We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice and Policy
We understand the importance of keeping your personal information safe and secure. This Privacy Notice explain how we use any personal information we collect about you. If you have any questions or concerns about it, please contact us.
Who should I contact?
If you have any concerns about anything to do with your personal information, please contact our Data Protection Officer (or DPO). Our DPO is Peter Maynard, and he can be contacted on 0117 969 5391 or dpo.horfieldhealthcentre@nhs.net marked for the attention of Peter Maynard.
What information do we collect?
We collect information such as: personal details (name, address, contact information, date of birth, etc); details in relation to your medical history and in respect of your visits to the Health Centre; correspondence, test results and notes from other health professionals; and any other relevant information to enable us to deliver effective medical care.
What is the legal basis for collecting and using your information?
We will only use your data in accordance with the data protection laws.
The law states we must have a legal basis for obtaining and using your personal information. We rely on the following legal bases:
- Contract: our contract with NHS England is to provide medical care to all of our patients, which includes you.
- Consent: we may also obtain your consent to use your personal information on occasions. Remember that you have the right to withdraw your consent at any time.
- Protecting your vital interests: there may be times when you are not able to provide consent, and so we may need to use your personal information to provide medical care where necessary.
- Legal obligations: in certain limited situations, we are under a legal duty to disclose your personal information to other organisations.
The law also states that personal information about your health is so sensitive that it falls into a special category. In addition to the legal bases given above, we also rely on the following:
- Public interest: we may need to use your personal information for the public interest, such as when there is an outbreak of a serious disease and steps need to be taken to stop it spreading
- Defending a claim: we may need to use your personal information to defend a legal claim made by you or a third party
What do we do with the personal information that we collect?
Primarily, it is used to provide your medical care.
If you provide us with your mobile phone number, we will use this to send you text reminders about your appointments or other health related information. It is within our legal duty as a public authority to keep our patients updated with important information. Where you have provided us with your email address, we will use this to send you information relating to your health and the services we provide. If you do not wish to receive communications by email, please let us know.
It is also utilised digitally in the various IT systems we use in the practice to help us provide good patient care. This includes systems like our electronic care record; our voice recognition dictation system; and our AI based notes transcribing tool.
Your information may be disclosed to partner organisations to help us:
- Monitor and look after the health of the general public
- Review the care we provide to ensure it is of the highest standard
- Make sure our services can meet patient needs in the future
- Prepare statistics on NHS performance
- Conduct health research and development
- Audit NHS accounts and services
- Teach and train healthcare professionals
- Pay your GP, dentist and hospital for the care they provide
- Investigate complaints, legal claims or untoward incidents
Some of this information will be held centrally, but where it is used for statistical purposes, stringent measures are taken to ensure that individual patients cannot be identified. Anonymous statistical information may also be passed to organisations with a legitimate interest, including universities, community safety units, drug companies and research institutions.
Where it is not possible to use anonymised information, personally identifiable information may be used for essential NHS purposes. This will only be done with your consent, unless the law requires information to be passed on in any event. You will be specifically asked for consent if there is a proposal to use your records for education or research projects (unless the data is anonymised).
We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires information to be passed on. Anyone who receives information from us is also under a legal duty to keep it confidential.
We are required by law to report certain information to the appropriate authorities. Examples of when we must pass information on include notification of births and deaths; where we encounter infectious diseases, which may endanger the safety of others; where we have significant concerns or hear about an individual child or vulnerable adult being at risk of harm; and where a court order has been made.
We also share your data with NHS Digital to help improve health, care and services for everyone via the General Practice Data for Planning and Research data collection. This includes:
- Monitoring the long-term safety and effectiveness of care
- Planning how to deliver better health and care services
- Preventing the spread of infectious diseases
- Identifying new treatments and medicines through health research
Any data that NHS Digital collects will only be used for health and care purposes. It is never shared with marketing or insurance companies. Further information can be found at About the GPDPR programme and Looking after your data.
Who are our partner organisations?
You may be receiving care from other people as well as the NHS. We may need to share some information about you to others involved in your care when it is in your best interests to do so.
The principal organisations are:
- NHS England
- NHS Trusts, including Primary Care Trusts and Hospitals
- GP’s
- Dentists
- Ambulance Service
- Social Services
- Education Services
- Integrated Care Boards and Systems
Your information may also be shared with local authorities, prison liaison, voluntary sector providers and private sector providers. This sharing would be subject to strict agreements called “Information sharing protocols”.
In addition, we use some third party service providers to process data on our behalf. Examples might include companies that provider IT services and support, and companies that allow us to take card payments. Again, we will always have strict agreements with them called “Information sharing protocols” to ensure privacy is maintained.
Do I have any choice in the matter?
Yes, you do. If you do not want your data to be used in this way, then you can opt out. If you do opt out, then we will still use your personal information to provide your individual medical care.
There are two levels of opting out:
- Type 1 Opt Out: This is an objection that prevents an individual's personal confidential information from being shared outside of their general practice except when it is being used for the purposes of their individual direct care, or in particular circumstances required by law, such as a public health screening, or an emergency like an outbreak of a pandemic disease. If patients wish to apply a Type 1 Opt Out to their record, they should make their wishes known to the practice.
- National data opt-out (NDOO): The national data opt-out was introduced on 25 May 2018, enabling patients to opt-out from the use of their data for research or planning purposes. The national data opt-out replaces the previous ‘Type 2’ opt-out, Any patient that had a type 2 opt-out recorded on or before 11 October 2018 has had it automatically converted to a national data opt-out.
To find out more about the use of your personal information or to register your decision to opt out of data sharing, you need to go to NHS: Your Data Matters You can change your decision at any time.
How long do we keep your information for?
We will only keep your information for as long as necessary for the purposes set out in this Privacy Notice. In any event, and in accordance with the Records Management Code of Practice - NHSX, your healthcare records will be retained for 10 years after death, or if a patient emigrates, for 10 years after the date of emigration.
What rights do you have to access your personal information?
You have a right to see the information we hold that relates to you, and to request a copy. You can have constant access to your own health record by downloading and using the NHS App, which we strongly recommend for all patients.
If you are unable to use the NHS App, then you can request copies of your records from us. Please go to our website and search for the Access to Records Policy which explains how you can request this, and what we will do. (Alternatively, you can call us, or come into the practice and submit your request.) In most cases you are entitled to receive this information free of charge, but there may be charges applied in certain limited circumstances (which are explained in the “Patient Access to Patient Records Procedure”).
You have the right to have the personal information we hold about you corrected, removed (subject to certain limitations), or transferred to another person or organisation. Again, please contact our DPO if you would like to do any of these things.
There may be references to third parties in your records. The law states that we must remove any such references that would allow that third party to be identified before we release copies of your information. Third parties could include spouses/partners (both current and former); children; other family members; and unrelated individuals.
What do I do if I have a complaint?
If you have any concerns or questions about the use of your personal information, in the first instance we would ask you to notify our DPO so it can be investigated. If you are still not satisfied with what has happened, you have a right to complain to the Information Commissioner’s Office. Full details of how to contact them can be found on their website.