Privacy Notice for Dr Nick Walsh

Last updated: 15 June 2026

1. Introduction and Who We Are

Dr Nicholas Luke Walsh provides independent private psychiatric services, trading clinically as Dr Nick Walsh through NLW Wellbeing Ltd. We are committed to protecting the privacy and security of your personal data. This Privacy Notice explains how we collect, use, store and share your personal data when you use our services or visit www.drnickwalsh.co.uk, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller and Contact Details

Data Controller / Legal Entity NLW Wellbeing Ltd
Company Number 12857727
Registered Office 4th Floor, 205 Regent Street, London, W1B 4HB
Clinician / Trading Name Dr Nicholas Luke Walsh, trading as Dr Nick Walsh
Website www.drnickwalsh.co.uk
Privacy and SAR Contact GDPR@drnickwalsh.co.uk
Telephone Number 0207 205 2838
ICO Registration Number ZA795035

2. Where We Get Your Data From

We obtain personal data from several sources:

  • Directly from you: enquiries, appointment administration, consultations, forms, emails, phone calls, payments and website use.
  • From healthcare professionals: your NHS GP, referring clinicians, therapists, Priory Group clinicians or other specialists.
  • From third parties: private medical insurers, pharmacies, family members or carers where appropriate, and other relevant healthcare or administrative providers.
  • Automatically via our website: IP address, browser/device data, server logs and cookie/analytics data where applicable.

3. The Data We Collect

We may process the following categories of personal data:

  • Identity and contact data: name, date of birth, address, email address, telephone number, NHS number and next of kin.
  • Health data: medical history, psychiatric notes, diagnoses, treatment plans, GP details, prescribing information and medication records.
  • Financial and insurance data: billing details, insurer details, policy numbers, authorisation details, invoices and payment records.
  • Website and technical data: enquiry form data, IP address, device/browser information, server logs and cookie preferences.

4. Our Lawful Basis for Processing Your Data

Under UK GDPR, we must have a lawful basis under Article 6 to process personal data. Because health data is highly sensitive, we must also identify a special category condition under Article 9.

  • Clinical care and practice administration: Article 6 bases may include performance of a contract, legitimate interests and legal obligation. For health data, we rely on Article 9 conditions including provision of health or social care.
  • Safeguarding, emergencies and serious risk: we may process or share information where necessary under legal obligation, vital interests, legitimate interests and relevant Article 9 conditions such as healthcare, vital interests or substantial public interest.
  • Payments, billing, accounting and tax records: we rely on contract, legal obligation and/or legitimate interests.
  • Optional marketing and non-essential website analytics/cookies: we rely on consent, including PECR consent where required.

If you do not provide necessary clinical, contact or payment information, we may be unable to provide safe psychiatric care or continue treatment.

5. Cookies and Website Analytics

Our website may use cookies and similar technologies. Essential cookies may be used to operate the website. Non-essential analytics or marketing cookies will only be used where you have consented. For details, please see our Cookie Policy.

6. Who We Share Your Information With

We share information only where necessary for care, administration, legal compliance, safeguarding or related practice purposes.

  • The Priory Group: Dr Nick Walsh operates with practising privileges as a Visiting Consultant at the Priory Group. If you are treated at or through a Priory facility, you may also be registered as a Priory Group patient. Essential clinical information may be shared with Priory for safe care and clinical governance. Dr Nick Walsh / NLW Wellbeing Ltd and Priory Group act as independent data controllers for their respective records and systems. Please see Priory Group’s own Privacy Notice for how it processes data.
  • Other healthcare professionals: This may include your NHS GP, referring clinicians, specialists, crisis teams, pharmacies or other professionals involved in your care.
  • Digital service providers and healthcare platforms: We use third-party providers for clinical records, secure communications, billing, payments, prescriptions, insurance administration, accounting, marketing/newsletters where used, and website services. Some providers act as our processors under contractual data processing terms. Others act as independent controllers, or have mixed controller/processor roles, for their own legal, regulatory, billing, dispensing, account-management, security or compliance purposes.
  • Clinical records, secure communications and administration: We use providers such as Carebit and Google Workspace to support clinical records, secure email, file storage and practice administration. Where these providers process personal data on our behalf, they do so under applicable contractual data processing terms.
  • Accounting, payment and insurance administration: We use providers such as Xero, Stripe and Healthcode to support accounting, payment processing, insurance billing, remittance and related practice administration. Depending on the activity, these providers may act as our processors or as independent controllers for their own legal, regulatory, fraud-prevention, security, tax, payment-network or platform-administration purposes.
  • E-prescribing and digital pharmacy providers: We may use digital prescribing and pharmacy providers, such as CloudRx, SignatureRx, Pharmacierge or other pharmacy services where appropriate. These providers may process prescription, dispensing, delivery, payment or regulatory information. Depending on the service and how data is collected, they may act as our processors, independent controllers, or both.

7. International Data Transfers

Some providers may process or access data outside the UK. Where this happens, we rely on appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or the UK Extension to the EU-US Data Privacy Framework where the relevant provider is certified.

8. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that has a legal or similarly significant effect on you. Clinical and practice decisions are made by human professionals.

9. How Long We Keep Your Data

We retain mental health and psychiatric clinical records in line with applicable professional and health-records guidance. Mental health records are generally retained for 20 years after the last entry, or 10 years after death, unless a longer or shorter period is justified by clinical, legal, regulatory or safeguarding requirements.

Financial and billing records are normally retained for 6 to 7 years for tax and accounting purposes.

10. Your Data Protection Rights

You have the right to:

  • request access to your personal data;
  • request correction of inaccurate or incomplete data;
  • request erasure, where no overriding clinical, legal or regulatory reason requires retention;
  • request restriction of processing;
  • request data portability where applicable;
  • object to processing based on legitimate interests;
  • withdraw consent where processing is based on consent, such as optional cookies or marketing.

You can exercise your data protection rights, including making a Subject Access Request, by contacting us at GDPR@drnickwalsh.co.uk, by telephone on 0207 205 2838, by post, or through any usual practice communication route. You do not need to use a special form or specific wording. We may need to verify your identity before responding.

For records controlled solely by Priory Group or another independent controller, you should contact that organisation directly. If you make a request to this practice, we will help identify which controller holds the relevant records.

11. How to Complain

Please contact us first if you have concerns about how your data is handled. You also have the right to complain to the Information Commissioner’s Office (ICO).

ICO website: https://ico.org.uk/make-a-complaint/

ICO helpline: 0303 123 1113