Who I Am

Liv Gensale is a Registered Dietitian providing private dietetic services. As part of delivering these services, personal and health information is collected and processed in accordance with UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Liv Gensale is registered with the Information Commissioner's Office (ICO) as a Data Controller.

Information Collected

The information collected may include:

• Name, date of birth and contact details
• Consultant referrer details
• GP details
• Medical history and relevant health information
• Dietary information and lifestyle factors
• Appointment and consultation records
• Correspondence, including emails and letters
• Payment and invoicing information

Why Information Is Collected

Information is collected and processed to:

• Provide safe and effective dietetic care
• Communicate regarding appointments and treatment with you and the referrer
• Maintain accurate clinical records
• Prepare reports and correspondence where appropriate
• Meet professional, legal and regulatory obligations
• Process payments and manage accounts

Lawful Basis for Processing

Personal information is processed because it is necessary for the provision of healthcare services and for compliance with professional and legal obligations.

How Information Is Stored

Personal information is stored securely using appropriate technical and organisational measures designed to protect confidentiality and prevent unauthorised access, loss or misuse. This includes password encrypted hard drives.

Access to information is restricted to those who require it for the provision of care and operation of the practice.

Email Communication

Email is a convenient method of communication but is not always completely secure. While reasonable measures are taken to protect personal information, emails may not be encrypted end-to-end.

Patients should be aware of this risk when communicating by email and should avoid sending highly sensitive information unless they are comfortable doing so.

Sharing Information

Information will only be shared where necessary for the provision of care, such as with a patient's GP, consultant or other healthcare professionals, and normally only with the patient's consent.

Information may also be disclosed where required by law or where there is a professional duty to protect the safety of an individual or the public.

Record Retention

Clinical records are retained in accordance with professional and legal requirements. Adult records are normally retained for eight years following the last consultation before being securely destroyed. This aligns with NHS Records Management guidance.

Your Rights

Under UK GDPR, individuals have rights regarding their personal information, including:

• The right to access their information
• The right to request correction of inaccurate information
• The right to request restriction of processing in certain circumstances
• The right to lodge a complaint with the Information Commissioner's Office

Contact

If you have any questions regarding how your personal information is handled, please get in touch.

If you remain dissatisfied, you may contact the Information Commissioner's Office regarding your concerns.