsubscribe at any time by clicking the link in the email or contacting us
Alternatively, you may write to us at:
Dr Gayetri & Associates, Charterhouse Clinic London, 98 Crawford Street, London, W1H 2HL
Website, Analytics, and Cookies
Our website and Thinkific platform may track IP addresses and usage data for security, service improvement, or performance monitoring.
We use cookies to enhance your browsing experience and track engagement. By continuing to use the site, you consent to our use of cookies. You may control cookie preferences through your browser settings.
Third-Party Links
ur website may include links to third-party websites. We do not control these websites and are not responsible for their privacy policies. We encourage you to review those policies before submitting any personal data.
Complaints
You have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you believe your data has been handled improperly. However, we would appreciate the opportunity to resolve concerns directly — please contact us in the first instance.
Data Protection Officer
Dr Gayetri Chudasama
If you have concerns or would like to make a data request, please contact us via consult@drgayetri.co.uk
For more information about your data rights, visit the Information Commissioner’s Office: ttps://ico.org.uk/for-the-public