Privacy Notice

Privacy Notice - full version.PDF download

Introduction

The UK Data Protection Bill will become law when enacted as the Data Protection Act 2018. It will explicitly bring provisions of the EU General Data Protection Regulation (GDRP) 2016 into UK law and establish continuity of the GDPR. The Act will legislate in areas where the GDPR allows flexibility at national level. It will also introduce legislation on processing for law enforcement purposes (in support of the EU Law Enforcement Directive) and by the intelligence services, and make provision for the Information Commissioner (the UK supervisory authority). The current Data Protection Act (DPA) 1998 will be completely repealed when DPA 2018 comes in force. This Privacy Notice has been written in line with the EU GDPR 2016. The Privacy Notice will be reviewed when the DPA 2018 comes in force in order to align it with the Act.

What is this Privacy Notice about?

Privacy Notice is the conditions which have to be met for any activity involving personal data or special categories of personal data to be lawful. Being transparent and providing accessible information to individuals about how an organisation will use their personal information is a key element of Data Protection Legislations. The most common way to provide this information is in a Privacy Notice.

This Privacy Notice is part of our programme to make the data processing activities we are carrying out in order to meet our healthcare obligations transparent.

The Privacy Notice tells you about information we collect and hold about you, the legal basis for collecting and holding the information, what we do with it, how we keep it secure (confidential), who we might share it with and what your rights are in relation to your information.

Who we are

Andover Medical Centre is a single-site Practice, all on one level.The Practice has three GP Partners who are supported by a strong clinical and admin team. Address: 270-282 Hornsey Road, London N7 7QZ

Types of information we use

We use the following types of information/data:

  • Personal data or sensitive personal/special categories of personal data such as:
  • demographics – name, address, date of birth, postcode, NHS number
  • racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, medical/health data, sexual life or sexual orientation data.
  • Pseudonymised - about individuals but with identifying details (such as name or NHS number) replaced with a unique code.
  • Anonymised - about individuals but with identifying details removed.
  • Aggregated - anonymised information grouped together so that it doesn't identify individuals.

What we use your personal data and special categories of personal data (know as or sensitive personal) for 

We use and share information about you in a number of ways. These include:

Primary uses - information from your GP medical record which can be made available to other NHS and public sector organisations, including doctors, nurses and care professionals in order to help them make the best informed decision, and provide you with the best possible direct care delivery.

Secondary uses - information from your GP medical record involves extracting identifiable data and (usually) sharing that data with other NHS organisations, for the purpose of indirect care. Examples include using your information for research, auditing, and healthcare planning (population health management).

Identity and Contact details of the Data Controller and Data Protection Officer

Data Controller:

Andover Medical Centre
270-282 Hornsey Road
London N7 7QZ
andover.medical-centre@nhs.net
020 7281 6956

Data Protection Officer: Steve Durbin

Organisations we share your personal information with

We share information about you with other GPs, NHS acute or mental health Trusts, local authority, community health providers, pharmacists, commissioning organisations, medical research organisations  and some specific non NHS organisations for the purposes of direct and indirect care delivery of care.

We are required under the law to provide you with the following information how we process your personal data, the purpose of proposing, recipient/categories of your personal data, the identity of our Data Protection Officer (DPO), how long we retain personal information about you, the legal basis and justification for the processing, and your right to view, request access copies of your personal information, or object to the processing.

Full Privacy Notice - full version.PDF download