1 General Data Protection Regulations

We are required by Articles in the General Data Protection Regulations to provide you with the information in the following 9 subsections. These cover details of the Data Controller and Data Protection officer along why we hold the data, what it is used.

1) Data Controller: Dr P.M. James

2) Data Protection Officer: Dr P.M. James

3) Purpose of the  processing: 
Details of the purpose of each Privacy Notice are listed in the individual Privacy Notices described above.

4) Lawful basis for processing:
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere  is supported under the following Article 6 and 9 conditions of the GDPR:
Article 6(1)(c) “processing is necessary for compliance with a legal obligation to which the controller is subject.”
and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

5) Recipient or categories of recipients of the processed data:
The data will be shared with Health and care professionals and support staff in this surgery and at hospitals, diagnostic and treatment centres who contribute to your personal care.  [if possible list actual named sites such as local hospital)(s) name]

6) Rights to object:
You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance

7) Right to access and correct:  You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.

8) Retention period:
The data will be retained in line with the law and national guidance.
https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016  or speak to the practice.

9)  Right to Complain:
You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/global/contact-us/  or by calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)