Privacy Notice


We collect personal data in the following ways:

1. Clinical and Health Information (Special Category Data)

When a consultation is booked, information necessary to provide safe and effective care is collected. This may include:

  • Name, address, date of birth and contact details
  • Medical history and current symptoms
  • Medication and supplement use
  • Lifestyle information relevant to your health
  • Consultation notes and treatment plans
  • Health information is classified as special category data under UK data protection law and is handled with strict confidentiality.

2. Contact Information

When individuals contact the practice or book services, the following information may be collected:

  • Name
  • Email address
  • Telephone number
  • Appointment history
  • Correspondence (email, text message or WhatsApp)

3. Payment Information

Payments are processed securely via My Practice for both online and in-person transactions. Full card details are not stored. Transaction records may be retained for accounting purposes.

4. Mailing List Information

When individuals attend walks, talks, or events and choose to join the mailing list, the following information is collected:

  • Name
  • Email address
  • Mailchimp is used to manage email communications. Each email contains a clear unsubscribe link, and recipients may opt out at any time.

How We Use Your Information

Personal data is used for the following purposes:

  • Provide herbal medicine consultations and treatment
  • Maintain accurate clinical records
  • Communicate regarding appointments and care
  • Process payments
  • Send newsletters or event information (where you have opted in)
  • Comply with legal, insurance and professional obligations
  • Only information that is relevant and necessary for these purposes is collected.

Lawful Basis for Processing

Personal data is processed under the following lawful bases:

  • Contractual necessity – to provide clinical services
  • Legal obligation – to comply with healthcare and tax regulations
  • Legitimate interests – for administration of the practice
  • Explicit consent – for processing health data and for marketing communications
  • Consent for marketing may be withdrawn at any time.
  • How We Store and Protect Your Data
  • Data is stored securely using the following measures:
  • Paper clinical files are kept in locked storage
  • Digital records are stored securely within My Practice cloud services
  • Practice phone communications (including text and WhatsApp) are password protected
  • Access to data is restricted and protected by secure passwords
  • Payment processing is handled securely by My Practice
  • Appropriate technical and organisational measures are implemented to safeguard information against unauthorised access, loss, or misuse.


Data Retention

  • Clinical records are retained for a minimum of six years after your last consultation (or in the case of children, six years after their 18th birthday), in line with professional practice standards and insurance requirements.
  • Mailing list data is retained until the individual unsubscribes.

Sharing Your Information

Personal data is not sold or traded.

Limited information may be shared with:

  • Secure service providers
  • Other healthcare providers, but only with your explicit consent
  • Legal authorities where required by law
  • All third-party providers are required to handle data securely and in accordance with data protection law.

Your Rights

Under General Data Protection Regulation (Regulation EU 2016/679) you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request erasure in certain circumstances
  • Restrict or object to processing
  • Withdraw consent for marketing
  • Lodge a complaint with the National Data Protection Commission.
  • Individuals may contact the practice directly to exercise their rights.


Website Hosting (Duda)

This website is hosted by Duda. Duda may collect limited technical information such as IP address, browser type, and usage data for website security and analytics purposes. Refer to Duda’s privacy policy for further information.