Privacy Statement

At EM Psychiatry, I am committed to protecting your privacy and handling your personal information with care, confidentiality and transparency. This privacy statement explains how I collect, use, store and protect your personal data when you visit this website, make an enquiry, or use my services.

This website and practice are intended for individuals seeking private psychiatric services. I process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and my professional duties of confidentiality.

Who I am

EM Psychiatry
Dr Enone McKenzie
Parkshot House, Richmond
07xxxx

For the purposes of data protection law, I am the data controller of the personal data you provide through this website and in the course of your care.

What information I collect

I may collect and process the following types of personal data:

  • your name, email address, telephone number and other contact details

  • information you provide when completing a contact form or sending an enquiry

  • information relevant to arranging an appointment

  • technical website usage information, such as IP address, browser type and cookie data

  • personal and special category health information where you become a patient

If you proceed to treatment, I may also collect medical, psychiatric, family, social and medication history, GP details, referral letters and other information necessary for assessment and care.

How I use your information

I use personal data to:

  • respond to enquiries and communicate with you

  • assess whether my services are appropriate for your needs

  • arrange and manage appointments

  • provide psychiatric assessment, treatment and follow-up care

  • maintain clinical records

  • send invoices and manage payments

  • comply with legal, regulatory and professional obligations

  • maintain the security and performance of the website

Lawful basis for processing

Under UK GDPR, I rely on the following lawful bases where appropriate:

  • Legitimate interests for responding to enquiries and administering the practice

  • Contract where processing is necessary to provide services you have requested

  • Legal obligation where I must comply with legal, safeguarding, tax, insurance or regulatory requirements

  • Provision of health care for processing special category health data necessary for medical diagnosis and treatment

  • Consent where this is specifically required, such as for certain optional communications or cookies

Where special category data is processed, this is done because it is necessary for the provision of health or social care and subject to a duty of confidentiality.

Confidentiality

As a medical professional, I owe patients a duty of confidentiality. Information shared in the course of your care will be treated as confidential and only shared where there is a lawful and justified reason to do so.

This may include:

  • with your GP or another healthcare professional involved in your care, where appropriate

  • where required by law

  • where there are serious concerns about your safety or the safety of others

  • for safeguarding purposes

  • where necessary for clinical supervision, insurance, complaints handling or regulatory processes

Where possible and appropriate, I will discuss sharing information with you first.

How long I keep your data

I keep personal data only for as long as necessary for the purpose for which it was collected and to comply with legal, professional and regulatory requirements.

Clinical records are retained in accordance with applicable medical record retention guidance and professional obligations. Enquiry data for prospective patients who do not proceed may be kept for a limited period and then securely deleted.

You can request further details about retention periods by contacting me.

How your data is stored

I take reasonable steps to keep your information secure. This includes using secure systems, password protection, restricted access, and secure storage for electronic and paper records where applicable.

No method of transmission or storage is completely secure, but I use appropriate technical and organisational measures to reduce the risk of unauthorised access, loss or misuse.

Website forms, email and cookies

If you contact me through the website, email or contact form, the information you submit will be used to respond to your enquiry and manage any follow-up.

This website may use cookies or analytics tools to improve functionality and understand how the site is used. Non-essential cookies should only be used with your consent. You can manage cookies through your browser settings or cookie banner.

If you use a third-party platform linked through this website, such as an online booking or payment provider, your data will also be processed according to that provider’s privacy policy.

Sharing your data with third parties

I may share personal data with trusted third parties where necessary, such as:

  • secure practice management or electronic health record providers

  • payment processors

  • accountants, insurers or legal advisers

  • IT support providers

  • other healthcare professionals involved in your care

These providers only receive the information necessary for their role and are expected to protect it appropriately.

I do not sell your personal data.

International transfers

Where possible, your data is stored and processed within the UK or countries offering adequate legal protection. If any data is transferred outside the UK, appropriate safeguards will be used in accordance with data protection law.

Your rights

Under UK GDPR, you may have the right to:

  • request access to your personal data

  • request correction of inaccurate or incomplete data

  • request erasure of your data in certain circumstances

  • request restriction of processing

  • object to certain types of processing

  • request transfer of your data where applicable

  • withdraw consent where processing is based on consent

These rights are not absolute and may be limited where data must be retained for medical, legal or regulatory reasons.

To exercise your rights, please contact me using the details above.

Complaints

If you have concerns about how your personal data is handled, please contact me first so I can try to resolve the issue.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.

Changes to this privacy statement

I may update this privacy statement from time to time to reflect legal, clinical or operational changes. Any updates will be posted on this website with the revised effective date.

Contact

If you have any questions about this privacy statement or how your data is handled, please contact:

[Clinician Name]
[Practice Name]
[Email Address]
[Phone Number]
[Practice Address]

A few important notes before you publish it:

  • Add the clinician’s full name, practice name, contact details, and address.

  • If the website uses Google Analytics, Meta Pixel, Calendly, Stripe, Semble, WriteUpp, Zanda, or any similar tools, those should be named specifically.

  • If the psychiatrist is registered with the ICO, you can add the ICO registration number.

  • This is a strong general template, but it is not legal advice. For publication, it should be checked against the practice’s actual systems and workflows.