General Data Protection Regulation (GDPR)
Why do we collect your data?
We collect your personal data because you give us consent to do so to provide a dietetic service to you. We require this information for:
Providing you with a dietetic service that is relevant and tailored to your needs
Professional clinical record keeping of client information
Sharing information with other healthcare professionals with your consent (as per the new patient questionnaire form)
What counts as information?
Personal information includes handwritten and electronic notes, completed patient registration forms, questionnaires and homework records given to us. It also includes letters and emails. We may collect the following information:
Information from the new patient registration questionnaire
Information regarding your health and eating habits provided by you at consultations
Clinical information provided by reports from other health professionals
How do we safeguarding your personal information?
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place encrypted electronic systems and standard operating procedures to safeguard and secure the information we collect. Your information is stored on a password-protected computer within an encrypted drive. Any emails with patient identifiable information will be encrypted using encryption software.
How do we share your personal information?
Robert McNally RD is committed to ensuring that your privacy is protected and will always use private & confidential, and encrypted methods of communication. In the unlikely event that this is not possible, we will not use your full name. With your consent, we may share information about you:
by secure email
over the phone, in a private place
if we have sessions over FaceTime, Zoom or Teams this also counts as sharing information.
We will only ever share your information with appropriate parties on a need to know basis. Where this is necessary, we must comply with all aspects of the GDPR and the British Dietetics Association's code of ethics, which is linked at the end of this policy. Where necessary or required, and with your consent, we may share information with:
other healthcare professionals
social or welfare organisations
your family, friends or other representatives
How do we control your personal information?
We will not distribute, sell or lease your personal information to third parties unless we have your explicit permission or are required by law to do so. You may request details of personal information, which we hold about you under the GDPR. If you would like a copy of the information we hold about you, please contact us using the contact form at the bottom of this page. If you believe that any information we are holding for you is incorrect or incomplete, please get in touch. We will promptly correct any information found to be incorrect.
How can I withdraw and request to be deleted from your files?
Under GDPR, you have the right to be forgotten, which means that you can ask for your information held about you to be deleted. However, we must balance this against the Department of Health's legal and statutory requirement that data be kept for eight years. After that time, we will delete your information. Should you have any queries concerning GDPR or wish to have your information forgotten, please get in touch.