Privacy Policy
General Data Protection Regulation (GDPR) policy for Dr Donnchadh Murphy
Updated February 2025.
This policy describes the information that Dr Murphy collects when you use his services. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill dated May 2018.
Dr Murphy uses the information he collects in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR, 2016. As per these laws, Dr Murphy is the data controller; if another party has access to your data he will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why he needs to provide them with the information.
1. Why does he need to collect your personal data?
He needs to collect information about you so that he can:
- Know who you are, so that he can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Provide services to you. The legal basis for this is the contract with you or your representatives, i.e., case manager or solicitor.
- Process your payment for services. The legal basis for this is the contract with you or your representative.
2. What personal information does Dr Murphy collect?
For him to provide you with a services, he needs to collect the following information:
- Your name and date of birth
- Your contact details including a postal address, telephone number(s), electronic contact such as email address and the name and address of your GP.
- Dr Murphy may require access to your information via a third party, i.e., a solicitor. He may require access to your health records, which may include historical medical reports, information about your current and any previous neurological injuries, neuroimaging reports and the outcome of previous assessments.
- Information relevant to the neuropsychological assessment, e.g., psychosocial history.
3. How does he use the information that he collects?
Dr Murphy uses the data he collects from you in the following ways:
- To communicate with you so that he can inform you about your appointments.
- To create your invoice, he uses your name and email address.
- Where relevant, to process your payment, he uses your address.
- To keep any clinical notes and assessment records arising from a neuropsychological assessment.
4. Where does he keep the information?
He keeps your information in the stores described below.
4.1. Paper Records
He stores paper records, including your medical records, in a cabinet in a securely locked office.
4.2. On computers
He uses personal computers that are password protected. Dr Murphy uses the following software to store your information:
- Microsoft 365 for business (including Outlook, OneDrive and Teams)
- Q-Interactive (Neuropsychological assessment platform)
- PARiConnect (Neuropsychological assessment platform)
- HeidiHealth (Online note-taking)
- FreeAgent (Accounting Software)
All of these programmes are secure and comply with GDPR requirements.
5. How long does he keep the information?
He keeps contact information for a period of 6 months if you do not become a client of his. He keeps your medical record electronically for 7 years and then permanently and securely erases your information from his records. He keeps electronic invoices for seven years as this is the required length to comply with HMRC requirements.
6. Who does he send the information to?
With your consent, Dr Murphy sends neuropsychological reports and letters to pre-agreed recipients. For example, neuropsychological assessments for boxers will be sent directly to the British Board of Boxing Control. All information that is sent electronically is sent as attachments that are encrypted and password protected.
7. How can I see all the information he has about me?
You can make a subject access request (SAR) by contacting Dr Murphy. He may require additional verification that you are who you say you are to process this request. He may withhold such personal information to the extent permitted by law. In practice, this means that he may not provide information if he considers that providing the information will violate your vital interests. Furthermore, neuropsychological test publishers have strict copyright policies which prohibit certain assessments records from being shared to non-neuropsychologists. If access to this information is requested, it will only be shared if it does not violate the test publisher’s policy on the sharing of neuropsychological assessment records.
8. What if my information is incorrect or I wish to be removed from his system?
Please contact Dr Murphy. He may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide him with the correct data and after he has corrected the data in his systems, he will send you a copy of the updated information in the same format at the subject access request in section 7.
9. How can I have my information removed?
If you want to have your data removed, he will have to determine if he needs to keep the data, for example in case HMRC wish to inspect his records. If he decides that he should delete the data, he will do so without undue delay.
10. Will he send emails and text messages to you?
As part of providing her service to you he will send information to you via email. He needs to send details of your appointments to you as a reminder and any relevant access links such as MS Teams links.
11. Signing Terms and Conditions / GDPR
When you sign the Terms and Conditions document you are confirming that you have seen a copy of this GDPR policy and that you consent.
If your questions are not fully answered by this policy, please contact Dr Murphy. If you are not satisfied with the answers from him you can contact the Information Commissioner's Office (ICO).
