Skip to main content

Our Data Privacy

Last Updated: Friday, 30 January 2026

Practice Data Privacy Notice

Data Privacy Policy

1. Introduction

This Practice is committed to protecting your personal data and using it lawfully, fairly and transparently. This privacy notice explains how we use your information under:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • NHS Records Management Code of Practice
  • Common Law Duty of Confidentiality

We keep this notice under regular review.

2. How We Use Your Medical Information

We handle medical information in strict accordance with data protection law and NHS confidentiality rules.

We use your data for the following purposes:

a) Direct Care

We share relevant medical information with healthcare professionals involved in your care, on a need‑to‑know and event‑by‑event basis. This may include:

  • Hospitals and consultants
  • Community nursing teams
  • Mental health services
  • Allied health professionals
  • Pharmacists
b) Summary Care Record (SCR)

A limited snapshot of your key information (e.g., medications, allergies, adverse reactions) is automatically copied to your Summary Care Record to support urgent and emergency care. You may opt out at any time. Summary Care Record - NHS England Digital

c) Out-of-Hours and Urgent Care Services

We share the minimum necessary information with NHS 111, GP out‑of‑hours providers and urgent care centres so they can provide safe care.

d) National Screening Programmes

Your data is used to identify eligibility for programmes such as:

  • Cervical screening
  • Breast screening
  • Bowel screening
  • AAA screening

This is required by law and funded by NHS England.

For more information about NHS screening programmes and how your data is used, see: https://www.nhs.uk/conditions/nhs-screening/

e) National Health Campaigns and Preventative Programmes

We use data to support NHS‑wide public health campaigns including:

  • Flu vaccination
  • COVID‑19 vaccination
  • Diabetes prevention schemes
f) NHS Management and Administration (De‑identified Data)

We provide data, usually anonymised or pseudonymised, for:

  • NHS service planning
  • Activity reporting
  • Payments and reimbursement
  • Quality and Outcomes Framework (QOF) monitoring

You can choose whether your confidential patient information is used for research and planning. To find out more and to set your choice, visit: https://www.nhs.uk/your-nhs-data-matters/

g) Legal Obligations to Share Information

We must share information where required by law, for example:

  • Care Quality Commission inspections
  • Notifications of certain infectious diseases
  • Safeguarding adults and children
  • Coroners' investigations
h) Quality and Safety Improvement

We use data to audit, review and improve clinical care.

i) Medical Research and Clinical Audit

We may share information for ethically‑approved research or audit, usually in a de‑identified form. If identifiable data is required, your consent will be sought unless the law allows otherwise.

3. Your Rights

Under the UK GDPR you have the following rights regarding your personal information:

  • Right to access (Subject Access Request)
  • Right to rectification
  • Right to erasure (where applicable)
  • Right to restrict processing
  • Right to object
  • Right to data portability (limited application in healthcare)
  • Right to be informed

Some rights may not apply where data is processed for the provision of direct care.

4. Subject Access Requests (SARs)

You may request access to the information we hold about you, verbally or in writing, by contacting our Care Navigator Team.

We will respond within one calendar month. If the request is complex or large, we may extend this by up to two months — we will notify you within the first month if an extension is needed.

Fees

Most requests are free. However, we may charge a reasonable fee if:

  • you request additional copies of data previously supplied, or
  • your request is manifestly unfounded or excessive

This fee only covers the administrative time required to review and remove:

  • references to third parties
  • legally restricted or harmful information

5. How We Store Your Data

We use secure NHS systems for electronic records.
Where paper records exist, they are stored securely in locked rooms with controlled access.

6. How Long We Keep Records

We follow the NHS Records Management Code of Practice, ensuring that medical records are retained for the appropriate period before secure disposal.

7. How to Contact Us

If you have questions about how we use your information, please contact the practice’s Data Protection Officer (DPO)