The General Data Protection Regulation (GDPR), which is EU wide and more extensive than its predecessor the Data Protection Act, along

with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.

Personal Data

For the purposes of providing treatment, I normally require detailed health, wellbeing and medical information. I will only collect what is relevant and necessary for your treatment. When you visit any one of my practices, I will take detailed case history notes, which normally include information on your symptoms, lifestyle, health and wellbeing as well as any medication and treatment. Notes are hand written and will always be stored securely, they are not shared with anyone not involved in your treatment. Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment. As part of my obligation as a healthcare practitioners there may be circumstances related to your treatment, on-going care or medical diagnosis that will require the sharing of your medical records with other healthcare practitioners e.g. GPs, consultants and/or medical insurance companies. Where this is required I will always inform you first unless I am under a legal obligation to comply.

For those who have clearly indicated an interest in attending the Health and Wellbeing talks, I will keep the contact details you have agreed to provide such as telephone numbers, email addresses and postal addresses.  I will normally use your email address to send you a reminder about the programme of topics and details of the next talk.  Your contact details will always be stored securely and not shared with anyone. 


Through agreeing to this privacy notice you are consenting to me securely holding your personal data for the purposes outlined above. However, you can withdraw consent at any time by using the email address or telephone number provided at the end of this Privacy Notice. Your personal information will be kept safe and secure and only I will normally have access to your records. However, for patients I see in my London clinic, the reception staff at the Polyclinic will have access to your contact details so that they can make appointments and send you reminders.

I will not disclose your personal information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests.

Retention Policy

I will hold personal data throughout the duration of any treatment and will continue to store the data for a further eight years to meet any legal obligations. After eight years all personal data will be destroyed, unless basic information needs to be retained to meet my future obligations to you, such as erasure details. Records concerning minors who have received treatment will be retained until the child has reached the age of 25.

Data storage

All Data is held in the United Kingdom. I do not store personal data outside the EEA.

Your rights as a data subject

At any point whilst in possession of your personal data you have the following rights:

● Right of access – you have the right to request a copy of the information that I hold about you.
● Right of rectification – you have a right to correct data that I hold about you that is inaccurate or incomplete.
● Right to be forgotten – in certain circumstances you can ask for the data I hold about you to be erased from our records.
● Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
● Right of portability – you have the right to have the data I hold about you transferred to another organisation.
● Right to object – you have the right to object to certain types of processing such as direct marketing.

In the very unlikely event that I refuse your request under rights of access, I will provide you with a reason as to why, which you have the right to legally challenge. At your request I can confirm what information I hold about you and how it is processed.

You can request the following information:

● My contact details.
● The purpose of any processing as well as the legal basis for processing.
● The categories of personal data collected and stored.
● Recipient(s) or categories of recipients that the data is/will be disclosed to.
● How long the data will be stored.
● Details of your rights to correct, erasure, restrict or object to such processing.
● Information about your right to withdraw consent at any time.
● How to lodge a complaint with the supervisory authority (ICO).
● The source of personal data if it wasn’t collected directly from you.

To access what personal data is held

Identification will be required for you to have access to your personal data: a copy of your driving licence or passport or birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. All requests should be made to Brian Isbell using the contact details provided below.


In the event that you wish to make a complaint about how your personal data is being held or used you have the right to complain to me. If you do not get a response within 30 days, you can complain to the Information Commissioner’s Office ( )

My contact details are:

Brian Isbell           Telephone 07891 095648 or email: