How Dr van Zwanenberg manages and protects information about you
Dr Hayley van Zwanenberg collects information about you to help her give you the best possible care.
Her aim is to maintain full and accurate records of the care she provides for you and to keep this information confidential and secure.
This privacy notice has been updated to reflect some of the changes in data protection legislation brought about by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. It also tells you how you can access information relating to your healthcare.

What information does Dr van Zwanenberg collect?
Dr van Zwanenberg collects information about you such as your name, address, GP and contact details (including your email address and mobile number where you have provided these) alongside any health related information required for the delivery of health care services, for example:

  • Details and records of treatment and care, including notes and reports about your physical or mental health;
  • Results of blood tests and diagnosis;
  • Information on medication or any allergies;
  • Any other relevant contact details, for example a family member.

We may also receive written or electronic information about you from other health and social care providers in order to support the care you receive from us. This will enable us to provide the appropriate care and treatment that you need.

This information may be recorded in writing (i.e. in your medical notes), or electronically on a computer or other electronic device, or a mixture of both. To assist with the delivery of care, Dr van Zwanenberg use electronic patient records in order to facilitate the sharing of your information. She utilises Priory Groups care notes system as she is obliged to when working on their premises and under their CQC registration as she does at the Priory Wellbeing Centre in Oxford.

When you arrive for an appointment, staff may check your details with you to ensure that our records are accurate. To assist with this, it is important that you notify us of any changes to your personal details (e.g. address, contact number, next of kin).

Who processes your information?
Dr van Zwanenberg and Priory Group are data controllers in respect of your personal data for the provision of health care services. This means that both determine the purposes for which, and the manner in which your personal data may be processed. We may also engage in the processing of your data in order to deliver healthcare and carry out other functions to deliver our services. Dr van Zwanenberg also uses a private secretary, who has access to your data to ensure appointments are made and letters are typed and sent out. Dr van Zwanenberg does follow ICO guidance.

How do we use the information we collect to help you?
We may use the information we collect to help us provide services to you in the following ways:

  • Doctors, therapists or healthcare professionals involved in your care need accurate and up-to-date information about you to assess your health and deliver the care you need;
  • To ensure information is available if you need to be referred to another health professional;
  • To assess the type and quality of care you have received and require in the future;
  • To support clinic and treatment appointments by sending you electronic and or paper based appointment reminders;
  • To ensure your concerns can be properly investigated if you are unhappy with the care you have received.

Do we share information about you with anyone?
There are times when it is appropriate for us to share information about you and your healthcare with others. Normally Dr van Zwanenberg will ensure your consent first before sharing any information and she would not send information without your permission, it is only in exceptional emergency situations this would not occur. We may lawfully share your information if it is required as part of Child Protection:

  • GPs;
  • NHS Trusts and other healthcare providers;
  • Social services
  • Police

Other occasions where we may need to share your information include:

  • Reporting some infectious diseases;
  • To help prevent, detect or prosecute serious crime;
  • If a court orders us to do so;
  • When you have expressly agreed – e.g. for a medical insurer;
  • If there is a concern that you may be putting either yourself, another person (including a health or social care professional) or a child at risk of harm.

Where we share information with non-healthcare organisations we may request that they enter into an information sharing agreement to ensure that the information we share with them is handled appropriately and complies with relevant legislation. The information from your patient record will only be used for purposes that benefit your care – we would never share your information for marketing or insurance purposes unless you have given your explicit consent for us to do so.

In all cases where we must pass on health care related information, we will only share the minimum amount of information required.

Anyone who receives information from us also has a legal duty to keep it confidential.

You have the right to object to us sharing your information (although this right is not an absolute right – see below).

If you need further information on how we might share your data please email Dr van Zwanenberg.

How else could your information be used?
Your information may also be used to help us:

  • Review the care we provide to ensure it is of the highest standard;
  • Arrange payment for the person who treats you;
  • Prepare statistics or other performance data on the quality of care being delivered by the Dr van Zwanenberg
  • Investigate incidents, complaints or legal claims;

What if I object to your processing of my information?
GDPR confirms that you have the right to object to Dr van Zwanenberg, her secretary or Priory Group processing your information, however the Dr van Zwanenberg on behalf of her and her secretary or Priory Group may have legitimate grounds to refuse your request if there are compelling grounds for them to do so such that it could override your request. Any objection made by you to processing of your data by Dr van Zwanenberg or Priory Group will be considered by Dr van Zwanenberg and/or Priory Group Data Protection Officer, who will make a decision whether or not Dr van Zwanenberg or Priory Group should cease processing your data, and will write to you to explain the reasons for the decision. You have the right to make a complaint to the ICO if you disagree with the decision, or you may be able to bring legal proceedings to appeal the decision should you wish to do so.

GDPR also contains a general right to request that an organisation erase personal data, however, this does not apply to data which is being processed for the purposes of delivering healthcare.

Can you see the information we collect about you?
The data protection legislation gives you the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.

You have the right to apply for access to the information we hold about you, free of charge, whether it is stored electronically or on paper. We have a duty to provide this information in a format that is accessible to you (e.g. large print or Braille) and in a way that you can understand, explaining any abbreviations where necessary.

Your request must be made in writing and we may ask you to provide proof of identity before we can disclose personal information. Please request this via

In certain circumstances your right to see some details in your health records may be restricted, for example if the information refers to someone else who hasn’t given their permission, or could cause physical or mental harm to you or someone else (including any health or social care professional) were it to be disclosed; or if the information is being used to detect or prevent crime.

After having viewed your records, if you believe any information is inaccurate or incorrect, please inform us of this in writing and we will take steps to rectify any inaccuracies as quickly as possible and within one month maximum.