GDPR

The new General Data Protection Regulation and our practice responsibilities.

How we use Your Information and the Law

Thorns Road Surgery will be what’s known as the ‘Controller’ of the personal data you provide to us.

We collect basic personal data about you which does not include any special types of information or location based information. This does however include name, address, contact details such as email and mobile number etc.

We will also collect sensitive confidential data known as “special category personal data”, in the form of  health information,  religious belief (if required in a healthcare setting) ethnicity, and sex” during the services we provide to you and or linked to your healthcare through other health providers or third parties.

“Why do we Need Your Information?

We need to know your personal, sensitive and confidential data in order to provide you with healthcare services as a general practice, under the General Data Protection Regulation we will be lawfully using your information in accordance with:

  • Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”
  • Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems

Where do we Store Your Information Electronically?

All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.

No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place.

We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.

How Long Will we Store Your Information?

We are required under UK tax law to keep your information and data for the full retention periods as specified by the NHS Records management code of practice for health and social care and national archives requirements.

With your Consent we Would Also Like to use Your Information to..

We would however like to use your name, contact details and email address to inform you of services that may benefit you, with your consent only.  There may be occasions where authorised research facilities would like you to take part in innovations, research, improving services or identifying trends.

At any stage where we would like to use your data for anything other than the specified purposes and where there is no lawful requirement for us to share or process your data, we will ensure that you have the ability to consent and opt out prior to any data processing taking place.

This information is not shared with third parties or used for any marketing and you can unsubscribe at any time via phone, email or by informing the practice DPO as below.

What are Your Rights?

If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. You can still request a copy of your medical Records from the practice, free of charge.

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).  Details can be found at www.ico.org.uk.

Who is the Data Protection Officer for the Practice?

Our Data Protection Officer is Paul Couldrey of PCIG Consulting Limited , and you can contact them by telephone on 07525 623939 or email at Couldrey@me.com as well as via post to the practice.