Privacy Policy
Your privacy matters
We are a primary care Partnership.
The current Practice sites are listed at the bottom of this page. The Main site is Bramley Village Health and Wellbeing Centre. Our other Practice site are classed as Branch Surgeries. Patients who have registered at one site have the right to use services at any of our sites.
The list of services we provide are:
GMS Services (GP Surgery services)
Collectively, for the purposes of this privacy policy, our sites and services will be referred to as 'the Practice', and are run under contract by The Partnership. Our group organisations shall collectively be called 'the organisation'.
At our Practice, we aim to deliver services that enable patients to live longer, healthier lives are full, active and meaningful. We do this in full consideration of privacy. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), and to be leaders in primary healthcare when it comes to healthcare and privacy.
Our NHS services have two corporate structures: our Practice, which holds a GMS contract, and Reimagining General Practice Health Support Services Ltd, which provides non-clinical services and support services to the Practice.
Our CQC and Data Protection registered address is https://www.westyorkshire.icb.nhs.uk/
Who is responsible for my information?
The Practice is the data controller for your information and is responsible for looking after your record while you are a registered patient.
The person with the key responsibility for data protection and security is Mr Methven Forbes. Any queries or concerns should be raised with the practice first at at the address below. West Yorkshire Integrated Care Board (ICB), also provides the practice with a Data Protection Officer, who can be contacted by clicking here.
The Practice is not responsible for the use of your personal data by any other NHS service or organisation. Where personal data about you is used by another NHS Service or Organisation, they are responsible for ensuring that the data they use is accurate and that it is used in a lawful manner. Where you have a complaint about how your data has been used by another NHS Service or Organisation that is not the Practice, you must raise your complaint directly with that NHS Serviec or Organisation.
The organisation offers a range of services delivered at our physical locations and via our website and smartphone app.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy. This policy explains how we use your personal data for our NHS services. It also governs the use of your data through our App, or our websites, including this website (and any reference to our App in this policy shall also include a reference to our website).
This policy covers:
Who we are
What personal data we hold and how we get it
What we use your personal data for
Sharing your personal data
Retention
Data security and transfers
Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer by writing to Methven Forbes at the address below.
Who we are
Our healthcare services are delivered by the Practice.
Your relationship is with the Practice. The delivery of our serfvices is conducted at the Practice sites listed below. For the avoidance of doubt and for the purposes of data processing, services may be carried out at any location deemed necessary by the Practice.
When this policy talks about 'the Practice', 'us' or 'we', it means all the services provided by our Practice.
What personal data we hold and how we get it
We use the following categories of personal data:
Personal details.
When you register with us, you complete forms (online or in paper format) and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners (for example, we use software called SystmOne to hold a patients' medical records). We use our own support services company “Reimagining General Practice Health Support Services Ltd”, which is wholly owned by Dr Mark Fuller and Mr Methven Forbes.
Health and medical information.
The main type of information we hold about you is health and medical information (information about your health, symptoms, treatments, consultations and sessions, medications and procedures). This includes details of your consultations with our doctors and other clinicians, interactions with our digital services, and interaction with our non-clinical staff. We get some of this information directly from you, when you register with us and when you use our healthcare services. If you use our NHS services, we will receive your medical history from your previous GP. If you use our other services (for example, if you register as a temporary patient), and if you have given consent for us to do so, we will send the consultation notes that we take during your use of the private service to your NHS GP (for minors, we will share such notes, in line with medical guidelines, without such consent). Any correspondence we receive from you is uploaded electronically to your medical record held by SystmOne or Emis Web as relevant.
Where we provide video consultations, we retain recordings of our consultations with you, in order to provide you with an easy way to re-watch your consultations where you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. These recordings are held securely in accordance with our retention policy. Once this service is live, you can access recordings of your consultations at any time through the App. We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us (for example where you use the NHS App or where you decide to share information collected from a smart watch or similar device with our App).
Financial information.
If you make any payments on the App or our website (for example, where you are requesting private work including medical examinations for HGV licence), your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information. Technical information and analytics.
When you use our App or website, we may automatically collect the following information where this is permitted by your device settings:(a) technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address); and(b) information about your visit, including services you viewed or used, App response times, interaction information (such as button presses) and any phone number used to call our customer service number. We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services.
Information obtained from third party services.
You may choose to connect your existing accounts with other providers (such as a social media provider) to your account with us. This may, for example, make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address, name, and other sign-up related details.
What we use your personal data for.
Your medical record is owned by the Secretary State for Health. You have the right to ensure that information held about you is accurate. However, you do not have the right to decide what information is held about you providing that the information held is relevant to: the provision of health care, our legal and statutory obligations, our regulatory obligations, or relevant as determined by the clinical or non-clinical staff member who has interacted with you. Your medical record may also hold details, including contact details of you next of kin and family members, carers, individuals and organisations who have provided you with care, or any other information deemed necessary by the Practice. This does not mean that such individuals and organisations have a right to view or obtain your personal medical record nor does it mean that the Practice has the right to share your medical record with such individuals and organisations, except where it is lawful to do so. It is a condition of your registration that you accept that we will hold all relevant information about you and about individuals and organisations as described above, and your registration with the Practice will be deemed as acceptance of your agreement to this condition.
The purposes for which we use your personal data and the legal grounds on which we do so are as follows: We obtain and use your personal details and financial details in order to establish and deliver our contract with you. We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous NHS GP if you use our GP service (in the same way that any GP practice would receive your medical history if they become your NHS GP). It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your GP, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms. Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services so that we can deliver better healthcare to you and other patients.
This medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with any of our services, such as our online consultations. This does not involve making any decisions about you - it is only about improving our services and software so that we can deliver a better experience to you and other patients, and help achieve our aim of enabling patients to live longer and healthier lives that are full, active and meaningful. Strict confidentiality and data security provisions apply at all times. We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address. We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our services to, for example, troubleshoot bugs within the App or website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App or website so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection. We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation. Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access. We may use non-personal data (data from which an individual cannot be identified) to improve our and services. Sharing your personal data with others.
We may share your personal data with our partners (such as Reimagining General Practice Health Support Services or other such services we have outsourced or subcontracted to). This is to help us deliver our services to you. We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service. Where you access our services through another health provider (including your employer) we may share with such partner your name, date of birth, email address, location, and the fact you have registered/used the service (and any other similar information).
We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us. We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP and other NHS bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations. If you use our NHS services, we will share your records with Share Care Records systems, which provides other members of the scheme (such as, amongst others, NHS Trusts, social services, community services and the ambulance services) with access to your data to promote integrated care for you, and for research and statistical purposes. You may contact us at any time to opt out of this data sharing by following the instructions on our website.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person. Except as described above, we will never share your personal information with any other party without your consent. Risk in mobile or email communication.
If you consent to us contacting you by text message or by email following an econsultation or other consultation, you should be aware that there are risks. The following outlines some of the risks to your personal data:
Communication by e-mail or by text message has a number of risks which include, but are not limited to, the following:
E-mail and text messages can be circulated, forwarded and stored in paper and electronic files.
Backup copies of e-mail and text messages may exist even after the sender or the recipient has deleted his/her copy.
E-mail and text messages can be received by unintended recipients.
E-mail and text messages can be intercepted, altered, forwarded or used without authorization or detection.
E-mail and text messages can be used to introduce viruses into computer systems and phone systems.
You should not consent to receiving emails or text messages from us or send us emails or text messages wif any of the above risks concern you. If you do consent, you should ensure that the email address or mobile number you provide is your personal email address and mobile number.
Retention periods.
We retain your medical records in accordance with national best practice guidance - in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records for other periods as required by law or regulation.
GP records Retention period:
GP Records retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
Maternity records Retention period: 25 years after the birth of the last child.
Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation Retention period: 20 years after the date of the last contact; or 10 years after the patient's death if sooner.
Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data - including your primary care information, medication information and diagnostic information - on secure servers. Where you have chosen a password that enables you to access certain parts of our App or website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We encrypt data transmitted to and from the App or website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Your data may be processed or stored via destinations outside of the UK and the European Economic Area, but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA.
For patients who utilise Emis Web online (also known as Patient Access or Patient Access Online) or SystmOne online, the company who owns SystmOne is responsible for data security and data protection. SystmOne is the clinical system we use for recording your health records and can be accessed by us during consultation and by you online if you have registered for this service.
For more information on the data security requirements and data protection standards used by SystmOne, you can visit https://tpp-uk.com.
Your rights.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App or website.
You also have specific rights under the GDPR and DPA..
Wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App or website.
Understand and request a copy of information we hold about you.
Recordings of your appointments with us and other medical notes can be accessed via the App or website.
You can make a request by writing to us at one of the addresses below. Your request can include:
A
ccess to your medical records, including a copy of your medical records
Asking us to rectify incorrect information we hold about you
Asking us to remove information (subject to limitations relating to our obligation to store medical records for prescribed periods of time or where such information is deemed relevant by the Practice)
Ask us to restrict our processing of your personal data or object to our processing
Ask for your data to be provided on a portable basis .
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate) .Contact us for any questions or concerns.
Your privacy matters
We are a primary care Partnership.
The current Practice sites are listed at the bottom of this page. The Main site is Briercliffe GP Surgery.
The list of services we provide are:
Alternative Primary Medical Services (GP Surgery services)
Collectively, for the purposes of this privacy policy, our sites and services will be referred to as 'the Practice', and are run under contract by The Partnership. Our group organisations shall collectively be called 'the organisation'.
At our Practice, we aim to deliver services that enable patients to live longer, healthier lives are full, active and meaningful. We do this in full consideration of privacy. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), and to be leaders in primary healthcare when it comes to healthcare and privacy.
Our NHS services have two corporate structures: our Practice, which holds a APMS contract, and Reimagining General Practice Health Support Services Ltd, which provides non-clinical services and support services to the Practice.
Our CQC and Data Protection registered address is NHS Lancashire and South Cumbria Integrated Care Board (ICB) .
Who is responsible for my information?
The Practice is the data controller for your information and is responsible for looking after your record while you are a registered patient.
The person with the key responsibility for data protection and security is Mr Methven Forbes. Any queries or concerns should be raised with the practice first at at the address below. NHS Lancashire and South Cumbria Integrated Care Board (ICB), also provides the practice with a Data Protection Officer, who can be contacted by clicking here.
The Practice is not responsible for the use of your personal data by any other NHS service or organisation. Where personal data about you is used by another NHS Service or Organisation, they are responsible for ensuring that the data they use is accurate and that it is used in a lawful manner. Where you have a complaint about how your data has been used by another NHS Service or Organisation that is not the Practice, you must raise your complaint directly with that NHS Serviec or Organisation.
The organisation offers a range of services delivered at our physical locations and via our website and smartphone app.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy. This policy explains how we use your personal data for our NHS services. It also governs the use of your data through our App, or our websites, including this website (and any reference to our App in this policy shall also include a reference to our website).
This policy covers:
Who we are
What personal data we hold and how we get it
What we use your personal data for
Sharing your personal data
Retention
Data security and transfers
Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer by writing to Methven Forbes at the address below.
Who we are
Our healthcare services are delivered by the Practice.
Your relationship is with the Practice. The delivery of our serfvices is conducted at the Practice sites listed below. For the avoidance of doubt and for the purposes of data processing, services may be carried out at any location deemed necessary by the Practice.
When this policy talks about 'the Practice', 'us' or 'we', it means all the services provided by our Practice.
What personal data we hold and how we get it
We use the following categories of personal data:
Personal details.
When you register with us, you complete forms (online or in paper format) and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners (for example, we use software called SystmOne to hold a patients' medical records). We use our own support services company “Reimagining General Practice Health Support Services Ltd”, which is wholly owned by Dr Mark Fuller and Mr Methven Forbes.
Health and medical information.
The main type of information we hold about you is health and medical information (information about your health, symptoms, treatments, consultations and sessions, medications and procedures). This includes details of your consultations with our doctors and other clinicians, interactions with our digital services, and interaction with our non-clinical staff. We get some of this information directly from you, when you register with us and when you use our healthcare services. If you use our NHS services, we will receive your medical history from your previous GP. If you use our other services (for example, if you register as a temporary patient), and if you have given consent for us to do so, we will send the consultation notes that we take during your use of the private service to your NHS GP (for minors, we will share such notes, in line with medical guidelines, without such consent). Any correspondence we receive from you is uploaded electronically to your medical record held by SystmOne or Emis Web as relevant.
Where we provide video consultations, we retain recordings of our consultations with you, in order to provide you with an easy way to re-watch your consultations where you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. These recordings are held securely in accordance with our retention policy. Once this service is live, you can access recordings of your consultations at any time through the App. We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us (for example where you use the NHS App or where you decide to share information collected from a smart watch or similar device with our App).
Financial information.
If you make any payments on the App or our website (for example, where you are requesting private work including medical examinations for HGV licence), your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information. Technical information and analytics.
When you use our App or website, we may automatically collect the following information where this is permitted by your device settings:(a) technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address); and(b) information about your visit, including services you viewed or used, App response times, interaction information (such as button presses) and any phone number used to call our customer service number. We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services.
Information obtained from third party services.
You may choose to connect your existing accounts with other providers (such as a social media provider) to your account with us. This may, for example, make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address, name, and other sign-up related details.
What we use your personal data for.
Your medical record is owned by the Secretary State for Health. You have the right to ensure that information held about you is accurate. However, you do not have the right to decide what information is held about you providing that the information held is relevant to: the provision of health care, our legal and statutory obligations, our regulatory obligations, or relevant as determined by the clinical or non-clinical staff member who has interacted with you. Your medical record may also hold details, including contact details of you next of kin and family members, carers, individuals and organisations who have provided you with care, or any other information deemed necessary by the Practice. This does not mean that such individuals and organisations have a right to view or obtain your personal medical record nor does it mean that the Practice has the right to share your medical record with such individuals and organisations, except where it is lawful to do so. It is a condition of your registration that you accept that we will hold all relevant information about you and about individuals and organisations as described above, and your registration with the Practice will be deemed as acceptance of your agreement to this condition.
The purposes for which we use your personal data and the legal grounds on which we do so are as follows: We obtain and use your personal details and financial details in order to establish and deliver our contract with you. We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous NHS GP if you use our GP service (in the same way that any GP practice would receive your medical history if they become your NHS GP). It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your GP, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms. Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services so that we can deliver better healthcare to you and other patients.
This medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with any of our services, such as our online consultations. This does not involve making any decisions about you - it is only about improving our services and software so that we can deliver a better experience to you and other patients, and help achieve our aim of enabling patients to live longer and healthier lives that are full, active and meaningful. Strict confidentiality and data security provisions apply at all times. We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address. We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our services to, for example, troubleshoot bugs within the App or website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App or website so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection. We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation. Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access. We may use non-personal data (data from which an individual cannot be identified) to improve our and services. Sharing your personal data with others.
We may share your personal data with our partners (such as Reimagining General Practice Health Support Services or other such services we have outsourced or subcontracted to). This is to help us deliver our services to you. We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service. Where you access our services through another health provider (including your employer) we may share with such partner your name, date of birth, email address, location, and the fact you have registered/used the service (and any other similar information).
We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us. We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP and other NHS bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations. If you use our NHS services, we will share your records with Share Care Records systems, which provides other members of the scheme (such as, amongst others, NHS Trusts, social services, community services and the ambulance services) with access to your data to promote integrated care for you, and for research and statistical purposes. You may contact us at any time to opt out of this data sharing by following the instructions on our website.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person. Except as described above, we will never share your personal information with any other party without your consent. Risk in mobile or email communication.
If you consent to us contacting you by text message or by email following an econsultation or other consultation, you should be aware that there are risks. The following outlines some of the risks to your personal data:
Communication by e-mail or by text message has a number of risks which include, but are not limited to, the following:
E-mail and text messages can be circulated, forwarded and stored in paper and electronic files.
Backup copies of e-mail and text messages may exist even after the sender or the recipient has deleted his/her copy.
E-mail and text messages can be received by unintended recipients.
E-mail and text messages can be intercepted, altered, forwarded or used without authorization or detection.
E-mail and text messages can be used to introduce viruses into computer systems and phone systems.
You should not consent to receiving emails or text messages from us or send us emails or text messages wif any of the above risks concern you. If you do consent, you should ensure that the email address or mobile number you provide is your personal email address and mobile number.
Retention periods.
We retain your medical records in accordance with national best practice guidance - in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records for other periods as required by law or regulation.
GP records Retention period:
GP Records retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
Maternity records Retention period: 25 years after the birth of the last child.
Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation Retention period: 20 years after the date of the last contact; or 10 years after the patient's death if sooner.
Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data - including your primary care information, medication information and diagnostic information - on secure servers. Where you have chosen a password that enables you to access certain parts of our App or website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We encrypt data transmitted to and from the App or website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Your data may be processed or stored via destinations outside of the UK and the European Economic Area, but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA.
For patients who utilise Emis Web online (also known as Patient Access or Patient Access Online) or SystmOne online, the company who owns SystmOne is responsible for data security and data protection. SystmOne is the clinical system we use for recording your health records and can be accessed by us during consultation and by you online if you have registered for this service.
For more information on the data security requirements and data protection standards used by SystmOne, you can visit https://tpp-uk.com.
Your rights.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App or website.
You also have specific rights under the GDPR and DPA..
Wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App or website.
Understand and request a copy of information we hold about you.
Recordings of your appointments with us and other medical notes can be accessed via the App or website.
You can make a request by writing to us at one of the addresses below. Your request can include:
Access to your medical records, including a copy of your medical records
Asking us to rectify incorrect information we hold about you
Asking us to remove information (subject to limitations relating to our obligation to store medical records for prescribed periods of time or where such information is deemed relevant by the Practice)
Ask us to restrict our processing of your personal data or object to our processing
Ask for your data to be provided on a portable basis .
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate) .Contact us for any questions or concerns.
Your privacy matters
We are a primary care Partnership.
The current Practice sites are listed at the bottom of this page. The Main site is Crawcrook Medical Centre. Our other Practice site are classed as Branch Surgeries. Patients who have registered at one site have the right to use services at any of our sites.
The list of services we provide are:
Alternative Primary Medical Services (GP Surgery services)
Collectively, for the purposes of this privacy policy, our sites and services will be referred to as 'the Practice', and are run under contract by The Partnership. Our group organisations shall collectively be called 'the organisation'.
At our Practice, we aim to deliver services that enable patients to live longer, healthier lives are full, active and meaningful. We do this in full consideration of privacy. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), and to be leaders in primary healthcare when it comes to healthcare and privacy.
Our NHS services have two corporate structures: our Practice, which holds an APMS contract, and Reimagining General Practice Health Support Services Ltd, which provides non-clinical services and support services to the Practice.
Our CQC and Data Protection registered address is North East North Cumbria Integrated Care Board (ICB)
Who is responsible for my information?
The Practice is the data controller for your information and is responsible for looking after your record while you are a registered patient.
The person with the key responsibility for data protection and security is Mr Methven Forbes. Any queries or concerns should be raised with the practice first at at the address below. North Cumbria Integrated Care Board (ICB), also provides the practice with a Data Protection Officer, who can be contacted by clicking here.
The Practice is not responsible for the use of your personal data by any other NHS service or organisation. Where personal data about you is used by another NHS Service or Organisation, they are responsible for ensuring that the data they use is accurate and that it is used in a lawful manner. Where you have a complaint about how your data has been used by another NHS Service or Organisation that is not the Practice, you must raise your complaint directly with that NHS Serviec or Organisation.
The organisation offers a range of services delivered at our physical locations and via our website and smartphone app.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy. This policy explains how we use your personal data for our NHS services. It also governs the use of your data through our App, or our websites, including this website (and any reference to our App in this policy shall also include a reference to our website).
This policy covers:
Who we are
What personal data we hold and how we get it
What we use your personal data for
Sharing your personal data
Retention
Data security and transfers
Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer by writing to Methven Forbes at the address below.
Who we are
Our healthcare services are delivered by the Practice.
Your relationship is with the Practice. The delivery of our serfvices is conducted at the Practice sites listed below. For the avoidance of doubt and for the purposes of data processing, services may be carried out at any location deemed necessary by the Practice.
When this policy talks about 'the Practice', 'us' or 'we', it means all the services provided by our Practice.
What personal data we hold and how we get it
We use the following categories of personal data:
Personal details.
When you register with us, you complete forms (online or in paper format) and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners (for example, we use software called SystmOne to hold a patients' medical records). We use our own support services company “Reimagining General Practice Health Support Services Ltd”, which is wholly owned by Dr Mark Fuller and Mr Methven Forbes.
Health and medical information.
The main type of information we hold about you is health and medical information (information about your health, symptoms, treatments, consultations and sessions, medications and procedures). This includes details of your consultations with our doctors and other clinicians, interactions with our digital services, and interaction with our non-clinical staff. We get some of this information directly from you, when you register with us and when you use our healthcare services. If you use our NHS services, we will receive your medical history from your previous GP. If you use our other services (for example, if you register as a temporary patient), and if you have given consent for us to do so, we will send the consultation notes that we take during your use of the private service to your NHS GP (for minors, we will share such notes, in line with medical guidelines, without such consent). Any correspondence we receive from you is uploaded electronically to your medical record held by SystmOne or Emis Web as relevant.
Where we provide video consultations, we retain recordings of our consultations with you, in order to provide you with an easy way to re-watch your consultations where you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. These recordings are held securely in accordance with our retention policy. Once this service is live, you can access recordings of your consultations at any time through the App. We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us (for example where you use the NHS App or where you decide to share information collected from a smart watch or similar device with our App).
Financial information.
If you make any payments on the App or our website (for example, where you are requesting private work including medical examinations for HGV licence), your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information. Technical information and analytics.
When you use our App or website, we may automatically collect the following information where this is permitted by your device settings:(a) technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address); and(b) information about your visit, including services you viewed or used, App response times, interaction information (such as button presses) and any phone number used to call our customer service number. We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services.
Information obtained from third party services.
You may choose to connect your existing accounts with other providers (such as a social media provider) to your account with us. This may, for example, make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address, name, and other sign-up related details.
What we use your personal data for.
Your medical record is owned by the Secretary State for Health. You have the right to ensure that information held about you is accurate. However, you do not have the right to decide what information is held about you providing that the information held is relevant to: the provision of health care, our legal and statutory obligations, our regulatory obligations, or relevant as determined by the clinical or non-clinical staff member who has interacted with you. Your medical record may also hold details, including contact details of you next of kin and family members, carers, individuals and organisations who have provided you with care, or any other information deemed necessary by the Practice. This does not mean that such individuals and organisations have a right to view or obtain your personal medical record nor does it mean that the Practice has the right to share your medical record with such individuals and organisations, except where it is lawful to do so. It is a condition of your registration that you accept that we will hold all relevant information about you and about individuals and organisations as described above, and your registration with the Practice will be deemed as acceptance of your agreement to this condition.
The purposes for which we use your personal data and the legal grounds on which we do so are as follows: We obtain and use your personal details and financial details in order to establish and deliver our contract with you. We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous NHS GP if you use our GP service (in the same way that any GP practice would receive your medical history if they become your NHS GP). It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your GP, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms. Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services so that we can deliver better healthcare to you and other patients.
This medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with any of our services, such as our online consultations. This does not involve making any decisions about you - it is only about improving our services and software so that we can deliver a better experience to you and other patients, and help achieve our aim of enabling patients to live longer and healthier lives that are full, active and meaningful. Strict confidentiality and data security provisions apply at all times. We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address. We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our services to, for example, troubleshoot bugs within the App or website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App or website so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection. We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation. Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access. We may use non-personal data (data from which an individual cannot be identified) to improve our and services. Sharing your personal data with others.
We may share your personal data with our partners (such as Reimagining General Practice Health Support Services or other such services we have outsourced or subcontracted to). This is to help us deliver our services to you. We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service. Where you access our services through another health provider (including your employer) we may share with such partner your name, date of birth, email address, location, and the fact you have registered/used the service (and any other similar information).
We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us. We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP and other NHS bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations. If you use our NHS services, we will share your records with Share Care Records systems, which provides other members of the scheme (such as, amongst others, NHS Trusts, social services, community services and the ambulance services) with access to your data to promote integrated care for you, and for research and statistical purposes. You may contact us at any time to opt out of this data sharing by following the instructions on our website.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person. Except as described above, we will never share your personal information with any other party without your consent. Risk in mobile or email communication.
If you consent to us contacting you by text message or by email following an econsultation or other consultation, you should be aware that there are risks. The following outlines some of the risks to your personal data:
Communication by e-mail or by text message has a number of risks which include, but are not limited to, the following:
E-mail and text messages can be circulated, forwarded and stored in paper and electronic files.
Backup copies of e-mail and text messages may exist even after the sender or the recipient has deleted his/her copy.
E-mail and text messages can be received by unintended recipients.
E-mail and text messages can be intercepted, altered, forwarded or used without authorization or detection.
E-mail and text messages can be used to introduce viruses into computer systems and phone systems.
You should not consent to receiving emails or text messages from us or send us emails or text messages wif any of the above risks concern you. If you do consent, you should ensure that the email address or mobile number you provide is your personal email address and mobile number.
Retention periods.
We retain your medical records in accordance with national best practice guidance - in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records for other periods as required by law or regulation.
GP records Retention period:
GP Records retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
Maternity records Retention period: 25 years after the birth of the last child.
Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation Retention period: 20 years after the date of the last contact; or 10 years after the patient's death if sooner.
Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data - including your primary care information, medication information and diagnostic information - on secure servers. Where you have chosen a password that enables you to access certain parts of our App or website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We encrypt data transmitted to and from the App or website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Your data may be processed or stored via destinations outside of the UK and the European Economic Area, but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA.
For patients who utilise Emis Web online (also known as Patient Access or Patient Access Online) or SystmOne online, the company who owns SystmOne is responsible for data security and data protection. SystmOne is the clinical system we use for recording your health records and can be accessed by us during consultation and by you online if you have registered for this service.
For more information on the data security requirements and data protection standards used by SystmOne, you can visit https://tpp-uk.com.
Your rights.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App or website.
You also have specific rights under the GDPR and DPA..
Wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App or website.
Understand and request a copy of information we hold about you.
Recordings of your appointments with us and other medical notes can be accessed via the App or website.
You can make a request by writing to us at one of the addresses below. Your request can include:
A
ccess to your medical records, including a copy of your medical records
Asking us to rectify incorrect information we hold about you
Asking us to remove information (subject to limitations relating to our obligation to store medical records for prescribed periods of time or where such information is deemed relevant by the Practice)
Ask us to restrict our processing of your personal data or object to our processing
Ask for your data to be provided on a portable basis .
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate) .Contact us for any questions or concerns.
Your privacy matters
We are a primary care Partnership.
The current Practice sites are listed at the bottom of this page. The Main site is QUeens Medical Centre.
The list of services we provide are:
GMS Services (GP Surgery services)
Collectively, for the purposes of this privacy policy, our sites and services will be referred to as 'the Practice', and are run under contract by The Partnership. Our group organisations shall collectively be called 'the organisation'.
At our Practice, we aim to deliver services that enable patients to live longer, healthier lives are full, active and meaningful. We do this in full consideration of privacy. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), and to be leaders in primary healthcare when it comes to healthcare and privacy.
Our NHS services have two corporate structures: our Practice, which holds a GMS contract, and Reimagining General Practice Health Support Services Ltd, which provides non-clinical services and support services to the Practice.
Our CQC and Data Protection registered address is https://devon.icb.nhs.uk/
Who is responsible for my information?
The Practice is the data controller for your information and is responsible for looking after your record while you are a registered patient.
The person with the key responsibility for data protection and security is Mr Methven Forbes. Any queries or concerns should be raised with the practice first at at the address below. NHS Devon Integrated Care Board (ICB), also provides the practice with a Data Protection Officer, who can be contacted by clicking here.
The Practice is not responsible for the use of your personal data by any other NHS service or organisation. Where personal data about you is used by another NHS Service or Organisation, they are responsible for ensuring that the data they use is accurate and that it is used in a lawful manner. Where you have a complaint about how your data has been used by another NHS Service or Organisation that is not the Practice, you must raise your complaint directly with that NHS Serviec or Organisation.
The organisation offers a range of services delivered at our physical locations and via our website and smartphone app.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy. This policy explains how we use your personal data for our NHS services. It also governs the use of your data through our App, or our websites, including this website (and any reference to our App in this policy shall also include a reference to our website).
This policy covers:
Who we are
What personal data we hold and how we get it
What we use your personal data for
Sharing your personal data
Retention
Data security and transfers
Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer by writing to Methven Forbes at the address below.
Who we are
Our healthcare services are delivered by the Practice.
Your relationship is with the Practice. The delivery of our serfvices is conducted at the Practice sites listed below. For the avoidance of doubt and for the purposes of data processing, services may be carried out at any location deemed necessary by the Practice.
When this policy talks about 'the Practice', 'us' or 'we', it means all the services provided by our Practice.
What personal data we hold and how we get it
We use the following categories of personal data:
Personal details.
When you register with us, you complete forms (online or in paper format) and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners (for example, we use software called SystmOne to hold a patients' medical records). We use our own support services company “Reimagining General Practice Health Support Services Ltd”, which is wholly owned by Dr Mark Fuller and Mr Methven Forbes.
Health and medical information.
The main type of information we hold about you is health and medical information (information about your health, symptoms, treatments, consultations and sessions, medications and procedures). This includes details of your consultations with our doctors and other clinicians, interactions with our digital services, and interaction with our non-clinical staff. We get some of this information directly from you, when you register with us and when you use our healthcare services. If you use our NHS services, we will receive your medical history from your previous GP. If you use our other services (for example, if you register as a temporary patient), and if you have given consent for us to do so, we will send the consultation notes that we take during your use of the private service to your NHS GP (for minors, we will share such notes, in line with medical guidelines, without such consent). Any correspondence we receive from you is uploaded electronically to your medical record held by SystmOne or Emis Web as relevant.
Where we provide video consultations, we retain recordings of our consultations with you, in order to provide you with an easy way to re-watch your consultations where you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. These recordings are held securely in accordance with our retention policy. Once this service is live, you can access recordings of your consultations at any time through the App. We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us (for example where you use the NHS App or where you decide to share information collected from a smart watch or similar device with our App).
Financial information.
If you make any payments on the App or our website (for example, where you are requesting private work including medical examinations for HGV licence), your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information. Technical information and analytics.
When you use our App or website, we may automatically collect the following information where this is permitted by your device settings:(a) technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address); and(b) information about your visit, including services you viewed or used, App response times, interaction information (such as button presses) and any phone number used to call our customer service number. We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services.
Information obtained from third party services.
You may choose to connect your existing accounts with other providers (such as a social media provider) to your account with us. This may, for example, make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address, name, and other sign-up related details.
What we use your personal data for.
Your medical record is owned by the Secretary State for Health. You have the right to ensure that information held about you is accurate. However, you do not have the right to decide what information is held about you providing that the information held is relevant to: the provision of health care, our legal and statutory obligations, our regulatory obligations, or relevant as determined by the clinical or non-clinical staff member who has interacted with you. Your medical record may also hold details, including contact details of you next of kin and family members, carers, individuals and organisations who have provided you with care, or any other information deemed necessary by the Practice. This does not mean that such individuals and organisations have a right to view or obtain your personal medical record nor does it mean that the Practice has the right to share your medical record with such individuals and organisations, except where it is lawful to do so. It is a condition of your registration that you accept that we will hold all relevant information about you and about individuals and organisations as described above, and your registration with the Practice will be deemed as acceptance of your agreement to this condition.
The purposes for which we use your personal data and the legal grounds on which we do so are as follows: We obtain and use your personal details and financial details in order to establish and deliver our contract with you. We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous NHS GP if you use our GP service (in the same way that any GP practice would receive your medical history if they become your NHS GP). It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your GP, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms. Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services so that we can deliver better healthcare to you and other patients.
This medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with any of our services, such as our online consultations. This does not involve making any decisions about you - it is only about improving our services and software so that we can deliver a better experience to you and other patients, and help achieve our aim of enabling patients to live longer and healthier lives that are full, active and meaningful. Strict confidentiality and data security provisions apply at all times. We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address. We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our services to, for example, troubleshoot bugs within the App or website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App or website so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection. We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation. Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access. We may use non-personal data (data from which an individual cannot be identified) to improve our and services. Sharing your personal data with others.
We may share your personal data with our partners (such as Reimagining General Practice Health Support Services or other such services we have outsourced or subcontracted to). This is to help us deliver our services to you. We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service. Where you access our services through another health provider (including your employer) we may share with such partner your name, date of birth, email address, location, and the fact you have registered/used the service (and any other similar information).
We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us. We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP and other NHS bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations. If you use our NHS services, we will share your records with Share Care Records systems, which provides other members of the scheme (such as, amongst others, NHS Trusts, social services, community services and the ambulance services) with access to your data to promote integrated care for you, and for research and statistical purposes. You may contact us at any time to opt out of this data sharing by following the instructions on our website.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person. Except as described above, we will never share your personal information with any other party without your consent. Risk in mobile or email communication.
If you consent to us contacting you by text message or by email following an econsultation or other consultation, you should be aware that there are risks. The following outlines some of the risks to your personal data:
Communication by e-mail or by text message has a number of risks which include, but are not limited to, the following:
E-mail and text messages can be circulated, forwarded and stored in paper and electronic files.
Backup copies of e-mail and text messages may exist even after the sender or the recipient has deleted his/her copy.
E-mail and text messages can be received by unintended recipients.
E-mail and text messages can be intercepted, altered, forwarded or used without authorization or detection.
E-mail and text messages can be used to introduce viruses into computer systems and phone systems.
You should not consent to receiving emails or text messages from us or send us emails or text messages wif any of the above risks concern you. If you do consent, you should ensure that the email address or mobile number you provide is your personal email address and mobile number.
Retention periods.
We retain your medical records in accordance with national best practice guidance - in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records for other periods as required by law or regulation.
GP records Retention period:
GP Records retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
Maternity records Retention period: 25 years after the birth of the last child.
Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation Retention period: 20 years after the date of the last contact; or 10 years after the patient's death if sooner.
Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data - including your primary care information, medication information and diagnostic information - on secure servers. Where you have chosen a password that enables you to access certain parts of our App or website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We encrypt data transmitted to and from the App or website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Your data may be processed or stored via destinations outside of the UK and the European Economic Area, but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA.
For patients who utilise Emis Web online (also known as Patient Access or Patient Access Online) or SystmOne online, the company who owns SystmOne is responsible for data security and data protection. SystmOne is the clinical system we use for recording your health records and can be accessed by us during consultation and by you online if you have registered for this service.
For more information on the data security requirements and data protection standards used by SystmOne, you can visit https://tpp-uk.com.
Your rights.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App or website.
You also have specific rights under the GDPR and DPA..
Wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App or website.
Understand and request a copy of information we hold about you.
Recordings of your appointments with us and other medical notes can be accessed via the App or website.
You can make a request by writing to us at one of the addresses below. Your request can include:
A
ccess to your medical records, including a copy of your medical records
Asking us to rectify incorrect information we hold about you
Asking us to remove information (subject to limitations relating to our obligation to store medical records for prescribed periods of time or where such information is deemed relevant by the Practice)
Ask us to restrict our processing of your personal data or object to our processing
Ask for your data to be provided on a portable basis .
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate) .Contact us for any questions or concerns.
Your privacy matters
We are a primary care Partnership.
The current Practice sites are listed at the bottom of this page. The Main site is Coleridge Medical Centre. Our other Practice site isclassed as a Branch Surgery. Patients who have registered at one site have the right to use services at any of our sites.
The list of services we provide are:
GMS Services (GP Surgery services)
Collectively, for the purposes of this privacy policy, our sites and services will be referred to as 'the Practice', and are run under contract by The Partnership. Our group organisations shall collectively be called 'the organisation'.
At our Practice, we aim to deliver services that enable patients to live longer, healthier lives are full, active and meaningful. We do this in full consideration of privacy. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), and to be leaders in primary healthcare when it comes to healthcare and privacy.
Our NHS services have two corporate structures: our Practice, which holds a GMS contract, and Reimagining General Practice Health Support Services Ltd, which provides non-clinical services and support services to the Practice.
Our CQC and Data Protection registered address is https://devon.icb.nhs.uk/
Who is responsible for my information?
The Practice is the data controller for your information and is responsible for looking after your record while you are a registered patient.
The person with the key responsibility for data protection and security is Mr Methven Forbes. Any queries or concerns should be raised with the practice first at at the address below. NHS Devon Integrated Care Board (ICB), also provides the practice with a Data Protection Officer, who can be contacted by clicking here.
The Practice is not responsible for the use of your personal data by any other NHS service or organisation. Where personal data about you is used by another NHS Service or Organisation, they are responsible for ensuring that the data they use is accurate and that it is used in a lawful manner. Where you have a complaint about how your data has been used by another NHS Service or Organisation that is not the Practice, you must raise your complaint directly with that NHS Serviec or Organisation.
The organisation offers a range of services delivered at our physical locations and via our website and smartphone app.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy. This policy explains how we use your personal data for our NHS services. It also governs the use of your data through our App, or our websites, including this website (and any reference to our App in this policy shall also include a reference to our website).
This policy covers:
Who we are
What personal data we hold and how we get it
What we use your personal data for
Sharing your personal data
Retention
Data security and transfers
Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer by writing to Methven Forbes at the address below.
Who we are
Our healthcare services are delivered by the Practice.
Your relationship is with the Practice. The delivery of our serfvices is conducted at the Practice sites listed below. For the avoidance of doubt and for the purposes of data processing, services may be carried out at any location deemed necessary by the Practice.
When this policy talks about 'the Practice', 'us' or 'we', it means all the services provided by our Practice.
What personal data we hold and how we get it
We use the following categories of personal data:
Personal details.
When you register with us, you complete forms (online or in paper format) and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners (for example, we use software called SystmOne to hold a patients' medical records). We use our own support services company “Reimagining General Practice Health Support Services Ltd”, which is wholly owned by Dr Mark Fuller and Mr Methven Forbes.
Health and medical information.
The main type of information we hold about you is health and medical information (information about your health, symptoms, treatments, consultations and sessions, medications and procedures). This includes details of your consultations with our doctors and other clinicians, interactions with our digital services, and interaction with our non-clinical staff. We get some of this information directly from you, when you register with us and when you use our healthcare services. If you use our NHS services, we will receive your medical history from your previous GP. If you use our other services (for example, if you register as a temporary patient), and if you have given consent for us to do so, we will send the consultation notes that we take during your use of the private service to your NHS GP (for minors, we will share such notes, in line with medical guidelines, without such consent). Any correspondence we receive from you is uploaded electronically to your medical record held by SystmOne or Emis Web as relevant.
Where we provide video consultations, we retain recordings of our consultations with you, in order to provide you with an easy way to re-watch your consultations where you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. These recordings are held securely in accordance with our retention policy. Once this service is live, you can access recordings of your consultations at any time through the App. We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us (for example where you use the NHS App or where you decide to share information collected from a smart watch or similar device with our App).
Financial information.
If you make any payments on the App or our website (for example, where you are requesting private work including medical examinations for HGV licence), your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information. Technical information and analytics.
When you use our App or website, we may automatically collect the following information where this is permitted by your device settings:(a) technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address); and(b) information about your visit, including services you viewed or used, App response times, interaction information (such as button presses) and any phone number used to call our customer service number. We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services.
Information obtained from third party services.
You may choose to connect your existing accounts with other providers (such as a social media provider) to your account with us. This may, for example, make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address, name, and other sign-up related details.
What we use your personal data for.
Your medical record is owned by the Secretary State for Health. You have the right to ensure that information held about you is accurate. However, you do not have the right to decide what information is held about you providing that the information held is relevant to: the provision of health care, our legal and statutory obligations, our regulatory obligations, or relevant as determined by the clinical or non-clinical staff member who has interacted with you. Your medical record may also hold details, including contact details of you next of kin and family members, carers, individuals and organisations who have provided you with care, or any other information deemed necessary by the Practice. This does not mean that such individuals and organisations have a right to view or obtain your personal medical record nor does it mean that the Practice has the right to share your medical record with such individuals and organisations, except where it is lawful to do so. It is a condition of your registration that you accept that we will hold all relevant information about you and about individuals and organisations as described above, and your registration with the Practice will be deemed as acceptance of your agreement to this condition.
The purposes for which we use your personal data and the legal grounds on which we do so are as follows: We obtain and use your personal details and financial details in order to establish and deliver our contract with you. We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous NHS GP if you use our GP service (in the same way that any GP practice would receive your medical history if they become your NHS GP). It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your GP, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms. Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services so that we can deliver better healthcare to you and other patients.
This medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with any of our services, such as our online consultations. This does not involve making any decisions about you - it is only about improving our services and software so that we can deliver a better experience to you and other patients, and help achieve our aim of enabling patients to live longer and healthier lives that are full, active and meaningful. Strict confidentiality and data security provisions apply at all times. We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address. We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our services to, for example, troubleshoot bugs within the App or website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App or website so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection. We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation. Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access. We may use non-personal data (data from which an individual cannot be identified) to improve our and services. Sharing your personal data with others.
We may share your personal data with our partners (such as Reimagining General Practice Health Support Services or other such services we have outsourced or subcontracted to). This is to help us deliver our services to you. We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service. Where you access our services through another health provider (including your employer) we may share with such partner your name, date of birth, email address, location, and the fact you have registered/used the service (and any other similar information).
We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us. We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP and other NHS bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations. If you use our NHS services, we will share your records with Share Care Records systems, which provides other members of the scheme (such as, amongst others, NHS Trusts, social services, community services and the ambulance services) with access to your data to promote integrated care for you, and for research and statistical purposes. You may contact us at any time to opt out of this data sharing by following the instructions on our website.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person. Except as described above, we will never share your personal information with any other party without your consent. Risk in mobile or email communication.
If you consent to us contacting you by text message or by email following an econsultation or other consultation, you should be aware that there are risks. The following outlines some of the risks to your personal data:
Communication by e-mail or by text message has a number of risks which include, but are not limited to, the following:
E-mail and text messages can be circulated, forwarded and stored in paper and electronic files.
Backup copies of e-mail and text messages may exist even after the sender or the recipient has deleted his/her copy.
E-mail and text messages can be received by unintended recipients.
E-mail and text messages can be intercepted, altered, forwarded or used without authorization or detection.
E-mail and text messages can be used to introduce viruses into computer systems and phone systems.
You should not consent to receiving emails or text messages from us or send us emails or text messages wif any of the above risks concern you. If you do consent, you should ensure that the email address or mobile number you provide is your personal email address and mobile number.
Retention periods.
We retain your medical records in accordance with national best practice guidance - in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records for other periods as required by law or regulation.
GP records Retention period:
GP Records retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
Maternity records Retention period: 25 years after the birth of the last child.
Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation Retention period: 20 years after the date of the last contact; or 10 years after the patient's death if sooner.
Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data - including your primary care information, medication information and diagnostic information - on secure servers. Where you have chosen a password that enables you to access certain parts of our App or website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We encrypt data transmitted to and from the App or website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Your data may be processed or stored via destinations outside of the UK and the European Economic Area, but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA.
For patients who utilise Emis Web online (also known as Patient Access or Patient Access Online) or SystmOne online, the company who owns SystmOne is responsible for data security and data protection. SystmOne is the clinical system we use for recording your health records and can be accessed by us during consultation and by you online if you have registered for this service.
For more information on the data security requirements and data protection standards used by SystmOne, you can visit https://tpp-uk.com.
Your rights.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App or website.
You also have specific rights under the GDPR and DPA..
Wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App or website.
Understand and request a copy of information we hold about you.
Recordings of your appointments with us and other medical notes can be accessed via the App or website.
You can make a request by writing to us at one of the addresses below. Your request can include:
A
ccess to your medical records, including a copy of your medical records
Asking us to rectify incorrect information we hold about you
Asking us to remove information (subject to limitations relating to our obligation to store medical records for prescribed periods of time or where such information is deemed relevant by the Practice)
Ask us to restrict our processing of your personal data or object to our processing
Ask for your data to be provided on a portable basis .
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate) .Contact us for any questions or concerns.
Your privacy matters
Plymouth Primary Care Ltd is the umbrella name for Practices run by Plymouth Primary Care Ltd company number 15006610, under a Alternative Primary Medical Services (APMS) Contract.
The current Practice sites are listed at the bottom of this page. The Main site is Stirling Road Medical Centre. Our other Practice sites are classed as Branch Surgeries. Patients who have registered at one site have the right to use services at any of our sites.
The list of services we provide are:
APMS Services (GP Surgery services)
Community Intermediate Care Services (CIC)
Primary Care Network Services
Collectively, for the purposes of this privacy policy, our sites and services will be referred to as 'the Practice', and are run under contract by Plymouth Primary Care Ltd. Our group organisations shall collectively be called 'the organisation'.
At our Practice, we aim to deliver services that enable patients to live longer, healthier lives are full, active and meaningful. We do this in full consideration of privacy. We strive to comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), and to be leaders in primary healthcare when it comes to healthcare and privacy.
Our NHS services have two corporate structures: Plymouth Primary Care Ltd, which holds the APMS and CIC contract, and Reimagining General Practice Health Support Services Ltd, which provides non-clinical services and support services to Plymouth Primary Care.
Our CQC and Data Protection registered address is https://devon.icb.nhs.uk/
Who is responsible for my information?
The Practice is the data controller for your information and is responsible for looking after your record while you are a registered patient.
The person with the key responsibility for data protection and security is Mr Methven Forbes. Any queries or concerns should be raised with the practice first at Stirling Road Medical Centre, Stirling Road, St Budeaux, Plymouth, PL5 1PL. NHS Devon Integrated Care Board (ICB), also provides the practice with a Data Protection Officer, who can be contacted by clicking here.
The Practice is not responsible for the use of your personal data by any other NHS service or organisation. Where personal data about you is used by another NHS Service or Organisation, they are responsible for ensuring that the data they use is accurate and that it is used in a lawful manner. Where you have a complaint about how your data has been used by another NHS Service or Organisation that is not the Practice, you must raise your complaint directly with that NHS Serviec or Organisation.
The organisation offers a range of services delivered at our physical locations and via our website and smartphone app.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy. This policy explains how we use your personal data for our NHS services. It also governs the use of your data through our App, or our websites, including the plymouthprimarycare.co.uk (and any reference to our App in this policy shall also include a reference to our website).
This policy covers:
Who we are
What personal data we hold and how we get it
What we use your personal data for
Sharing your personal data
Retention
Data security and transfers
Your rights
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer by writing to Methven Forbes at Stirling Road Medical Centre, Stirling Road, St Budeaux, Plymouth, PL5 1PL.
Who we are
Our healthcare services are delivered by the Practice.
Your relationship is with the Practice. The delivery of APMS and CIC services is conducted at the Practice sites listed above. For the avoidance of doubt and for the purposes of data processing, services may be carried out at any location deemed necessary by the Practice.
When this policy talks about 'the Practice', 'us' or 'we', it means all the services provided by Plymouth Primary Care Ltd.
What personal data we hold and how we get it
We use the following categories of personal data:
Personal details.
When you register with us, you complete forms (online or in paper format) and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with a copy of identification documentation for ID checks to be carried out by one of our commercial partners (for example, we use software called SystmOne to hold a patients' medical records). We use our own support services company “Reimagining General Practice Health Support Services Ltd”, which is wholly owned by the two individuals acting as directors for Plymouth Primary Care Ltd and Reimagining General Practice GPMS Services Ltd.
Health and medical information.
The main type of information we hold about you is health and medical information (information about your health, symptoms, treatments, consultations and sessions, medications and procedures). This includes details of your consultations with our doctors and other clinicians, interactions with our digital services, and interaction with our non-clinical staff. We get some of this information directly from you, when you register with us and when you use our healthcare services. If you use our NHS services, we will receive your medical history from your previous GP. If you use our other services (for example, if you register as a temporary patient), and if you have given consent for us to do so, we will send the consultation notes that we take during your use of the private service to your NHS GP (for minors, we will share such notes, in line with medical guidelines, without such consent). Any correspondence we receive from you is uploaded electronically to your medical record held by Emis Web as relevant.
Where we provide video consultations, we retain recordings of our consultations with you, in order to provide you with an easy way to re-watch your consultations where you wish to, so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. These recordings are held securely in accordance with our retention policy. Once this service is live, you can access recordings of your consultations at any time through the App. We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us (for example where you use the NHS App or where you decide to share information collected from a smart watch or similar device with our App).
Financial information.
If you make any payments on the App or our website (for example, where you are requesting private work including medical examinations for HGV licence), your credit/debit card details are processed directly by a third party processor that will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your credit or debit card information. Technical information and analytics.
When you use our App or website, we may automatically collect the following information where this is permitted by your device settings:(a) technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system type and version, browser or app version, time zone setting, operating system and platform, and your location (based on IP address); and(b) information about your visit, including services you viewed or used, App response times, interaction information (such as button presses) and any phone number used to call our customer service number. We work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services.
Information obtained from third party services.
You may choose to connect your existing accounts with other providers (such as a social media provider) to your account with us. This may, for example, make it easier to create an account with us. If you choose to do this, we will receive limited information about you from that provider, such as your email address, name, and other sign-up related details.
What we use your personal data for.
Your medical record is owned by the Secretary State for Health. You have the right to ensure that information held about you is accurate. However, you do not have the right to decide what information is held about you providing that the information held is relevant to: the provision of health care, our legal and statutory obligations, our regulatory obligations, or relevant as determined by the clinical or non-clinical staff member who has interacted with you. Your medical record may also hold details, including contact details of you next of kin and family members, carers, individuals and organisations who have provided you with care, or any other information deemed necessary by the Practice. This does not mean that such individuals and organisations have a right to view or obtain your personal medical record nor does it mean that the Practice has the right to share your medical record with such individuals and organisations, except where it is lawful to do so. It is a condition of your registration that you accept that we will hold all relevant information about you and about individuals and organisations as described above, and your registration with the Practice will be deemed as acceptance of your agreement to this condition.
The purposes for which we use your personal data and the legal grounds on which we do so are as follows: We obtain and use your personal details and financial details in order to establish and deliver our contract with you. We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous NHS GP if you use our GP service (in the same way that any GP practice would receive your medical history if they become your NHS GP). It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your GP, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms. Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services so that we can deliver better healthcare to you and other patients.
This medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with any of our services, such as our online consultations. This does not involve making any decisions about you - it is only about improving our services and software so that we can deliver a better experience to you and other patients, and help achieve our aim of enabling patients to live longer and healthier lives that are full, active and meaningful. Strict confidentiality and data security provisions apply at all times. We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address. We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time. Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our services to, for example, troubleshoot bugs within the App or website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App or website so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection. We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the General Medical Council, MHRA, and Care Quality Commission, or as otherwise required by law or regulation. Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access. We may use non-personal data (data from which an individual cannot be identified) to improve our and services. Sharing your personal data with others.
We may share your personal data with our partners (such as Reimagining General Practice Health Support Services or other such services we have outsourced or subcontracted to). This is to help us deliver our services to you. We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service. Where you access our services through another health provider (including your employer) we may share with such partner your name, date of birth, email address, location, and the fact you have registered/used the service (and any other similar information).
We will not without your consent share any details relating to the content of your consultation with us or your health/medical records. With your consent, we may share the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us. We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your NHS GP and other NHS bodies, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, diagnosis centres chosen by you for the purpose of imaging requests, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations. If you use our NHS services, we will share your records with Share Care Records systems, which provides other members of the scheme (such as, amongst others, NHS Trusts, social services, community services and the ambulance services) with access to your data to promote integrated care for you, and for research and statistical purposes. You may contact us at any time to opt out of this data sharing by following the instructions on our website plymouthprimarycare.co.uk
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person. Except as described above, we will never share your personal information with any other party without your consent. Risk in mobile or email communication.
If you consent to us contacting you by text message or by email following an econsultation or other consultation, you should be aware that there are risks. The following outlines some of the risks to your personal data:
Communication by e-mail or by text message has a number of risks which include, but are not limited to, the following:
E-mail and text messages can be circulated, forwarded and stored in paper and electronic files.
Backup copies of e-mail and text messages may exist even after the sender or the recipient has deleted his/her copy.
E-mail and text messages can be received by unintended recipients.
E-mail and text messages can be intercepted, altered, forwarded or used without authorization or detection.
E-mail and text messages can be used to introduce viruses into computer systems and phone systems.
You should not consent to receiving emails or text messages from us or send us emails or text messages wif any of the above risks concern you. If you do consent, you should ensure that the email address or mobile number you provide is your personal email address and mobile number.
Retention periods.
We retain your medical records in accordance with national best practice guidance - in particular, advice provided by the Department of Health (2006) Records management: NHS code of practice, and summary guidance issued by the British Medical Association. The below is a summary of our retention policy, but we may retain records for other periods as required by law or regulation.
GP records Retention period:
GP Records retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period. Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future.
Maternity records Retention period: 25 years after the birth of the last child.
Records relating to persons receiving treatment for a mental disorder within the meaning of mental health legislation Retention period: 20 years after the date of the last contact; or 10 years after the patient's death if sooner.
Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data - including your primary care information, medication information and diagnostic information - on secure servers. Where you have chosen a password that enables you to access certain parts of our App or website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone. We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology. We encrypt data transmitted to and from the App or website. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Your data may be processed or stored via destinations outside of the UK and the European Economic Area, but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA.
For patients who utilise Emis Web online (also known as Patient Access or Patient Access Online) or SystmOne online, the company who owns SystmOne is responsible for data security and data protection. SystmOne is the clinical system we use for recording your health records and can be accessed by us during consultation and by you online if you have registered for this service.
For more information on the data security requirements and data protection standards used by SystmOne, you can visit https://tpp-uk.com.
Your rights.
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App or website.
You also have specific rights under the GDPR and DPA..
Wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App or website.
Understand and request a copy of information we hold about you.
Recordings of your appointments with us and other medical notes can be accessed via the App or website.
You can make a request by writing to us at one of the addresses below. Your request can include:
A
ccess to your medical records, including a copy of your medical records
Asking us to rectify incorrect information we hold about you
Asking us to remove information (subject to limitations relating to our obligation to store medical records for prescribed periods of time or where such information is deemed relevant by the Practice)
Ask us to restrict our processing of your personal data or object to our processing
Ask for your data to be provided on a portable basis .
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate) .Contact us for any questions or concerns.