Who we are

  • Dr James Gamble, with some help from my secretarial team

What personal data we collect and why we collect it

  • If you telephone or email us for more information we may take your contact details to enable us to get back to you.
  • If you do come and see Dr Gamble we will need to take your address details so that we can write to you and also send a letter to your GP summarising the consultation.

Who we share your data with

  • If you come to see Dr Gamble at the Nuffield Health Manor hospital, then the hospital will also keep your details. They will retain medical notes on you securely for several years.
  • As a default Dr Gamble will share a letter summarising or consultations with your GP, although if you do not want him to do so then he does not have to do this – please let him know at your consultation.
  • We may pass on your information to Medserv limited for the purposes of billing you or your insurer (this does not include your medical information).

How long we retain your data

  • We will retain data about you, i.e. any contact details you have given us and any letters we have written to you for a period of three years after the last time we see you.

Data storage and transmission

  • We use the Calendly service for appointment booking and reminders. Their privacy policy is visible here
  • We use email from Google to contact you
  • We store your data securely using Microsoft’s services. This is encrypted and password protected.

What rights you have over your data

  • If you would like us to delete any information we have recorded about you please let us know.

Data procesessing information

We need to collect and use your data, and are therefore known as ‘data controllers’. Under the General Data Protection Regulations (GDPR), it is our duty to inform you of the following information, and to make a record that you have been informed.

The legal basis for our processing of your personal data: This regards personal data that we will record such as: phone numbers, e-mail addresses, home address, General Practitioner details, and health insurance company details. This data is needed for us to fulfil our ‘contract’ with you. In this case, a ‘contract’ refers to an agreement between us and does not refer to a written contract. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;” (GDPR Article 6 Paragraph 1(b))

The legal basis for our processing of your health data. Processing ‘special categories’ of personal data (data concerning health) is necessary for the purposes of your medical diagnosis and the provision of health care or treatment. This data will only be used as part of your ‘contract’ with us as healthcare professionals. In order to undertake our healthcare provision activities, there will be third parties with whom we may share appropriate elements of your data. These include the following:

Medical Secretary

Hospital administration

General Practitioner/other medical professionals/other healthcare providers

Health Insurance Company

Bookkeeper/accountant

PPM – practice management software provider

Debt collection agency

We will only keep your data for an appropriate period as above.

You may request access to your data at any time, and further, request that data is corrected or erased. Note: we aim to routinely provide you with copies of all your correspondence.

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO).