this page shows my data protection policy

and lower down my privacy policy

to return to main site click this home link

Len Marlow MCH RSHom

Registered Homeopath



Scope of the policy

This policy applies to the work of homeopath Len Marlow MCH RSHom (hereafter referred to as LM). The policy sets out the requirements that LM has in order to gather personal information for professional purposes. The policy details how personal information will be gathered, stored and managed in line with data protection principles and the General Data Protection Regulation. The policy is reviewed on an ongoing basis to ensure that it is compliant. This policy should be read in tandem with the LM’s Privacy Policy.

Why this policy exists

This data protection policy ensures that LM:


  • complies with data protection law and supports good practice
  • protects the rights of clients
  • is open about how he stores and processes clients’ data
  • protects himself from the risks of a data breach

Data protection principles

The General Data Protection Regulation identifies 8 data protection principles.



  1. Lawful, fair and transparent data processing

LM requests personal information from clients and potential clients for the purpose of consulting with them and providing them with advice and guidance on homeopathic treatments. Clients should be asked to provide consent for their data to be held and a record of this consent along with client information will be securely held. Clients can, at any time, remove their consent by writing to LM by post or email, should they wish to do so.

2. Processed for Specified, Explicit and Legitimate Purposes

If requested, clients will be informed how their information will be used and LM will seek to ensure that clients’ information is not used inappropriately. Appropriate use of information provided by clients includes:


  • Communicating with clients in order to make, change or cancel consultations
  • Assessing the conditions and issues reported by clients and devising and prescribing relevant remedies and therapies.


LM will ensure that clients’ information is managed in such a way as to not infringe an individual’s rights which include:


  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to restrict processing
  • The right to data portability
  • The right to object.

3. Adequate, Relevant and Limited Data Processing

LM’s clients will only be asked to provide information that is relevant to support consultations and prescription. This includes:


  • Name
  • Date of birth
  • Gender
  • Postal address
  • Email address
  • Telephone number
  • Medical history and the client’s personal health story.
  • Relevant close family information
  • Information related directly to the homeopathic choosing of remedies


There may be occasional instances where a client’s information needs to be shared with a third party due to an accident or incident involving statutory authorities. Where it is in the best interests of the client or of LM, in these instances where LM has a substantiated concern then consent does not have to be sought from the individual.

4. Accuracy of Data and Keeping Data up to Date

LM has a responsibility to ensure that clients’ information is kept up to date. Clients will be expected to let LM know if any of their personal information changes.

5. Accountability and Governance

LM is responsible for ensuring that his practice remains compliant with data protection requirements and can provide evidence that it has. For this purpose, those from whom data is required will be asked to provide written consent. The evidence of this consent will then be securely held as evidence of compliance.

6. Secure Processing

LM has a responsibility to ensure that data is both securely held and processed. This includes:


  • using strong passwords for information held within computer systems
  • using password protection on laptops and PCs that contain or access personal information
  • using password protection or secure cloud systems
  • providing adequate virus-protection and firewall software to secure computer-based systems.

7. Subject Access Request

LM’s clients are entitled to request access to the information that is held by them. The request needs to be received in the form of a written request to LM.


On receipt of the request, the request will be formally acknowledged and dealt with within 14 days unless there are exceptional circumstances as to why the request cannot be granted. LM will provide a written response detailing all information held on the individual and a record made of the request and the date of the response.

8. Data Breach Notification

Were a data breach to occur, action shall be taken to minimise the harm. LM will inform any clients where he believes their personal information has been compromised. Where necessary, the Information Commissioner’s Office will be notified.


If a client contacts LM to say that they feel that there has been a breach by LM, he will ask the client to provide an outline of their concerns. If the initial contact is by telephone, LM will ask the client to follow this up with an email or a letter detailing their concern. The concern will then be investigated fully and a response made to the patient. Breach matters will be subject to a full investigation and recorded and all those involved notified of the outcome.


Policy review date: Every 3 years


Len Marlow MCH RSHom

Registered Homeopath





I take the privacy rights of my clients very seriously. This privacy policy sets out how I deal with your ‘personal information’, that is, information that could identify, or is related to the identity of, an individual.

What personal information do I collect?

In order to treat you, I will ask you to provide certain information. This includes:


  • Name
  • Gender
  • Date of birth
  • Home address
  • Email address
  • Telephone number
  • Medical history
  • Your story


To this, over time, I will add details of the conditions for which you have consulted me and the remedies and other therapies that I have prescribed or recommended.

How do I collect this personal information?

All the information collected is obtained directly from you. This is usually at the point of your initial consultation. The information is collected at the initial and subsequent consultations. I will also request that you provide consent for me to store and use your data. Your consent is required in order to ensure my compliance with data protection legislation. Subsequently, I will add to this initial information with details of the consultations you hold with me.

How do I use this personal information?

I use your personal information to analyse the conditions for which you have consulted me and to prescribe remedies and other therapies.


I will communicate with you by email, other digital methods, by telephone and by post.

With whom do I share your personal information?

I do not share your personal information unless you ask me to.

How long do I keep your personal information?

I need to keep your information for as long as you continue to consult me. Since patients often return for more consultations after a period of absence, I will keep your information for seven years after your last consultation.  In the case of children, the requirement is until 7 years after their 18th Birthday i.e. 25 years old. At that point, any digital information will be erased from my computer systems.

How your information can be updated or corrected

To ensure that I have accurate and up-to-date information, you need to inform me of any changes you believe I should make to the personal information I hold. You can do this by contacting me by any of the methods previously described.


Under data protection legislation, you have the right to inspect the personal information I hold about you. You can make a request to do so by contacting me and I will endeavour to respond within 14 working days.

How do I store your personal information?

My patient files are only in electronic format. I take steps to protect your personal information against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification.


Your email address, if you have one, is held securely on the servers of my email providers.

Changes to this policy

This policy may change from time to time. If I make any material changes, I will make you aware of them.


If you have any queries about this policy, need it in an alternative format, or have any complaints about my privacy practices, please contact me:


Len Marlow MCH RSHom

The Greenwich Natural Health Centre

Neptune house

70 Royal Hill


London SE108RT





Policy review date: Every 3 years.