Introduction
This is St Margarets Medical Practice Privacy Notice.
As part of the services we offer, we are required to process personal data about our patients and, in some instances, the friends or relatives of our service users. “Processing” can mean collecting, recording, organising, storing, sharing or destroying data.
We are committed to being transparent about why we need your personal data and what we do with it. This information is set out in this privacy notice. It also explains your rights when it comes to your data.
If you have any concerns or questions please contact: Lisa Anderson, Practice Manager.
What data do we have?
So that we can provide a safe and professional service, we need to keep certain records about you. We may process the following types of data:
- Your basic details and contact information e.g. your name, address, date of birth and next of kin;
- Contact we have had with you;
- Notes and reports about your health;
- Details and records about your treatment and care;
We also record the following data which is classified as “special category”:
- Health and social care data about you, which might include both your physical and mental health data.
- We may also record data about your race, ethnic origin, sexual orientation or religion.
Others may also need to use records about you to:
- Check the quality of care that you are receiving
- Protect the health of the general public
- Keep track of NHS Spending
- Help to investigate any concerns or complaints you ask us to
- Teach students or staff
- Support health and social care research
Why do we have this data?
We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.
We process your data because:
- We have a legal obligation to do so – generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.
We process your special category data because:
- It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
- It is necessary for us to provide and manage social care services;
- We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent at any time.
Where do we process your data?
So that we can provide you with high quality care and support we need specific data. This is collected from or shared with:
- You or your legal representative(s);
- Third parties.
We do this face to face, via phone, via email, via our website, via post, via apps.
Third parties are organisations we might lawfully share your data with. These include:
- Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals;
- The Local Authority;
- Your family or friends – with your permission;
- Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC;
- The police or other law enforcement agencies if we have to by law or court order.
When we are sharing information to support third parties in providing your care, we will work hard to ensure it is the minimum necessary and that it is done so securely and lawfully. We aim to ensure that we only use your personal information in a way that you would reasonably expect.
When we share information that is used for healthcare management or planning, this does not allow for you to be identified.
Our Website
In order to provide you with the best experience while using our website, we process some data about you.
There is a contact form that you can complete if there is something that you would like to feedback to the practice about.
Patients can apply online to be registered with this practice and therefore complete a registration form with their details on and submit to the practice.
Generally, our website will not require you to enter personal information. When it does, for example; online appointment booking, we will apply the same confidentiality principles as those described above.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
Your rights
The data that we keep about you is your data and we ensure that we keep it confidential and that it is used appropriately. You have the following rights when it comes to your data:
- You have the right to request a copy of all of the data we keep about you. Generally, we will not charge for this service;
For a copy of your information:
- Your request must be made in writing to your surgery
- The surgery is required to respond to your request in writing within 1 calendar month.
- You will need to give the surgery your full name, address, date of birth and NHS number
- You may be required to provide personal identification such as a driving licence or passport
- You have the right to ask us to correct any data we have which you believe to be inaccurate or incomplete. You can also request that we restrict all processing of your data while we consider your rectification request;
- You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance’s guidelines (https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016)
- You may also request that we restrict processing if we no longer require your personal data for the purpose we originally collected it for, but you do not wish for it to be erased.
- You can ask for your data to be erased if we have asked for your consent to process your data. You can withdraw consent at any time – please contact us to do so.
- If we are processing your data as part of our legitimate interests as an organisation or in order to complete a task in the public interest, you have the right to object to that processing. We will restrict all processing of this data while we look into your objection.
If you would like to complain about how we have dealt with your request, please contact:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF