Version

Edited by

Date issued

Next review date

V2

Salma Ali

16/1/2024

3Ys

Position

Named individual

Practice Manager

Salma Ali

Question

Answer

What is a privacy notice?

A privacy notice helps this surgery to tell you how we use the information it has about you. The data could be name, address, date of birth and, importantly, the clinical records that a clinician may write about you in your healthcare record.

Why do we need one?

By law, this practice needs a privacy notice. This is detailed within the Data Protection Act 2018 and is part of the UK General Data Protection Regulation (or UK GDPR for short)

What is the UK GDPR?

The UK GDPR is part of a law that states that the information about you must remain secure. All staff at the surgery must follow these rules and keep your information safe.

How can I learn more about the privacy notice?

This surgery has lots of information about privacy on our website telling you how we use the information we have about you.  You can also ask a member of the staff should you have any questions about your data.

The UK GDPR details what needs to be provided within the privacy notice, this is:

• What information we hold about you
• How we keep this especially important information safe and secure and where we keep it
• How we use your information
• Who we share your information with
• What your rights are
• When the law gives us permission to use your information

What information do we collect about you?

Personal information is anything that identifies you as a person and we all have personal information. Personal information that tells us something about you includes:

• Your name
• Address
• Mobile and/or home telephone number
• Information about your parent(s) or person with parental responsibility
• All your health records
• Appointment records
• Treatments you have had
• Medicines prescribed for you and any other information to help us to look after you

How do we use your information?

Your information is taken to help us to provide your care. We might need to share this information with other medical teams. We only usually use your information to help us to care for you. That means we might need to share your information with other people who are concerned and involved with looking after your health, such as hospitals if you need to be seen there.

We might also need to share your information with the police, courts, social services, solicitors and other people who have a right to your information, but we always make sure that they have a legal right to see it (or have a copy of it) before we provide it to them. The law gives us permission to use your information in situations when we need it to take care of you. Because information about your health is very personal, sensitive and private to you, the law is very strict about how we use it. So, before we can use your information in the ways we have set out in this privacy notice, we have to have a good reason in law which is called a ‘lawful basis’.

Not only do we have to do that, but we also have to show that your information falls into a special group or category because it is very sensitive. By doing this, the law makes sure we only use your information to look after you and that we do not use it for any other reason.

If you would like more information about this, please ask to speak to our Data Protection Officer (DPO) who is mentioned in this privacy notice who will explain this in more detail.

How do we keep your information safe?

We know that it is really important to protect the information we have about you. Therefore, we will follow the rules that are written in the Data Protection Act and the Chapter that details the UK GDPR. The law says that we must do all we can to keep your information private, safe and secure.

We use secure computer systems and we make sure that any written information held about you is kept securely and we train our staff to respect your privacy and deal with your information in a manner that makes sure it is always kept and dealt with in a safe way.

What if I have a long-term medical problem?

If you have a long-term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them to help you, making sure you get the care you need when you need it.

Who else will see my information?

Usually, only staff at this practice are allowed to see your information. Should you need to go to the hospital then we may be asked to share your information with them, but this is only so that we can take care of you.

Sometimes we might be asked to take part in medical research that could help you in the future. We will always ask you or your parent(s) or an adult with parental responsibility if we can share your information if this happens.

Possibly the police, social services, the courts or other organisations may have a legal right to see your information.

What if I don’t want to opt out of sharing my medical information?

England

All our patients, no matter what their age, can say that they don’t want to share their information. If you’re under 13 this is something that your parents or an adult with parental responsibility will have to decide. If you’re over 13 and need help, then it may make sense to discuss this with those who care for you.

Should you want to discuss this further, then you can discuss any concerns that you have with a member of staff at the surgery.

You have a right to ask us not to share your information. Should you want to talk to us about not sharing your information, even if this means you do not want us to share your information with your parent(s) or an adult with parental responsibility, please let us know.

How to access my records?

If  you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). There are some rules on this.

• If you are under 16, your parents or adults with parental responsibility can do this on your behalf.
• f you are over 12, you may be classed as being competent and may be able to do this yourself.
• If you are over 16 and need help in understanding what to do, then you can still ask the person who cares for you to do it on your behalf.

You may also be able to access your records online and you can discuss this with a member of staff at the surgery.

What if there is something wrong in my record?

If you believe that there are any errors in the information that we hold about you, then you can ask us to correct it.

Can I get anything removed from my record?

Legally, we cannot remove any of the information we hold about you as we need all this information to take care of you.

What to do if I have a question?

If you have any questions, please ask a member of staff, or your parents or adults with parental responsibility, or the person who cares for you to either contact the Data Protection Officer (DPO) at the surgery by:

• Asking to speak to the Practice Manager. This person is normally the Data Controller
• Writing to the DPO
• Emailing either the Data Controller or the Data Protection Officer

Please note that the DPO is specially trained in data management

What if I have a complaint about how my information is being managed?

If you are unhappy with any element of our data processing methods, contact the Practice Manager  in the first instance. If you feel that we have not addressed your concern appropriately, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

To contact the ICO:

• Visit https://ico.org.uk which explains various methods to raise a complaint including a live chat service
• Telephone: 0303 123 1113 (Monday to Friday 9am to 5pm)

The ICO is the regulator for data protection and offers independent advice and guidance on the law and personal data including your rights and how to access your personal information.