This privacy notice explains what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to personal information processed by or on behalf of the practice.
This Notice explains
- Who we are, how we use your information and our Data Protection Officer
- What kinds of personal information we process
- The legal grounds for processing your information
- What to do if your personal information changes
- How long we retain your information
- Your data-protection rights
- How to exercise those rights
- How we comply with the NHS National Data Opt-Out
We comply with the UK GDPR and the Data Protection Act 2018.
How We Use Your Information
We collect and process both basic personal data (e.g., name, address, contact details) and "special category data" (e.g., health information, ethnicity, sex and relevant religious beliefs).
Your health records include:
- Peronal details
- Appointments and clinical encounters
- Notes and reports about your health
- Treatment and care details
- Test results
- Relevant information from other healthcare professionals or carers
These records ensure you receive safe, effective care.
Lawful Basis
We process your data under:
- Article 6(e) – public interest / official authority
- Article 9(h) – health or social care provision and management
Risk Stratification
Risk‑stratification tools help identify individuals at risk of certain conditions or unplanned admissions. Only de‑identified information is used for analysis; identifiable information is returned only to your GP. You may opt out of this use.
Medicines Management
We may review your prescribed medicines to ensure safety, clinical effectiveness and best practice.
Maintaining Confidentiality
We follow strict legal, regulatory and NHS confidentiality standards. We share your information only when:
- Necessary for your direct care
- Required by law
- In your best interests under Caldicott Principles
- With your explicit consent
All staff and subcontractos are bound by confidentiality agreements.
Research
If your identifiable data is needed for research, we will ask for your explicit consent. You may opt out of identifiable research uses.
Secondary Uses & Consent
We will always seek your consent for any use of your information not covered by law or clinical necessity. You can withdraw this at any time.
Electronic Storage & Security
All data is processed within the UK or EU. External processors are contractually bound to maintain confidentiality and security.
Partner Organisations
We may share information with:
- NHS Trusts / Foundation Trusts
- Other GP practices
- Dentists, opticians, pharmacists
- Private and voluntary sector providers
- NHS England and NHS Digital
- Local Authorities
- Ambulance services
- Police and judicial services
- External processors under contract
Data Retention
We follow NHS Records Management Code of Practice retention periods.
Your Rights
You have the right to:
- Access your information (DSAR)
- Request correction
- Request erasure (when applicable)
- Withdraw consent
- Object to processing
- Request data portability
We will respond within one month.
National Data Opt-Out (NDOO)
The NHS National Data Opt‑Out allows you to choose whether your confidential patient information is used for research and planning purposes, beyond your individual care.
When an opt‑out is recorded, organisations must ensure your choice is applied to relevant data uses.
The opt‑out applies to:
- Research
- Planning and service evaluation
The opt‑out does NOT apply to:
- Direct care
- Anonymised data
You can set or change your opt‑out using: www.nhs.uk/your-nhs-data-matters
Type 1 Opt-Out
This prevents your GP data leaving the Practice for non‑care purposes. It is different from the National Data Opt-Out.
OpenSAFELY
OpenSAFELY is a secure analytics platform using pseudonymised data. Approved users cannot identify individuals. Patients may opt out via Type 1 opt-out.
CCTV
CCTV may be shared with lawful authorities when necessary.