Privacy Policy (updated November 2021)

What Data do we hold about or Patients?

Information provided for the purpose of the functional medicine consultation and to enable us to provide effective healthcare to you we maintain a secure medical record in ‘Living Matrix’ and locked storage. We will hold the following information:

  • Your contact details and details of your NHS healthcare practitioners which you have provided to us
  • The contents of any important health-related correspondence from you
  • Test Results (whether provided by you on paper or to us from our partner laboratories)
  • Our assessments and correspondence with you and your other healthcare providers.

Why do we hold and process your data?

We hold your medical record in order to offer you functional medicine services. We will endeavor to keep records as accurately as possible and up-to-date. Your medical record is held on the computer and locked storage when awaiting to upload onto the “Living matrix” and G Suite.

The computerized records allow us to keep a chronological record of your health and perform other tasks such as ensuring we offer appointments for health reviews at the appropriate time.

When do we share your information?

The practice complies with data protection and access to medical records legislation. We may share your sensitive information with third parties to support your ongoing healthcare and Identifiable information about you will be shared with others in the following circumstances:

  • To request other healthcare and related practitioners to provide further treatment for you
  • To inform your General Practitioner or other Health Specialist of treatment we have provided to you or of test results while in our care
  • When we have a duty to others e.g. in child protection cases
  • To Care Quality commission staff upon inspection for them to assess safety and quality of our services.

Practice administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff.

Can I see the information you hold about me?

In accordance with the Data Protection Act 1998 and Access to Health Records Act, patients may request to see their medical records. Requests should be made through the Practice Manager.

In compliance with GDPR, patients have the right to:

  • Access all of their information plus any other content that forms part of the patient record, including notes and expect to be able to read them and understand what they mean without expert medical knowledge.
  • Know if their personal information has been forwarded to a third-party (like a fellow healthcare professional, consultant, insurer or school).
  • Have any invalid information we hold about them corrected.
  • Apply to have their personal data deleted.
  • Ask us to refrain from further use (or processing) of their information.
    Receive their information in an open electronic format.
  • Be notified if critical information about them is inappropriately accessed.

Applications for Data Deletion

For legal purposes, we maintain a record of our contact with patients for 7 years from our last clinic contact (or until the age of 21 years and 3 months in the case of any child in our care).

For past patients, who no longer wish to remain on our contacts list and who do not wish their data to be accessed, their data will be stored (for the time specified above), in a secured form away from our patient database. During this time contact details will be removed from our systems and the records will not be accessed for any purpose other than defending a legal claim, should this need arise.

Contact and communication

Patients contacting us via the practice email do so at their own discretion and provide any such personal details at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use. Every effort has been made to ensure a safe and secure process is available for the email submission of data, but we advise patients that they are responsible for ensuring they transmit their personal details to us in a secure manner. Please contact us to discuss this before transmitting any sensitive personal data to the clinic.

We will not use your details for the purposes of product marketing but will request your permission to use contact details to keep in touch with you about your appointments and share updates to your medical records.

Further data protection information can be obtained from the Information Commissioner’s website at

Website Data

The website server will track IP addresses for security against malicious attacks.
Analytics may be processed to track how visitors arrive at this website, none of this data will be able to be used to identify an individual.

Data Protection Officer: Dr Gayetri Chudasama