top of page

Privacy policy

   1. Application

This privacy policy applies with respect to medical records and documentation provided to us while providing our services. It complies with the General Data Protection Regulation (“GDPR”) and Data Protection Act 2018. It contains important information we are required by the GDPR to disclose, including (i) the controller(s) of your personal information; (ii) legal bases, (iii) your legal rights, (iv) safeguards we rely on; and (v) the contact details of the controller and Data Protection Officer. The confidentiality of your information is very important to us and we comply with date protection legislations and medical confidentiality guidelines of our professional bodies (namely the General Medical Council).

We will share relevant information from your medical record with other health care professionals when they provide you with care. For example, when you are referred to a consultant, or when we send details about your prescription to your chosen pharmacy.

You have the right to object to information being shared for your own care. Information would only be shared with your consent and you would be copied into all correspondence if you wished. Disclosure will take place on a ‘need-to-know’ basis. Only those individuals or organisations who need to know to provide care for you will be given the information. Please email the Data Controller ( if you wish to object. You also have the right to have any mistakes or errors corrected.

In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. We would take legal advice before disclosing data in these very limited circumstances and where possible you will be informed of these requests for disclosure. However, if we believe that your life is in danger then we may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests.


This will be in accordance with the General Medical Council’s guidelines and will be recorded appropriately in your medical records.

We may share your case history in an anonymised form with our peers for the purpose of professional development.  This may be at clinical supervision meetings, conferences, online forums, and through publishing in medical journals, trade magazines or online professional sites.  We will seek your explicit consent before processing your data in this way.


In addition to the above, and based on the GDPR, we need your consent to communicate with you by phone, email or post. We will ask you to subscribe to any marketing or other communications. We will provide you with the means of communication with us. You get to withdraw consent to that communication at any time. 


   2. Data Protection Officer and Data Controller 

  • To contact the Data Controller:


Dr. Leen Tannous


  • Given that our services are provided by a local community doctor and we process personal data of our patients, it is not mandatory for us to appoint a Data Protection Officer. This will be reviewed regularly. 


   3. Processing of Information

Our data base holds your name, address, date of birth, telephone number, email address, confirmation that ID has been checked and your regular (NHS) GP.  We also may hold information about your medical record which is required for your treatment. This information includes, but is not limited to, Past and current medical conditions; personal details such as age, address, telephone number, email, and next of kin; dietary, lifestyle and medication details; Investigation test results and Bank details. We may also keep record of any conversations or incidents that might occur for which record needs to be kept.  

This database does not hold information about the care you receive.  The information is only accessible to authorised members of our team. The reason this information may be used is for the purposes of providing you with the correct medical treatment. This information will also be anonymised for audit purposes to monitor and measure the quality of the care we deliver.

Your information is held in our computer system and Only authorized personnel are able to access such information. All members of our staff are subject to a confidentiality policy that they must comply with. 

The purpose of processing information is to give medical advice to individual patients, to check and review the quality of care (audit and clinical governance), and to advise patients of any new services being provided by us. Any processing by us will be in accordance with the GDPR and our common law duty of confidence. 

We use electronic forms on our website making use of an available ‘forms module’ which has a number of built-in features to help ensure privacy. We also aim to use secure forms where appropriate. When you submit personal information, you consent to our use of the information by us in accordance with this Privacy Policy. 

You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be in writing to the Data Controller. We shall respond within 20 working days from the point of receiving the request and all necessary information from you.


Dr Leen Tannous MBBS MRCGP AFMCP is registered with the Information Commissioner’s Office (ICO) as a data controller and collects data for a variety of purposes. A copy of the registration is available through the ICO website.



   4. Safeguarding

We rarely may need to share information with third parties, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm. Any safeguarding will be in accordance with the GDPR and applicable laws. 

   5. Retention Period

GP medical records will be kept in line with the law and national guidance. The Data Controller will advise you as to how long hard copy medical records are legally be required to be kept by us, digital medical records will be stored indefinitely until government regulations change.


   6. Cookies and Internet Protocol (IP) 

When you visit our website, our server will record your computer’s IP address (the unique numerical address given to every computer connected to the Internet) and the time and duration of your visit.


This website uses cookies, a piece of data that may be stored on your computer when you visit a website; these cookies store the anonymised IP address (the last digit group of the IP is removed before storage).

Cookies and your IP address will be used to track the pages you visit on our website. We will use this information to analyse the way our site is used, and to administer and improve the accessibility of our site. We will not use it for any other purpose. You may disable the use of cookies in your internet browser without affecting your use of our website.

From time to time our website may contain links to other sites. We are not responsible for the content or privacy practices of third parties that run other websites.


   7. Right to Complain 

If you have a complaint regarding the use of your personal data then please contact us by emailing to the Data Controller[BP1]  at email  and we will do our best to help you.


If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 1231113.

bottom of page