Employee Privacy Notice

Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre]

Data Protection Privacy Notice for Staff

Introduction:

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.

This privacy notice applies to personal information processed by or on behalf of Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre].

This notice explains

  • Who we are, how we use your information and our Data Protection Officer
  • What kinds of personal information about you do we process?
  • What are the legal grounds for our processing of your personal information (including when we share it with others)?
  • What should you do if your personal information changes?
  • For how long your personal information is retained by us?
  • What are your rights under data protection laws?
  • Enable monitoring of staff vaccination status

The UK General Data Protection Regulation (UKGDPR) became law on 24th May 2016. This is a regulation on the protection of confidential and sensitive information. It entered into force in the UK on the 25th of May 2018, repealing the Data Protection Act (1998) with the new Data Protection Act 2018 supplementing it.

For the purpose of applicable data protection legislation (including but not limited to the UK General Data Protection Regulation (Regulation (UK) 2016/679) (the “UKGDPR”), and the Data Protection Act 2018 (DPA2018) the organisation responsible for your personal data is Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre].

This notice describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

This Privacy Policy applies to the personal data of our Employees.

How we use your information and the law.

Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] will be what’s known as the ‘Controller’ of the personal data you provide to us.

Upon commencement of employment with the company you will be asked to supply the following personal information:

Name, address, telephone numbers, email address, date of birth, national insurance number, bank details, emergency contact information and health information.

The information that we ask you to provide to the company is required by the business for the following reasons:

  • In order for us to pay your salary
  • In order for us to contact you out of hours if required
  • To provide you with company information via email and post if required
  • To have the ability to contact your emergency contacts if necessary
  • To ensure we are able to inform the emergency services if your health is compromised
  • To ensure that we can provide any reasonable adjustments as necessary
  • To comply with payroll, auto-enrolment and RTI responsibilities.

We ask that you provide ID for copying to comply with our responsibilities as an employer under section 8 of the Asylum and Immigration Act 1996.

Throughout your employment we will collect data and add to your personnel file i.e. appraisal paperwork, communications, absence information and changes to personnel data.

How do we lawfully use your data?

We need to know your personal, sensitive and confidential data in order to Employ you, under the General Data Protection Regulation we will be lawfully using your information in accordance with: –

  • Article 6, (b) Necessary for performance of/entering into contract with you
  • Article 9(2) (b) Necessary for controller to fulfil employment rights or obligations in employment.

This Privacy Notice applies to the personal data of our employees and the data you have given us about your carers/family members.

How do we maintain the confidentiality of your records? 

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • Data Protection Act 2018
  • The UK General Data Protection Regulations 2016
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • NHS Codes of Confidentiality, Information Security and Records Management

We will only ever use or pass on information about you if others who have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e., life or death situations), where the law requires information to be passed on.

Our policy is to respect the privacy of our staff and to maintain compliance with the UK General Data Protection Regulations (UKGDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data related to our staff will be protected.

All employees and sub-contractors engaged by Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] are asked to sign a confidentiality agreement. Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] will, if required, sign a separate confidentiality agreement if the client deems it necessary.  If a sub-contractor acts as a data processor for Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] an appropriate contract (art 24-28) will be established for the processing of your information.

In certain circumstances you may have the right to withdraw your consent to the processing of data. Please contact the Data Protection Officer in writing if you wish to withdraw your consent.  If some circumstances we may need to store your data after your consent has been withdrawn to comply with a legislative requirement.

Where do we store your information electronically?

All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.

No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place.  We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;

  • NHS Commissioning Support Units
  • Clinical Commissioning Groups
  • NHS England (NHSE) and NHS Digital (NHSD)
  • Local Authorities
  • CQC
  • Private Sector Providers providing employment services
  • Other ‘data processors’ which you will be informed of

You will be informed who your data will be shared with and in some cases asked for consent for this happen when this is required.

We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.  All employees and sub-contractors engaged by Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] are asked to sign a confidentiality agreement. If a sub-contractor acts as a data processor for Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] an appropriate contract (art 24-28) will be established for the processing of your information.

How long will we store your information?

We are required under UK tax law to keep your information and data for the full retention periods as specified by the UK Employment legislation.

Employee personnel files will be stored for a period of seven years for the purpose of any legal claims.

How can you access, amend move the personal data that you have given to us?

Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.

Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example for a research project), or consent to market to you, you may withdraw your consent at any time.

Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

Right of data portability: If you wish, you have the right to transfer your data from us to another data controller.

Access to your personal information 

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information this organisation holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

  • Your request should be made in writing to the Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre]
  • There is no charge to have a copy of the information held about you
  • We are required to respond to you within one month

What should you do if your personal information changes?

You should tell us so that we can update our records please contact the Head of Support Services as soon as any of your details change, this is especially important for changes or address or contact details (such as your mobile phone number), Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date.

Objections / Complaints

Should you have any concerns about how your information is managed, please contact the Head of Support Services or the Data Protection Officer as above. If you are still unhappy following a review by the organisation, you have a right to lodge a complaint with a supervisory authority: You have a right to complain to the UK supervisory Authority as below.

Information Commissioner:

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel:      01625 545745

www.ico.org.uk

If you are happy for your data to be extracted and used for the purposes described in this privacy notice, then you do not need to do anything.  If you have any concerns about how your data is shared, then please contact the Data Protection Officer.

If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer as below.

Data Protection Officer:

The Data Protection Officer is Paul Couldrey of PCIG Consulting Limited. Any queries in regard to Data Protection issues should be addressed to him at: –

Email: paul.couldrey@nhs.net

Postal: PCIG Consulting Limited, 7 Westacre Drive, Quarry Bank, Dudley, West Midlands, DY5 2EE

Changes:

It is important to point out that we may amend this Privacy Notice from time to time.  If you are dissatisfied with any aspect of our Privacy Notice, please contact the Data Protection Officer.

COVID 19 Privacy Notice

(This Privacy Notice is to run alongside our standard Practice Privacy Notice)

As we move away from the initial response to COVID-19 the health and social care system will need to continue to take action to manage and mitigate the spread and impact of the outbreak. This includes ensuring that approved researchers can continue to securely access pseudonymised data held by GP IT systems to assist the health and care service’s response to COVID-19 by, for example:

  • recognising trends in COVID-19 diseases and identifying risks it poses
  • controlling and preventing the spread of COVID-19
  • monitoring and managing outbreaks

The OpenSAFELY COVID-19 research service provides a secure analytics service that supports COVID-19 research, COVID-19 clinical audit, COVID-19 service evaluation and COVID-19 health surveillance purposes.

Under the COVID-19 Public Health Directions 2020 NHS England has been directed by the Secretary of State for Health and Social Care to establish and operate the OpenSAFELY service.  While each GP practice remains the data controller of its own patient data, they are required under the provisions of s259 of the Health and Social Care Act 2012 to provide access to de-identified (pseudonymised) patient data through the OpenSAFELY service.

The service enables individuals (academics, analysts and data scientists) approved by NHS England to run queries on pseudonymised GP and NHS England patient data which is held within the GP system suppliers’ data environments.  Controls are in place to ensure that individuals only have access to aggregated outputs from the service (i.e. they cannot access information that either directly or indirectly identifies individuals).

Purpose of this Notice

OpenSAFELY service is used to analyse de-identified (pseudonymised) data within the EMIS and TPP boundaries, to support COVID-19 related research.

This is a continuation of a service which is supported by the BMA which has been operating since 2020. The permanent legal basis (the COVID-19 Direction) above allows the practice to provide this data to NHSE as an ongoing service.

The OpenSAFELY service is a Trusted Research Environment (TRE) established within the secure environment of EMIS and TPP. Researchers write their analysis code away from the patient data; the code is run automatically on de-identified (pseudonymised) patient data; and only the aggregated outputs (now anonymous) are shared with researchers to be used, for example, in journal publications, reports or presentations.

These controls keep patient data secure inside EMIS and TPP and confidential from researchers. The use of TREs and the data processing principles which OpenSAFELY represents is supported by the RCGP.

To date, this service has supported a range of important COVID-19 related research, including one of the world’s first and largest studies to identify the clinical factors associated with COVID-19 related death, which informed the national COVID-19 vaccination strategy and Green Book guidance. Other studies have also informed COVID-19 related NICE guidance and decisions made by SAGE.

All NHS England approved research studies are published online, including sharing the exact analysis code each study used to analyse the patient data, by whom and when such code was run. In future, NHSE will also publish approvals on our data release register.

During the pandemic, and in the recovery phase, de-identified data has been crucial in helping to save lives. It has supported research into COVID-19 and the ways that it has affected our lives, our health, and to identify effective medicines and treatments.

Research has helped to identify new treatments for COVID-19 and to understand how we can keep our communities safe. Data has helped us to prioritise the right care to the most vulnerable in our society and to develop vaccines to protect against COVID-19.

If you have any questions, please contact us at gpdata@nhs.net

Recording of processing

A record will be kept by Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] of all data processed under this Notice.

Sending Public Health Messages

Data protection and electronic communication laws will not stop Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.

Digital Consultations

It may also be necessary, where the latest technology allows Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.

Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. All references to NHS Digital now, or in the future, relate to NHS England.

Children Privacy Notice

WHAT IS A PRIVACY NOTICE AND WHY DOES IT APPLY TO ME?

A Privacy Notice tells people how organisations use information that they hold about them. A new law called the UK General Data Protection Regulation 2016, also known as UKGDPR, says that we need to provide you with this Privacy Notice and let you know:

  • What information we hold about you
  • How we keep this especially important information safe and secure and where we keep it
  • How we use your information
  • Who we share your information with
  • What your rights are
  • When the law gives us permission to use your information

WHY DOES THE LAW GIVE YOU PERMISSION TO USE MY INFORMATION?

The law gives us permission to use your information in situations where we need it to take care of you. Because information about your health is very personal, sensitive and private to you, the law is very strict about how we use it.

So, before we can use your information in the ways we have set out in this Privacy Notice, we have to have a good reason in law, which is called a ‘lawful basis’.  Not only do we have to do that, but we also have to show that your information falls into a special group or category, because it is very sensitive. By doing this the law makes sure we only use your information to look after you and that we do not use it for any other reason.

If you would like more information about this please ask to speak to our Data Protection Officer (DPO) mentioned in this Privacy Notice who will explain this in more detail.

ABOUT US

We, at Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] are responsible for collecting, storing and handling your information when you registered with us as a patient. Because we do this, the law says we are Data Controllers. Sometimes we may use your information for a particular purpose and when we do so, the law says we are Data Processors.

WHAT INFORMATION DO YOU HOLD ABOUT ME?

We hold information about you such as:

  • Your name
  • Address
  • Mobile number
  • Information about your parent(s) or person with parental responsibility
  • All your health records
  • Appointment records
  • Visits to see your GP
  • Treatments you have had
  • Medicines prescribed for you and any other information to help us look after you

HOW DO YOU KEEP IT SAFE?

  • The law says that we must do all we can to keep your information private, safe and secure.
  • We use secure computer systems and we make sure that any written information held about you is under lock and key and kept in a safe place. This includes taking great care with any passwords we use which we change on a regular basis. We also train our staff to respect your privacy and deal with your information in a manner that makes sure it is always kept and dealt with in a safe way.

WHAT DO YOU DO WITH MY INFORMATION?

  • We only usually use your information to help us care for you. That means we might need to share your information with other people who are concerned and involved with looking after your health.
  • We might need to share your information with the police, courts, social services, solicitors and other people who have a right to your information, but we always make sure that they have a legal right to see it (or have a copy of it) before we provide it to them.

WHO ELSE WILL SEE MY INFORMATION?

  • Usually only doctors, nurses and other people who work with us are allowed to see your information.
  • Sometimes though, if you need to go to the hospital or be seen by a special doctor, we will share your information with them but this only so that we can take care of you.
  • Sometimes we might be asked to take part in medical research that might help you in the future. We will always ask you or your parent(s) or adult with parental responsibility if we can share your information if this happens.
  • Possibly the police, social services, the courts and other organisations and people who may have a legal right to see your information.

WHAT ARE MY RIGHTS?

  • If you want to see what information we hold about you then you have a right to see it and you can ask for it.
  • To ask for your information you will usually need to put your request in writing and tell us what information you want us to give you.
  • We usually need to answer you within one month. Your parent(s) or adult with parental responsibility can help you with is if you need help.
  • Usually we will give this to you free of charge.
  • If you think there are any errors in the information we hold about you then you can ask us to correct it but the law says we can’t remove any of the information we hold about you even if you ask us to. This is because we need this information to take care of you.
  • You have a right to ask us not to share your information.
  • If you would like to talk to us about not sharing your information, even if this means you don’t want us to share your information with your parent(s) or adult with parental responsibility, please let us know. We will be happy to help.

WHAT IF I HAVE A QUESTION?

  • A member of our staff/receptionist will be happy to talk to you about any questions you may have and we will do our best to help you.
  • The Surgery has a person called a Data Protection Officer (DPO) who deals with all queries about patient information. Our receptionist may put you in touch with this person who will listen to your concerns and give you the advice you need.
  • Our DPO is called Paul Couldrey and he can be contacted at Couldrey@me.com.

WHAT IF I HAVE A SERIOUS COMPLAINT ABOUT HOW YOU LOOK AFTER MY INFORMATION?

  • We will always do our best to look after your information and to answer your questions.
  • If you are still not happy with something we have done with your information you can speak to our DPO.
  • If our DPO has not been able to help you or if you prefer not to speak to our DPO then you have a right to pass your complaint to an organisation called the Information Commissioner’s Office (ICO) who will look into what has gone wrong. For more information visit ico.org.uk

UPDATES TO THIS PRIVACY NOTICE

  • The law says we must keep all information we provide in this Privacy Notice up to date.
  • This Privacy Notice was last updated on 18/07/2023 and will be reviewed on 18/07/2025

Candidate Privacy Notice

Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] (the Practice)

Data Protection Privacy Notice for Candidates applying for work

 Introduction:

 This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you.

This privacy notice applies to personal information processed by or on behalf of the practice.

This Notice explains

  • Who we are, how we use your information and our Data Protection Officer
  • What kinds of personal information about you do we process?
  • What are the legal grounds for our processing of your personal information (including when we share it with others)?
  • What should you do if your personal information changes?
  • For how long your personal information is retained by us?
  • What are your rights under data protection laws?

The UK General Data Protection Regulation (UK GDPR) became law on 24th May 2016. This is a regulation on the protection of confidential and sensitive information. It entered into force in the UK on the 25th May 2018, repealing the Data Protection Act (1998), being supplemented by the Data Protection Act 2018.

For the purpose of applicable data protection legislation (including but not limited to the UK General Data Protection Regulation (Regulation (UK) 2016/679) (the “UKGDPR”), and the Data Protection Act 2018 the practice responsible for your personal data is Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre].

This Notice describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights

This Privacy Policy applies to the personal data collected from Candidates applying for roles within the practice.

How we use your information and the law.

Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] will be what’s known as the ‘Controller’ of the personal data you provide to us.

Upon commencement of employment with the company you will be asked to supply the following personal information:

Name, address, telephone numbers, email address, date of birth, national insurance number, bank details, emergency contact information and health information.

The information that we ask you to provide to the company is required by the business for the following reasons:

  • In order for us review your application
  • In order for us to contact you for interview details
  • Comply with appropriate Employment law
  • To ensure that we can provide any reasonable adjustments as necessary

We ask that you provide ID for copying to comply with our responsibilities as an employer under section 8 of the Asylum and Immigration Act 1996.

Throughout the application process we will collect data and add to your file i.e. interview scores etc

How do we lawfully use your data?

We need to know your personal, sensitive and confidential data in order to Employ you, under the General Data Protection Regulation we will be lawfully using your information in accordance with: –

Article 6, (b) Necessary for performance of/entering into contract with you

Article 9(2) (b) Necessary for controller to fulfil employment rights or obligations in employment.

This Privacy Notice applies to the personal data of our Candidates.

How do we maintain the confidentiality of your records? 

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • Data Protection Act 2018
  • The UK General Data Protection Regulation 2016
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • NHS Codes of Confidentiality, Information Security and Records Management

We will only ever use or pass on information about you if others who have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on.

Our practice policy is to respect the privacy of our candidates and to maintain compliance with the UK General Data Protection Regulation (UK GDPR) and all UK specific Data Protection Requirements. Our policy is to ensure all personal data related to our candidates will be protected.

All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. The practice will, if required, sign a separate confidentiality agreement if the client deems it necessary.  If a sub-contractor acts as a data processor for Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] an appropriate contract (art 24-28) will be established for the processing of your information.

In Certain circumstances you may have the right to withdraw your consent to the processing of data. Please contact the Data Protection Officer in writing if you wish to withdraw your consent.  If some circumstances we may need to store your data after your consent has been withdrawn to comply with a legislative requirement.

Where do we store your information electronically?

All the personal data we process is processed by our candidates in the UK however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.

No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place.  We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.

Who are our partner organisations?

We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations;

  • NHS Commissioning Support Units
  • Clinical Commissioning Groups
  • NHS England (NHSE) and NHS Digital (NHSD)
  • Local Authorities
  • CQC
  • Private Sector Providers providing employment services
  • Other ‘data processors’ which you will be informed of

You will be informed who your data will be shared with and in some cases asked for consent for this happen when this is required.

We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.  All employees and sub-contractors engaged by our practice are asked to sign a confidentiality agreement. If a sub-contractor acts as a data processor for Umbrella Medical [Hatherton Medical Centre, Holland Park Surgery, Mossley Fields Surgery and Broadway Medical Centre] an appropriate contract (art 24-28) will be established for the processing of your information.

How long will we store your information?

We are required under UK tax law to keep your information and data for the full retention periods as specified by the UK Employment legislation as below

Business Function Examples of documents Retention Period
  Training records Current year plus 2 years
  Candidate application forms/CVs and archiving documentation (of applicants who aren’t successful) 6 months post-date of recruitment decision
  DBS data 6 months post-date of check

How can you access, amend move the personal data that you have given to us?

Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.

Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example for a research project), or consent to market to you, you may withdraw your consent at any time.

Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.

Right of data portability: If you wish, you have the right to transfer your data from us to another data controller.

Access to your personal information 

Data Subject Access Requests (DSAR): You have a right under the Data Protection legislation to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:

  • Your request should be made in writing to the Practice
  • There is no charge to have a copy of the information held about you
  • We are required to respond to you within one month

What should you do if your personal information changes?

You should tell us so that we can update our records please contact the Practice Manager as soon as any of your details change, this is especially important for changes of address or contact details (such as your mobile phone number), the practice will from time to time ask you to confirm that the information we currently hold is accurate and up-to-date. 

Objections / Complaints

Should you have any concerns about how your information is managed at the Surgery, please contact the Practice Manager or the Data Protection Officer as above. If you are still unhappy following a review by the GP practice, you have a right to lodge a complaint with a supervisory authority: You have a right to complain to the UK supervisory Authority as below.

Information Commissioner:

Wycliffe house, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel:       01625 545745

https://ico.org.uk/

If you are happy for your data to be extracted and used for the purposes described in this privacy notice, then you do not need to do anything.  If you have any concerns about how your data is shared, then please contact the Practice Data Protection Officer.

If you would like to know more about your rights in respect of the personal data we hold about you, please contact the Data Protection Officer as below.

Data Protection Officer:

The Practice Data Protection Officer is Paul Couldrey of PCIG Consulting Limited. Any queries in regard to Data Protection issues should be addressed to him at: –

Email:   Couldrey@me.com

Postal: PCIG Consulting Limited, 7 Westacre Drive, Quarry Bank, Dudley, West Midlands, DY5 2EE

Changes:

It is important to point out that we may amend this Privacy Notice from time to time.  If you are dissatisfied with any aspect of our Privacy Notice, please contact the Practice Data Protection Officer.