Privacy Policy

Our contact details 

Name: Dr Joanna d’Arcy

Address: ℅ Dept of Cardiology, Medical Block, Horton Hospital, Oxford Road, Banbury, Oxon, OX16 9AL

Phone Number: 07833 491720


What type of information we have 

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name and contact details)
  • GP name and address, and your NHS number
  • For aviation medicine patients, we will also collect your CAA reference number

How we get the information and why we have it

Most of the personal information we process is provided to us directly by you, or your referring doctor, for one of the following reasons:

  • To prepare your personalised medical record
  • To correspond with your GP and/or referring doctor, and with other organisations as appropriate (e.g. CAA)

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting:

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a vital interest.

(e) We need it to perform a public task.

(f) We have a legitimate interest.

What we do with the information we have

We use the information that you have given us in order to prepare your medical notes and correspond with your healthcare professionals. 

We may share this information with your general practitioner, the doctor who referred you, and other healthcare professionals involved in your treatment. For aviation medicine patients, your details may be shared with the CAA.

The information is not used for any other intention than for your direct medical care, and is not shared with any other third party. The information is shared between Dr d’Arcy and the relevant medical establishments in which she sees patients for the purposes of patient care only.

How we store your information 

Your information is securely stored on a secure multi-layer protected cloud-based system encrypted with 256-bit Advanced Encryption Standard (AES). These systems are HIPAA, EU model Contract Clauses, and GDPR compliant.

We keep your contact details, personal identifiers, GP details, and medical correspondence for eight years after the conclusion of treatment or death. We will then dispose of your information by appropriate electronic means, taking relevant IT advice as required.

Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information. 

Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances. 

Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at if you wish to make a request.

How to complain

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:  

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113