Cookies and Privacy Policy

Privacy Statement

This Notice has been written to inform our patients about how we collect their personal information and what we do with it. Please be aware that this notice may be subject to change. The latest version can be found on the Practice’s website.

 Who are we?

Leeds Road Practice is a ‘Data Controller’ as defined by Article 4 (7) of GDPR. This means that we determine the purposes for which, and the way in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.

 The practice has appointed Veritau Ltd to be its Data Protection Officer. Their contact details are:

Data Protection Officer

Veritau Ltd

County Hall

Racecourse Lane

Northallerton

DL7 8AL

information.governance@veritau.co.uk   // 01609 53 2526

 

 

 

 What data do you collect about me?

We will collect general information about you including:

  • Name, address, DOB,
  • Contact details and emergency contacts,
  • Carer or legal representative.

We will also process certain ‘special category’ data about our patients. This means information which is more sensitive and needs extra protection. Most of what we collect about you is information relating to your physical or mental health such as:

  • Contact you have had with us in relation to appointments, clinic visits, emergency appointments etc,
  • Notes and reports about your health,
  • Information about your treatment and care,
  • Results of tests, x-rays, and investigations,
  • Any other relevant patient information including information provided by others such as health professionals, relatives, carers or other partner organisations who you may be involved with,

It may also be necessary for us to process other special category information about you for medical purposes including, but not necessarily limited to:

  • Sex life or sexual orientation,
  • Racial or ethnic origin,
  • Religious or philosophical beliefs.

What do you do with my personal data?

We use your information in order to:

  • Provide you with healthcare services,
  • Improve service delivery and planning,
  • Investigate any concerns you have raised about the service you have received,
  • Conduct research and produce statistical data.

We also use your information for the following reasons:

  • Risk stratification

Risk stratification is a process in which we use personal information to determine if patients may be at high risk of experiencing certain medical conditions. This is done for preventative reasons and we will collect this information from various health care services including NHS Trusts and the information we hold about you within the practice. Please tell us if you would like to object to your information being used for these purposes.

  • Medicines Management

Harrogate and Rural District CCG provide support to audit and review patients’ medicines and prescriptions and in order to do this they will require access to patient records. This is in place to enhance effective and safe prescribing of medication and to ensure we are operating in a cost effective way. We have a confidentiality agreement in place to govern this process. Please tell us if you would like to object to your information being used for these purposes.

  • GP Practice Variation

Harrogate and Rural District CCG provide support to promote understanding of the variation between GP practices. This work requires access to patient records and is governed by a confidentiality agreement. Please tell us if you would like to object to your information being used for these purposes.

 What is your lawful basis to process my personal data?

There are a number of reasons we may rely on to process your personal data in line with Article 6 and Article 9 of GDPR. These are:

  • Because we have a legal obligation,
  • Because it is in the public interest or we have official authority,
  • To protect the vital interests of you or another person,
  • for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services,
  • reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices,
  • research or statistical purposes,

Who has access to my personal data within the practice?

Employees of Leeds Road Practice may only access your personal data if they require it to perform a task. There are procedures and checks in place to ensure that employees can not use your data for their own personal benefit.

 Who do you share my personal data with?

The practice will only share personal data with another organisation if it has a lawful basis to do so and will always keep records of when your data has been disclosed to another organisation. Organisations who we may share your information with include, but is not limited to:

  • NHS Trusts,
  • Other GPs (if you transfer to another practice),
  • NHS Commissioning Support Units,
  • Independent contractors including dentists, opticians and pharmacists,
  • Voluntary sector providers,
  • Ambulance Trusts,
  • Harrogate and Rural District Clinical Commissioning Group,
  • Local Authorities,
  • Children or Adults Social Care,
  • Education Services,
  • Fire and Rescue Services,
  • Regulatory Authorities (such as CQC and NMC).

We will not share information about you without your permission unless we are required to do so by law. Sometimes we may be required to share your information and will not always be able to tell you. Examples might be for the purposes of detection or prevention of crime, or where we are required to share due to a court order.

Third party processors

In order to deliver the best possible service the practice may use third party organisations. These organisations will sometimes require access to your personal data in order to complete their work. If we do use a third party organisation we will always have an agreement in place to ensure that the other organisation keeps your data secure.

How do you protect my personal data?

Leeds Road Practice is committed to keeping the personal data that it holds safe from loss, corruption or theft. It has a number of measures in place to do this including:

  • Annual training for all employees on how to handle personal data,
  • Policies and procedures detailing what employees can and can not do with personal data.
  • A number of IT security safeguards such a firewalls, encryption, and virus protection software,
  • On site security safeguards to protect physical files and electronic equipment

How long do you keep my personal data for?

Leeds Road Practice will only keep your personal data for as long as it is required to fulfil the purpose it was collected for or for as long as is required by legislation.

Do you transfer my data outside of the UK?

Generally the information that the practice holds is all held within the UK. However, some information may be held on computer servers which are held outside of the UK. We will take all reasonable steps to ensure your data is not processed in a country that is not seen as ‘safe’ by the UK or EU government. If the practice does need to send your data out of the EU it will ensure it has extra protection from loss or unauthorised access.

What are my Data Protection rights?

Under data protection legislation you have the following rights in relation to the processing of your personal data:

  • to be informed about how we process your personal data. This notice fulfils this obligation.
  • to request access to your personal data that we hold, and be provided with a copy of it,
  • to request that your personal data is amended if inaccurate or incomplete,
  • to request that your personal data is erased where there is no compelling reason for its continued processing,
  • to request that the processing of your personal data is restricted,
  • to object to your personal data being processed,

If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.

First Contact Team

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow Cheshire

SK9 5AF

casework@ico.gsi.gov.uk  // 03031 231113

 

 

 

If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which the school has handled your personal data. You can do so by contacting:

 

Cookies

A cookie is a small file, typically of letters and numbers, downloaded on to a device (like your computer or smart phone) when you accesses certain websites.

Cookies allow a website to recognise a user’s device.

Some cookies help websites to remember choices you make (e.g. which language you prefer if you use the Google Translate feature). Analytical cookies are to help us measure the number of visitors to a website. The two types we use are ‘Session’ and ‘Persistent’ cookies. Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time.

We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.

What can I do to manage cookies on my devices?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

If you are concerned about cookies and would like to ask further questions please do not hesitate to write to our website developers – support@gpsurgery.net

Change of Details

It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.

Notification

The Data Protection Act 1998 requires organisation’s to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information.

This information is publicly available on the Information Commissioners Office website www.ico.org.uk

The practice is registered with the Information Commissioners Office (ICO).

Who is the Data Controller?

The Data Controller, responsible for keeping your information secure and confidential is:

Andrew King – Managing Partner

Complaints

Should you have any concerns about how your information is managed by the Practice please contact the Practice Manager at the following address:

leedsroadpractice@nhs.net

If you are still unhappy following a review by the Practice you can then complain to the Information Commissioners Office (ICO).  www.ico.org.uk, casework@ico.org.uk, telephone: 0303 123 1113 (local rate) or 01625 545 745

This website uses cookies.

A cookie is a small file, typically of letters and numbers, downloaded on to a device (like your computer or smart phone) when you accesses certain websites.

Cookies allow a website to recognise a user’s device.

Some cookies help websites to remember choices you make (e.g. which language you prefer if you use the Google Translate feature). Analytical cookies are to help us measure the number of visitors to a website. The two types we use are ‘Session’ and ‘Persistent’ cookies. Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time.

We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.

What can I do to manage cookies on my devices?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

If you are concerned about cookies and would like to ask further questions please do not hesitate to write to our website developers – support@gpsurgery.net