Privacy

A clear summary of how FM Doctor handles personal data: what’s collected, why it’s needed, how it’s protected, and the rights you have under UK GDPR.

Important: Please do not send personal, patient, or confidential information unless we’ve explicitly agreed it’s required for the work. If you need to share examples, redact names and identifiers first.

In plain English

What I do with your details

I use your details to respond to your enquiry and deliver agreed work.
I keep collection to a minimum — if I don’t need it, I don’t ask for it.
I don’t sell personal data or use it for unsolicited marketing.
I only share data when it’s necessary to deliver the service (or legally required).
Working files are kept for a limited period, then securely deleted.

Full document (PDF): FMD Privacy and Data Note

Who and how

Who is responsible for the data?

FM Doctor is the trading name of a UK sole trader. For most enquiries and client relationship activity, FM Doctor acts as the data controller.

Where a client provides personal data inside documents purely so FM Doctor can deliver agreed services, FM Doctor may act as a data processor on the client’s instructions (with appropriate safeguards).

Contact: hello@fmdoctor.co.uk

The practical detail

What data may be collected

Name, role/job title, organisation, and contact details.
Project communications and materials you provide (e.g. notes, documents, examples).
Working documents and deliverables produced as part of agreed services.
Invoicing and payment records (where applicable).

Please avoid sending special category data (e.g. health/medical, biometric, safeguarding) unless explicitly agreed in writing.

Why it’s processed (lawful basis)

Contract — to scope, deliver, and support the services you request.
Legal obligation — to meet tax, accounting, and regulatory requirements.
Legitimate interests — to operate the business and keep proportionate records (e.g. for quality, queries, or disputes).

Retention

Project files and communications: typically retained for up to 12 months after completion (unless needed for support, disputes, or legal reasons).
Financial and tax records: retained for longer where legally required (typically up to 6 years).
You can request earlier deletion of non-essential working files once delivery is complete.

Security

How data is protected

Access controls (strong passwords, device lock, and account security measures).
Use of reputable storage and communication tools suitable for a small consultancy.
Password protection / encryption for documents where appropriate.
Keeping data access limited to what’s necessary for delivery.

No system is risk-free, but reasonable technical and organisational measures are used to reduce risk.

Sharing and AI tools

Sharing, transfers, and AI-assisted drafting

Data is not sold.
Data is shared only where needed to deliver services or meet legal obligations.
Some third-party tools may process data outside the UK; where relevant, appropriate safeguards are used.
AI-enabled tools may be used to support drafting/structuring; outputs are reviewed before delivery.

FM Doctor does not provide automated decision-making or profiling as a service.

Your rights

Your rights and how to raise concerns

Under UK GDPR you may have rights including access, correction, deletion, restriction, objection, and (where applicable) data portability.

To make a request, email: hello@fmdoctor.co.uk
Requests are normally responded to within one month.
If you have concerns, contact FM Doctor first — you may also complain to the UK Information Commissioner’s Office (ICO).