Privacy notice

Last updated February 2026

This privacy notice explains how we collect and use your personal data during and after your relationship with us, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data controller

D Machin Ltd is the "data controller" for the personal information we hold about you. This means we are responsible for deciding how we hold and use personal information about you.

2. The Information We Collect

We collect, store, and use the following categories of personal information:

  • Personal Contact Details: Name, address, telephone numbers, and email addresses.
  • Biographical: Date of birth, gender
  • Health Data (Special Category): Medical history, symptoms, diagnosis, test results (X-rays, MRIs), and records of consultations and treatment.
  • Financial Information: Details for billing and insurance claims.

3. Lawful Basis for Processing

Under the UK GDPR, we process your data under the following legal bases:

  • Provision of Healthcare: For the purposes of medical diagnosis and the provision of health or social care treatment (Article 9(2)(h)).
  • Contract: To fulfill our contract with you or your insurance provider to deliver medical services (Article 6(1)(b)).
  • Legal Obligation: To comply with our professional and statutory duties.

4. Data Retention

We do not hold your information for longer than is necessary. We retain medical records in line with the national standards set by the NHS and professional medical bodies.

Detailed Policy: For specific timeframes regarding different record types, please view our Medico-Legal Records Retention Policy (PDF), linked below.

5. Sharing Your Information

We may share your information with third parties where required by law or where it is necessary to provide your care, including:

  • Your General Practitioner (GP).
  • Private hospitals where your treatment is carried out.
  • Radiology and pathology laboratories.
  • Your private medical insurance provider.
  • The Information Commissioner’s Office (if required for an investigation).

6. Your Rights

Under the UK GDPR, you have the following rights:

  • Access: You can request a copy of the personal information we hold about you (a "Subject Access Request"). Under the Data (Use and Access) Act 2025, we will respond to your request within one month, provided the search is reasonable and proportionate.
  • Correction: You can ask us to correct inaccurate or incomplete data.
  • Erasure: In certain circumstances, you can ask for your data to be deleted (though this is limited regarding medical records).
  • Portability: You can request the transfer of your data to another party.

7. How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us directly at private.secretary@davidmachin.com.

You also have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data. ICO website: https://www.ico.org.uk

Governing Laws

The terms and conditions of use of the Website and services provided by D Machin Ltd shall be governed by English Law.

Medico-legal records retention policy

Click here to download the policy.
All website content © Mr David MG Machin, 2026. All rights reserved.
Website designed & maintained by Dr. Mark D. Baxter.