Privacy Notice and Policy

We understand the importance of keeping your personal information safe and secure. This Privacy Notice explain how we use any personal information we collect about you. If you have any questions or concerns about it, please contact us.

Who should I contact?

If you have any concerns about anything to do with your personal information, please contact our Data Protection Officer (or DPO). Our DPO is Peter Maynard and he can be contacted on 0117 969 5391 or

What information do we collect?

We collect information such as: personal details (name, address, contact information, date of birth, etc); details in relation to your medical history and in respect of your visits to the Health Centre; correspondence, test results and notes from other health professionals; and any other relevant information to enable us to deliver effective medical care.

What is the legal basis for collecting and using your information?

The law states we must have a legal basis for obtaining and using your personal information. We rely on the following legal bases:

  • Contract: our contract with NHS England is to provide medical care to all of our patients, which includes you.
  • Consent: we may also obtain your consent to use your personal information on occasions. Remember that you have the right to withdraw your consent at any time.
  • Protecting your vital interests: there may be times when you are not able to provide consent, and so we may need to use your personal information to provide medical care where necessary.
  • Legal obligations: in certain limited situations, we are under a legal duty to disclose your personal information to other organisations.

The law also states that personal information about your health is so sensitive that it falls into a special category. In addition to the legal bases given above, we also rely on the following:

  • Public interest: we may need to use your personal information for the public interest, such as when there is an outbreak of a serious disease and steps need to be taken to stop it spreading
  • Defending a claim: we may need to use your personal information to defend a legal claim made by you or a third party

What do we do with the personal information that we collect?

Primarily, it is used to provide your medical care.

However, your information may be disclosed to partner organisations to help us:

  • Monitor and look after the health of the general public
  • Review the care we provide to ensure it is of the highest standard
  • Make sure our services can meet patient needs in the future
  • Prepare statistics on NHS performance
  • Updated June 2021
  • Conduct health research and development
  • Audit NHS accounts and services
  • Teach and train healthcare professionals
  • Pay your GP, dentist and hospital for the care they provide
  • Investigate complaints, legal claims or untoward incidents

Some of this information will be held centrally, but where it is used for statistical purposes, stringent measures are taken to ensure that individual patients cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units, drug companies and research institutions.

This practice is supporting vital and health care planning by sharing your data with NHS Digital. For more information about this, please see the GP Practice Privacy Notice for General Practice Data for Planning and Research.

Where it is not possible to use anonymised information, personally identifiable information may be used for essential NHS purposes. This will only be done with your consent, unless the law requires information to be passed on in any event. You will be specifically asked for consent if there is a proposal to use your records for education or research projects.

We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires information to be passed on. Anyone who receives information from us is also under a legal duty to keep it confidential.

We are required by law to report certain information to the appropriate authorities. Examples of when we must pass information on include notification of births and deaths; where we encounter infectious diseases, which may endanger the safety of others; and where a court order has been made.

Who are our partner organisations?

You may be receiving care from other people as well as the NHS. We may need to share some information about you to others involved in your care when it is in your best interests to do so.

The principal organisations are:

  • NHS England
  • NHS Trusts, including Primary Care Trusts and Hospitals
  • GP’s
  • Dentists
  • Ambulance Service
  • Social Services
  • Education Services
  • Strategic Health Authorities.

Your information may also be shared with local authorities, prison liaison, voluntary sector providers and private sector providers. This sharing would be subject to strict agreements called “Information sharing protocols”.

Do I have any choice in the matter?

Yes you do. If you do not want your data to be used in this way, then you can opt out. If you do opt out, then we will still use your personal information to provide your individual medical care. 

To find out more about the use of your personal information or to register your decision to opt out of data sharing, you need to go to NHS: Your Data Matters You can change your decision at any time.

How long do we keep your information for?

We will only keep your information for as long as necessary for the purposes set out in this Privacy Notice. In any event, and in accordance with the NHS Codes of Practice for Records Management, your healthcare records will be retained for 10 years after death, or if a patient emigrates, for 10 years after the date of emigration.

What rights do you have to access your personal information?

You have a right to see the information we hold that relates to you, and to request a copy. Please ask for a copy of our “Patient Access to Patient Records Procedure” which explains how you can request this, and what we will do. In most cases you are entitled to receive this information free of charge, but there may be charges applied in certain limited circumstances (which are explained in the “Patient Access to Patient Records Procedure”).

You have the right to have the personal information we hold about you corrected, removed (subject to certain limitations), or transferred to another person or organisation. Again, please contact our DPO if you would like to do any of these things.

There may be references to third parties in your records. The law states that we must remove any such references that would allow that third party to be identified before we release copies of your information. Third parties could include spouses/partners (both current and former); children; other family members; and unrelated individuals.

What do I do if I have a complaint?

If you have any concerns or questions about the use of your personal information, in the first instance we would ask you to notify our DPO so it can be investigated. If you are still not satisfied with what has happened, you have a right to complain to the Information Commissioner’s Office. Full details of how to contact them can be found on their website