Privacy policy

Ecclesbourne GP Privacy Notice

We are Ecclesbourne GP, and are committed to upholding the highest standards for your data. This Privacy Notice will explain how we work, how we will use your information to ensure the best quality of our service, and so that you are fully aware of how and why we are using your personal data.

This Privacy Notice reflects the requirements of the UK General Data Protection Act (UK GDPR 2021) and the Data Protection Act (DPA 2018).

Document Control

0.1

Draft for Review - July 2020 Radha Muthuswamy

1.0

Reviewed and circulated
  1. Glossary of terms

Term

Description

Clinician

 

A qualified healthcare professional in the UK. Examples are: Doctor, nurse, midwife, pharmacist, psychologist, allied health professional, e.g. dietitian, occupational therapist, physiotherapist, podiatrist, and speech and language therapist

Data Subject

A Data Subject is a 'natural' person or individual who is the subject of personal data. 

DPO

Data Protection Officer with the primary role to ensure that the organisation processes the personal data of its staff, customers, patients, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules.

DSAR

Data Subject Access Request or SAR is simply a request made by or on behalf of an individual for the information which he or she is entitled to ask for under the Data Protection Act 2018.

GP

General practice (GP) General practitioners (GPs) treat all common medical conditions and refer patients to hospitals and other medical services for urgent and specialist treatment. They focus on the health of the whole person combining physical, psychological and social aspects of care.

ID

IDentification

SAR

Subject Access Request           
  1. Why do we collect personal information about you?

The staff caring for you collect and maintain information about your health, treatment and care, to:

  • Facilitate account creation and the logon process,
  • Post testimonials,
  • Request feedback,
  • Enable user to user communications,
  • Manage user accounts,
  • Send administrative information to you,
  • Protect our Services,
  • Enforce our terms, conditions and policies for business purposes,
  • Comply with legal and regulatory requirements or in connection with our contract,
  • Respond to legal requests and prevent harm,
  • Deliver and facilitate delivery of services to the user,
  • Respond to user inquiries/offer support to users,
  • Support working with others who provide your care,
  • Review the type and quality of care you received and make the necessary changes in order to provide the best care available,
  • And to ensure accurate and up to date information is available in order to provide the best possible care and treatment for you.

In any event, we are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. In terms of being contacted for marketing purposes, we would contact you for additional consent.

Your information is used by healthcare professionals, which will only by relevant GP staff and necessary third parties.

Our legal basis for processing your personal information is based on consent. We will not use automated decision making processes.

  1. What information will we collect?

This personal information can be held digitally; such as electronically on computer systems and in video and audio files.

Once you register with us, we will collect personal information that you provide to use - full name, phone numbers, email address(es), passwords, and other similar information.

  1. How do we collect your information?

This personal information is gathered through direct interaction - through information you provide to us when you register.

  1. Who can see your information?

Your information is used by healthcare professionals, which will only by relevant GP staff and necessary third parties.

We may pass your personal data on to third-party service providers contracted to us in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on our behalf. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise. 

The data will not be transferred outside of the UK.

  1. How do we hold your information?

We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice. We are also required to retain information in accordance with the law, such as information needed for income tax and audit purposes.

  1. Your data rights

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

  • Request access to your personal data. This is through a ‘Data Subject Access Request’, and you can receive a copy of the personal data we hold on you.
  • Request the correction of your personal data, though we may need to verify the accuracy of the new data you provide to us.
  • Request the erasure of your data. You can ask us to delete or remove your data if there is no good reason for us to continue to process it. We may not always be able to comply with this request, though this will be for specific legal reasons which will be notified to you.
  • Object to the processing of your personal data. You can object on the basis of the processing impacting your fundamental rights and freedoms, or if it is for direct marketing purposes. Again, there may be specific legal reasons where we will have to reject your objection, and this will be notified to you.
  • Request the restriction of the processing. We will suspend the processing of your data if (a) you want to establish its accuracy, (b) the use is unlawful but you don’t wish for it to be erased, (c) you need it to establish, exercise or defend legal claims, or (d) you object but we need to verify an overriding legal basis.
  • Request the transfer of your data. Your data will be provided in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent, as we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. 

All of the above requests will be forwarded should there be a third party involved in the processing of your personal data.

  1. Contact Us

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your data protection rights please contact us at oraelosiandptns.text@nhs.net.

If you wish to make a complaint about how we collected or used your data, you have the right to lodge a complaint with a supervisory authority. For the UK, this is the Information Commissioner’s Office (ICO). The ICO can be contacted on 0303 123 1113. Alternatively, you can contact them at https://ico.org.uk/concerns/.

Where we make changes to our privacy notice we shall let you know. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.