We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice
Use of Your Personal Information
This privacy notice explains why we collect information about you and how that information may be used.
Our health care professionals who provide you with our services maintain records about your health and any treatment or care you have received previously. These records help to provide our clients with the best possible healthcare.
Your records may exist in several formats including electronic, paper or a mixture of both, and we deploy many approaches to ensure that such information is maintained within a confidential and secure environment. The records which we could hold about you may include the following information:
- Personal details relating to you, including your address and contact details, carer, legal representative and parents’ emergency contact details
- Any contact we have had or intend to have with you such as appointments, clinic or surgery visits, home visits, etc.
- Notes and reports about your health which is deemed to be of a sensitive nature
- Details about your referral, diagnostics procedures, treatment and care
- Results of any additional relevant investigations
- Relevant information from other health professionals, relatives or those who care for you
To ensure you receive the highest levels of care, your records will be used to facilitate the care that we provide. Anonymised information held about could, on occasions, be used to help protect the health and wellbeing of the general public and to help us manage our contracts with commissioners. Information could also be used within our organisation for the purposes of clinical audits which in turn will provide monitoring of the quality of the services we provide.
Some of this information will be used for statistical purposes and we will ensure that individuals cannot be identified. For situations where we may contribute to research projects we will always gain your explicit consent before releasing any relevant information.
Maintaining the Confidentiality of Your Records
We will take all possible care to protect your privacy and will only use information collected with the law including:
- Data Protection Act 2018
- Human Rights Act 1998
- Common Law Duty of Confidentiality
- Health and Social Care Act 2012 (if appropriate)
- Codes of Confidentiality, Information Security and Records Management
Our staff are briefed in data protection principles and understand they have a legal obligation to keep information about you confidential. They also understand that information about you will only be shared with other parties if there is an agreed need to do so or a legal reason.
We will only share your data without your permission under exceptional circumstances, subject to the exceptions given by the GDPR and UK Data Protection act, which includes:
- prevention and detection of crime
- substantial public interest
- vital interests (life-threatening emergencies)
This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott Principles.
All personal information that we manage is stored within the UK within a secure environment and we always use suitably protected methods and systems to transfer your personal information.
Processors of personal data
In order to deliver the best possible service, the practice contracts Processors to process personal data, including patient data on our behalf.
When we use a Processor to process personal data we will always have an appropriate legal agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by a Processor include:
- Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services and document management services.
- Delivery services (for example if we were to arrange for delivery of any medicines to you).
Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).
Legal Basis for Processing
Our legal basis for processing your data relies on certain conditions set out GDPR Articles 6 and 9 as part of the 2018 UK Data Protection Act.
Partner Organisations
It may be possible that we will share your information with other organisations, if this is required we will apply very strong controls. The current organisations who we share data with includes:
- NHS Waltham Forest Clinical Commissioning Group – Contractual reporting of anonymised data
It is noted that the above list is not exhaustive, and we may contract with other external organisations to undertake processing of your personal information. These 3rd party organisations will abide by stringent contractual conditions regarding the protection of personal data.
In some cases, you will be requested to provide positive consent if we intend to share your personal details with other organisations.
Access to Personal Information and Your Rights
You have a right under the Data Protection Act 2018 to request access to view or to obtain a copy of what information the organisation holds about you and to have it modified should it be inaccurate. The process to access your records is known as a Subject Assess Request (SAR) and the way it works is outlined below:
- Your SARs request must be made in writing to Waltham Forest Federated GP Network (FedNet) or contact us online
- The latest regulations state that there is no charge to have a copy of your electronic or paper information, unless the request is repetitive.
- The request will be reviewed and if possible completed within one calendar month (subject to our possible requests for further clarification for you).
- You will need to provide adequate proof of your identity before we will release the requested details (e.g. full name, address, date of birth, NHS number and details of your request), you must also provide two forms of identification.
In addition to the right of access, under the Data Protection Act 2018, you will also have the following rights:
- Erasure – the right to request that your personal data is removed from our systems be they paper or electronic – please note that under certain circumstances we are legal obliged to maintain a copy of your data for contractual and or statutory reasons.
- Rectification – the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – please note that in certain circumstances a request for rectification can be refused.
- Restriction of processing – this is the right for you to request that we only process certain parts of your data. Please note that there are limited circumstances under which an individual can lawfully request to restrict processing of personal data.
- Objection – you have the right to object to the way that we are processing your data. Please note that there are limited circumstances under which an individual can lawfully object to the processing of personal data.
- Data portability – this concerns the right to request that we provide a copy of your data in an easily transportable format.
- Automatic processing – you have the right to object to the way we automatically process data – in the case of our organisation we do not, at present, carry out automatic processing of your data
If you have provided us with your consent to process your data for the purpose of providing our services, you have the right to withdraw this at any time. In order to do this should contact us by emailing or writing to the organisation.
Retention of your data
Your data will be retained in accordance with our Retention Policy and the associated Schedule of Retention.
Withdrawal of Consent
If you have provided us with consent to process your data for the purpose of providing our services, you have the right to withdraw this at any time. In order to do this should contact us in writing.
Cookies
This website makes use of cookies to optimise user experience. By using our website, you consent to all cookies in accordance with our Cookie Policy.
Website Privacy
We are committed to protecting your privacy. You can access our website without giving us any information about yourself. But sometimes we do need information to provide services that you request, and this statement of privacy explains data collection and use in those situations.
In general, you can visit our website without telling us who you are and without revealing any information about yourself. However there may be occasions when you choose to give us personal information, for example, when you choose to contact us or request information from us. We will ask you when we need information that personally identifies you or allows us to contact you.
We collect the personal data that you may volunteer while using our services. We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not collect or use personal data for any purpose other than that indicated below:
- To send you confirmation of requests that you have made to us
- To send you information when you request it
We intend to protect the quality and integrity of your personally identifiable information and we have implemented appropriate technical and organisational measures to do so. We ensure that your personal data will not be disclosed to State institutions and authorities except if required by law or other regulation.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we don’t have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
Updating Personal Details
If any of your details e.g. your name, address or other personal data have changed or are incorrect you have a responsibility to inform the professional treating you who will arrange for the necessary updates to be made. This will help us to ensure that the data we hold about you is accurate and complete.
Notification
The Data Protection Act 2018 requires organisations that control data to register with the Information Commissioners Office (ICO) website
The organisation is registered with the ICO as a Data Controller under the Data Protection Act 1998.
Complaints
Should you have any concerns about how your information is managed by the Organisation please see our complaints procedure.
If you are still unhappy following a review by the Organisation you can then complain to the Information Commissioners Office (ICO) website via their website.
Or in writing to:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
If you are happy for your data to be extracted and used for the purposes described in this Privacy Notice, then you do not need to do anything. If you have any concerns about how your data is shared, then please contact us.