Sutton Manor Surgery

  PRIVACY - WEBSITE

Website Privacy

by SUTTON MANOR SURGERY9 october 2020

Graphic showing crop of keyboard shortcut  labelled Privacy

Introduction

Last updated (7 October 2020)

This Privacy Policy lays out the basis on which we access, preserve, report and handle any personal data we receive from you, or that you send to us. Please read carefully the following to understand our views and practices about your personal data, how we intend to treat it and your rights about that data. By providing us with your personal data or using our services, websites or other online or digital platform(s) you agree or consent to the practices described or referred to in this Privacy Policy.

Information We Collect
At Sutton Manor Surgery, we collect personal information to better care for you. Personal data is any information about a living, identifiable person. Your personal data is any information that can be attributed to you personally, including but not limited to your name, height, weight, date of birth, health conditions and medical care you receive or have received. Organisations which make use of personal information must do so in accordance with the provisions of the Data Protection Act. The Act applies to personal data held in both electronic and physical media.

We collect personal information from you when you:
  • Register to be a patient and therafter when you interact with our services
  • following attendances at NHS or health partner facilities for scheduled or unsceduled episodes of care
  • Join our Patient Group
  • If you apply for a position with us, during the recruitment process.
  • Use any of our services.
  • Complete a survey form for us.
  • Contact us by email, phone or social media.
  • Engage in any of the interactive features of our Website.

The information we collect from you helps us to personalize and continually improve your experience when using our site. You have the option of not providing certain information.

Why We Collect Your Information
We use your records and information to:
  • Provide you with the information, products or services you ask of us
  • See to it that your care is safe and effective
  • Work together for those providing you with care
  • Respond to your requests when we are obliged to do so
  • Check the quality of care you have received
  • Ensure that our Website’s content is provided to you in the most efficient manner
  • Collect data regarding public health matters

How Long Do We Keep This Information For?
Records are maintained in compliance with the Health and Social Care Department's nationwide guidelines and the Health and Social Care Records Management Code of Conduct 2016. In keeping up with this code of practice, records including confidential information are securely destroyed.

Lawful Basis for Keeping Your Information
In accordance with the data protection law, a lawful basis must be established to process your information. This lawful basis includes at least one of the following:
  • performance of a contract
  • legal obligation
  • for the protection of our and your vital interest
  • legitimate interest and/or
  • with your consent

  • Having analysed and taken into account your interests, rights and freedoms, we collect your personal information for a variety of valid purposes as set out in this Privacy Policy.

    Unless you agree otherwise, your personal information will only be used for the purpose for which it was intended and in accordance with our Privacy Policy, clinical records retention periods, applicable data protection laws, and clinical confidentiality guidelines.

    Who We Share Your Personal Data With
    We may share your information with staff in other organizations for the purpose of delivering or improving healthcare or in instances where there is a legal requirement for us to do so. Such organisations include but are not limited to:
    • Health authorities
    • Other NHS organisations
    • General practitioners (GPs)
    • Ambulance services
    • Social services
    • Education services
    • Local authorities
    • Police
    • Department for Work & Pensions
    • Clinical commissioning groups
    • Voluntary sector providers and private sector providers.
    • Other NHS common services agencies such as primary care agencies
    This is in accordance with data protection laws and guidelines of professional bodies or for the purpose of clinical audits and research (unless you object).

    Security of Your Information

    We do not sell your information to third parties, and we only share it with organisations that are involved delivering healthcare or supporting the delivery of your healthcare. Information is kept on our secure network and our emails are encrypted.

    Use of CCTV
    Records from CCTVs (video and audio recordings) may be used for the prevention and detection of crime. Images may be shared with the Police for the investigation of crimes. Where CCTV is in operation, we comply with all legislation - including secure storage

    Your rights

    You have the following rights in relation to your personal data
  • You have the right to request to obtain a copy of details of your personal information.
  • You have the right to have correct any inaccurate information about your personal data
  • You have the right to request that your personal information is only used for restricted purposes
  • You have the right to have certain personal information about you erased
  • You have the right to object to sharing of your personal information at any time.

  • You have the right to withdraw consent you have previously given to us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent.

    Please note that your rights are not absolute. There are instances in which they do not apply. However, we will inform you of instances in which they do not apply in our correspondence with you and let you know whether we will be able to comply with your request. If you want to exercise your rights in respect of your personal data, the best way to do so is to contact the Practice Manager.

    How Do I Raise a Concern?
    If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office, the UK's independent body set up to uphold information rights on 0303 123 1113 or visit their website (https://www.ico.org.uk)