top of page

Data Protection

This Privacy Policy below describes the way in which deals with patient-related information and data.  We will process any personal information provided to us or otherwise held by us relating to you in the manner set out in this Privacy Policy. Information may be provided in person, by telephone or by any other means.


Who we are Ltd. is incorporated in England and Wales (company number 10187972) The Registered address is the accountant’s office: Unit 7 Mulberry Place, Pinnel Road, Eltham, London SE9 Ltd is the company through which Edward Lee’s private practice is run.Edward Lee is a registered data controller (registered with the Information Commissioners Office).  Data is stored and used within the terms of the registration for a Healthcare provider.


Contacting us


If you have any concerns, or would like more detail about how we process your Personal Data, you can contact us using


Protecting Your Personal Data


Your Personal Data isn’t just protected by the quality, commitment and high standards of, it’s also protected by law. The law states that can only process your Personal Data when there is a genuine reason to do so and it must be one of the following;


• To fulfil any contract that we have with you

• Where we have a legal obligation

• Where you have consented to the processing

• When it is in our legitimate interest

• When it is in the public interest

• When it is in your vital interests


Data Transfer Outside the EEA will not transfer your Personal Data outside of the EEA.


Your rights over your Personal Data will assist you if you choose to exercise any of your rights over your Personal Data, including:


• Access to your Personal Data that we hold or process

• Correction of any Personal Data that is incorrect or out of date

• Erasure of Personal Data that we process

• Restrict processing of your Personal Data in certain circumstances

• Lodging a complaint with any relevant Data Protection Authority

• Asking us to provide you or another company you nominate with certain aspects of your Personal Data, often referred to as ‘the right to portability’

• The ability to object to any processing data where we are doing it for our legitimate interests


For more information on these rights you can contact


Changes to our Privacy Statement may update this policy.  The most up to date version will be published on this website.





What data held

Clinic letters, correspondence  with patients and correspondence with other clinicians regarding specific patients

Contact details for patients and next of kin where provided.

Billing information

Clinical notes are primarily kept by the hospital where patients are seen or treated.  Copies of relevant clinical notes are however made when patient’s care is transferred between hospitals. Referral letters +/- scans went sent to us by GPs or opticians rather than to the hospital direct.

Where is data stored

As of June 2018 all data apart from email correspondence is stored on a secure electronic database that is GPDR compliant (Carebit).  Data is kept within the EU and encrypted.  Only Edward Lee and Selina Galliers have access to this data using dual encryption. Non-secure emails are stored on the providers server; non-secure emails will only be used for patient information with their permission. Data from prior to June 2018 is stored on a separate encrypted and secured server within the EU.

How long is data stored for

Clinical records are ordinarily kept for at least 7 years after the last clinical episode.

What is the data used for

Data is used for clinical and billing purposes only.  We do not send marketing material direct to individuals.

Who is data shared with

Billing information is shared with a specialised UK-based billing company who are also GDPR compliant.  The minimum required information is passed to them (ie. Contact details, insurance details where applicable, and what procedures performed if any, but no additional clinical information). Clinical data held by the company is accessible by Edward Lee (Consultant Ophthalmologist) and Selina Galliers (Medical Secretary) only. Insurers intermittently ask for clinical information for selected patients who care they are paying for.  This is shared with the company if it has been established that the patient’s permission has been sought (usually by the insurer)


Emails of personal data between Edward Lee and Selina Galliers, or to hospitals, or the billing company are performed using secure email services. For convenience, we are happy to email  patients by non-secure means where express permission for this has beengranted.


bottom of page