GDPR Privacy Notice

Data Protection: Our Commitment to your Data Security

Data Protection Officer: Dr Andrew Greenland


What data do we hold about our patients?

To deliver exceptional healthcare services, Greenland Medical Ltd maintains secure medical records through the Functrion 365 software platform as well as in hard copy. We collect and store the following types of information:

  • Your contact and demographic details and details of your NHS healthcare practitioners, which you have provided to us
  • The contents of any important health-related correspondence from you
  • Test Results (whether provided by you on paper or to us from our partner laboratories)
  • Our assessments and correspondence with you and your other healthcare providers

Why do we hold and process your data?

Your medical record is a cornerstone of your healthcare journey with us. It is imperative that these records are accurate and current. We use these records to:

  • Provide you with medical care.
  • Administer appointments.
  • Communicate with other healthcare professionals at your request.

The data also enables us to perform essential administrative tasks, such as scheduling health reviews and conducting clinical audits to continually enhance our services.

When do we share your information?

The practice complies with data protection and access to medical records legislation. Identifiable information about you will be shared with others in the following circumstances:

  • To coordinate further treatment with other healthcare providers.
  • To inform your General Practitioner or specialists about treatments or test results.
  • To disclose information to insurance companies or other entities, with your explicit consent.
  • When mandated by law, such as in safeguarding cases.

Reception and administration staff require access to your medical records in order to do their jobs. These members of staff are bound by the same rules of confidentiality as the medical staff. Except for the above circumstances, your details are not passed on to any third parties.


Can I see the information you have about me?

In line with the Data Protection Act 1998, the Access to Health Records Act, and GDPR, you have the right to:

  • Access all information we hold about you.
  • Be informed if your data is shared with third parties.
  • Correct any inaccurate information.
  • Request data deletion.
  • Limit further use or processing of your data.
  • Receive your data in an open electronic format.
  • Be notified of any unauthorized access to critical information.

Applications for Data Deletion

We retain patient records for 7 years from the last clinic contact or until the age of 21 years and 3 months for minors. Requests for data deletion will be considered on a case-by-case basis.

Contact and communication

While we have implemented robust security measures, patients who contact us via email do so at their own risk. We will not use your contact details for marketing purposes but may ask for your consent to keep you updated on appointments and significant clinic updates.

For newsletters or health-related events, separate consent will be sought.

For further information on data protection, please visit the Information Commissioner’s website (https://ico.org.uk/for-the-public/).