This notice explains why personal data is collected about you, the ways in which the data might be used and the rights that you have with regards to the usage of your personal data.

Why we collect personal data from you

In our practice we aim to provide the highest quality health care. To do this we must collect and use your personal details, including sensitive details about your health. Without this information it would be almost impossible to deliver the quality health care we seek to provide. We use your personal data to deliver services including testing and examinations, medical diagnoses, clinical treatment and the management of preventive or occupational medication.

What types of personal data do we collect?

Depending on the nature of your visits or treatment, we may collect general personal data such as your name, contact details and banking details. We may also collect sensitive information about your physical or mental health status which may include information about a disease, disability, medical history, clinical treatment or your physiological or biomedical state.

Under what basis do we use your personal data?

In most cases we use your personal data because you ask us to do so, in other words, you give us permission. There are times where you may need to give us specific permission. Where your consent is required, we will provide you with all the details you require in order to make your decision. Sometimes we may be asked by legal authorities to process your personal data and at other times, it might be in order to protect your vital interests. There may also be instances where we have special permission because the interests of the public are deemed to be of greater importance than your confidentiality.

Where do we obtain your personal data from?

In most cases we collect your personal data directly from you. There are times where we might need get information from your relatives, other GPs or health professionals and even from the results of testing and diagnoses. Where we get your personal data from other sources we will inform you.

Who might we share your personal data with?

We may need to share your personal data with health authorities, NHS Trusts, special health authorities, legal authorities, ambulance services and with any other medical practitioner/s and provider/s who are part of your health care plan or records. With your consent and, subject to strict sharing protocols about how it will be used, we may also share your information with social services, education services, local authorities, voluntary sector providers as well as the private sector. Before any of your personal data can be sent outside the EU, we must comply with strict conditions as laid down by the law.

How we look after your personal data

We respect the fact that the personal data belongs to you. We have a duty to keep your information confidential, secure and accurate. We do not keep your personal data for any longer than is necessary for the purpose for which we collected the data. Where we need to further use your personal data, we ensure that it is legal for us to do so and when we need to store your data we take measures to ensure that you or other patients cannot be identified through simply accessing those files.

What are your rights as a client/patient?

There is an EU law that protects your personal data and it’s called the General Data Protection Regulation (GDPR). We must ensure that when you ask about your personal data we respond promptly to your request. You have the rights to have your data corrected or removed or transferred to another service provider and also to ask that we stop using your data. You have the right not to be subject to decisions that were made purely by machine, unless certain conditions apply.

Where you have previously given your consent, you have the right to have that consent removed, unless a legal authority prevents us from doing this. You have the right not to be pestered by nuisance email or tele-marketing.

You also have the right to be informed of certain security incidents which might have an impact on you.  You have the right to raise a complaint with the data protection authority (supervisory authority). Please find their details below. Should you require access to your personal data you may make the request by using the link on our website or contacting us directly at our practice.

Our Data Protection Authority

    Information Commissioner’s Office
    Wycliffe House
    Water Lane, Wilmslow
    Cheshire SK9 5AF
    Local – 0303 123 1113 Textphone –  01625 545860 [email protected]
    +44 1625 545 745 www.ico.org.uk