16th November 2018 

EDEN CLINIC GDPR PRIVACY STATEMENT

This document is to advise you that Eden Clinic is a registered data controller. This privacy notice sets out our privacy policy.

We collect and store and use patients’ personal data for the purposes of healthcare only.

Our legal bases for processing personal data for healthcare purposes, includes appointment reminders and legal obligations.


The data we may collect and process:

The personal data of patients that we may collect and process includes:
  • Your name, contact details and personal identifiers (such as date of birth)
  • Your general health history and any relevant signs or symptoms you tell us about
  • Details of medicines prescribed for you
  • Details of examinations and other healthcare checks and treatments
  • Information relevant to your continued care from other people who care for you or know you well, such as other health professionals and relatives


  • How we hold and share your personal data

  • We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems. Patient records will only be accessed by the healthcare professional working with you at the practice, with the exception where your contact details may be needed to communicate with you and the healthcare professional is unable to provide the details at the required time.
  • We will usually keep any personal data we hold about you for seven years after our last contact with you before we delete it.


  • Your rights

    You have legal rights in respect of the personal data we hold about you. The Information Commissioner’s Office (ICO) has published guidance on the full range of rights. The rights that are most relevant to the way in which we use your personal data include:
  • The right to be informed about how we use personal data – this privacy notice gives that information
  • The right to object – if you object to us processing your data healthcare purposes where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests
  • The right of access – if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).
  • The right to rectification – if you ask us to correct personal data about you that is inaccurate or incomplete, we will do so within a month (unless we need longer, in which case we will discuss this with you)
  • The right to erasure – also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see ‘how we hold and share your personal data’ above) where we have a duty to keep accurate records – for example, to comply with a legal obligation, or in connection with a legal claim. If you ask us to delete such data we will discuss this with you.


  • Contacting us and the ICO about your personal data

  • Please speak to us first if you have any questions or concerns about the way in which we process personal data.
  • You have the right to complain to the ICO if you have a concern about our handling of your personal data that you do not think we can resolve. You can contact the ICO at www.ico.org.uk