​​Your Privacy

 How we collect personal information

We collect personal information from you and from third parties (anyone acting on your behalf, for example other health-care providers).

Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.

We collect personal information from you:

Through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, through our apps, by post, by filling in application or other forms, through social media or face-to-face (for example, in medical consultations, diagnosis and treatment).

We also collect information from other people and organisations.

For all our patients, we may collect information from:

Your parent or guardian, if you are under 18 years old;
A family member, or someone else acting on your behalf;
Doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
Any service providers who work with us in relation to your health care, if we don’t provide it to you directly;
Organisations such as I Want Great Care, who carry out customer-satisfaction surveys on our behalf, or other publicly available sources such as social media.

We may collect information from:

Your employer, if you are covered by a contract for private health care services your employer has taken out or if we are providing occupational health services;
Those paying for the products or services we provide to you, including other insurers, public-sector commissioners and embassies.

Categories of personal information

We process two categories of personal information about you and (where this applies) your dependants:
Standard personal information (for example, information we use to contact you, identify you or manage our relationship with you);
Special categories of information (for example, health information, information about your race, ethnic origin and religion that allows us to tailor your care).

Standard personal information includes:
contact information, such as your name, username, address, email address and phone numbers;
the country you live in, your age, your date of birth and national identifiers (such as your National Insurance number or passport number);
information about your employment;
details of any contact we have had with you, such as any complaints or incidents;
financial details, such as details about your payments and your bank details;

Special category information includes:

Information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents;
Information about your race, ethnic origin and religion;
Information about any criminal convictions

What we use your personal information for

We process your personal information for the purposes set out in this privacy notice. We have also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing). We normally process standard personal information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies.

By law, we must have a lawful reason for processing your personal information. We process standard personal information about you if this is:
Necessary to provide the services set out in a contract;
In our or a third party’s legitimate interests − details of those legitimate interests are set out in more detail below;
Required or allowed by law.

We process special category information about you because:

It is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health or social care or treatment, or to manage health-care or social-care systems (including to monitor whether we are meeting expectations relating to our clinical and non-clinical performance);

It is necessary for an insurance purpose (for example, advising on, arranging, providing or managing an insurance contract, dealing with a claim made under an insurance contract, or relating to rights and responsibilities arising in connection with an insurance contract or law);

It is necessary to establish, make or defend legal claims;

It is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a member's complaint or a regulator (such as the Care Quality Commission or the General Medical Council) telling us about an issue);

It is in the public interest, in line with any laws that apply;

It is information that you have made public; or

We have your permission.

As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for, and ask you to confirm your choice to give us that permission.

Legitimate Interest Legitimate Interest

Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:

To provide health-care services on behalf of a third party (for example, your employer);
To make sure that claims are handled efficiently and to investigate complaints to keep our records up to date and to provide you with marketing as allowed by law;
For statistical research and analysis so that we can monitor and improve services, websites and apps, or develop new ones;
To contact you about market research we are carrying out;
To monitor how well we are meeting our clinical and non-clinical performance
To exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and

Marketing and preferences

We may use your personal information to send you marketing by post, by phone, through social media, by email and by text.

We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.

If you don’t want to receive emails from us, or to receive texts from us you can tell us by contacting us at any time.

We sometimes need to share your information with other people or organisations for the purposes set out in this privacy notice.

Doctors, clinicians and other health-care professionals, hospitals, clinics and other health-care providers.

People or organisations we have to, or are allowed to, share your personal information with by law (for example, for fraud-prevention or safeguarding purposes, including with the Care Quality Commission).

The police and other law-enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order.

If we sell or buy any business or assets, the potential buyer or seller of that business or those assets; and

Other third parties we work with such as agents working on our behalf, other insurers , solicitors, translators and interpreters, regulators, data-protection supervisory authorities, health-care professionals, health-care providers and medical-assistance providers and national screening databases, such as the NHS Cervical Screening recall system;

Government authorities and agencies, including the Health Protection Agency (for infectious diseases such as TB and meningitis); and

Organisations that carry out patient surveys on our behalf.

If we share your personal information, we will make sure appropriate protection is in place to protect your personal information in line with data-protection laws.

How long we keep your personal information

We keep your personal information in line with;

How long it is reasonable to keep records to show we have met the obligations we have to you and by law;
Any time limits for making a claim;
Any periods for keeping information which are set by law or recommended by regulators, professional bodies or association;
Any relevant proceedings that apply.

Your rights

You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information.

You have the following rights (certain exceptions apply)

Right of access: the right to make a written request for details of your personal information and a copy of that personal information;
Right to rectification: the right to have inaccurate information about you corrected or removed;
Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased;
Right to restriction of processing: the right to request that your personal information is only used for restricted purposes;
Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests. You can object to our use of your information for profiling purposes where it is in relation to direct marketing;
Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats;
Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of the practice tos use of your personal information prior to the withdrawal of your consent;

If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.

In order to exercise your rights please contact: DPO@monksparksurgery.nhs.net

Data protection contacts

If you have any questions, comments, complaints or suggestions in relation to this notice, or any other concerns about the way in which we process information about you, please contact our Data Protection Officer at brccg.dpo.monksparksurgery@nhs.net

You also have a right to make a complaint to your local privacy supervisory authority

Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire, United Kingdom
Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)