Westend Medical Practice

Privacy Policy

Definitions

We/Us/GP [abbreviation of GP practice name, omit if no abbreviation used] terms refer to GP practice name, who provides… [brief description of what you do e.g., GP services for people living in…]

[Define here any other acronyms or special terms you use below]

This website is a service provided by [GP practice name.]

Introduction

This privacy disclaimer applies to the [www.gpwebsite.co.uk] website only. Links within this site to other websites are not covered by these guidelines. We are not responsible for the privacy practices, content, or the monitoring of content for those sites and therefore we take no responsibility once you leave this website. Linking to other websites from our site does not necessarily imply endorsement on the part of DHU.

You do not have to request permission to link to our website via hyperlinks. You must however request permission to use any of our content or publicly display our logos.

By accessing and using our website you agree to the terms of this policy.

Collection and Use of Personal Information

[Practice name] gather personal data as entered onto the various forms accessed from within this site. When we process your personal information, [Practice name] is the Data Controller. As a data controller [Practice name] has a duty to comply with the UK General Data Protection Regulation (UK GDPR) and the UK Data protection Act 2018, which requires that processing of your personal information is fair, lawful, and transparent. This means we must:

  • Keep sufficient information to provide services and fulfil our legal responsibilities.
  • Keep your records secure and accurate.
  • Only keep information as long as necessary
  • Collect, store, and use the information you provide in a manner that is compatible with data protection legislation.

Furthermore, we have a legal obligation to respect the common law duty of confidentiality. Healthcare professionals are committed to maintain confidentiality.

[GP is registered as a data controller with the Information Commissioners Office – registration number …. Our registration entry can be seen here (https://ico.org.uk/ESDWebPages/Entry/…)]

GP Contact Details

[Address]

Tel: [Telephone number]

Data Protection Officer

The [Practice name] Data Protection Officer is the Information Governance Manager and can be contacted at [email address].

When entering any information on this site, you agree that we may collect, hold, process, and use your information (including personal information) for the purposes [as given by the forms on this website. These include, but may not be limited to, the Contact Us form, Friends and Family Test, Sick / Fit Note Request, and the Patient Registration form.]

The data you submit may be downloaded and transferred to our local and remote systems to facilitate processing the data, where we feel the appropriate security measures are in place.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. The first time you use this website, you will be required to agree to and submit your consent to the collection and use of your personal information. You can remove your consent at any time by contacting [email address]
  • We have a legitimate interest.

Under the Data Protection Act, we have a legal duty to protect any information we collect. We will only use your information for the purpose we have described, and your information will not be sold to third parties or used for marketing purposes. We reserve the right to disclose your personal information to comply with applicable laws and government or regulatory bodies’ lawful requests for information.

Cookies

A cookie is a small text file that is placed on your computer by your web browser. These files are either stored in the memory of your computer or device or are placed on the hard drive. Cookies are commonly used to help or personalise the users browsing experience or identify you to the server processing your requests e.g., if you have previously logged in (functional cookies).

In addition, cookies may provide information on how you interact with the website, to enable analysis and improvements e.g., through Google Analytics (analytical cookies). Information collected through analytical cookies is not personally identifiable. It includes general information about your computer e.g., operating system, IP address, pages visited and links clicked on this website you have visited and timings of browsing.

Most browsers accept cookies automatically, but usually you can alter the settings of your browser to erase cookies or prevent automatic acceptance if you prefer. If you choose not to receive cookies from our website, you may not be able to use some of the core features of the site such as completing the referral form.

See About Cookies [link to: /about-cookies] for a breakdown of what cookies we use on this site.

Keeping Your Personal Information Secure

We take the security of your personal information very seriously and have appropriate physical, technical, and administrative procedures in place to help protect your personal information from unauthorised access, use or disclosure as required by law in England. Any personal information entered on the referral form is temporarily stored securely on servers at Leicestershire Health Information Service (LHIS). This data is then passed to [Practice name] where it is stored securely … [amend as appropriate, original text: will be kept for a period of 5 years, and thereafter disposed of by securely erasing from the servers.]

Changes to this Privacy Policy

If we change this privacy policy, we will post the revised privacy policy here with an updated effective date. If we make significant changes to the privacy policy, we may also notify you by other means such as sending an email or posting a notice on our website homepage.

Your data protection rights

Under data protection law, you have rights including:

  • the right to ask us for copies of your personal information.
  • the right to ask us to rectify personal information you think is inaccurate or incomplete.
  • the right to ask us to erase your personal information in certain circumstances.the right to ask us to object to or restrict the processing of your personal information in certain circumstances.
  • the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at [email address] if you wish to make a request.

Feedback

To comment on the website, ask technical queries or questions about the application and how your data is collected, you can email [email address]. If you contact us asking for information, we may need to contact other NHS departments or external organisations to find that information.

If you have any concerns about our use of your personal information, you can make a complaint to us at [email address].

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk