Last updated (7 October 2020)
Information We Collect
At Sutton Manor Surgery, we collect personal information to better care for you. Personal data is any information about a living, identifiable person. Your personal data is any information that can be attributed to you personally, including but not limited to your name, height, weight, date of birth, health conditions and medical care you receive or have received. Organisations which make use of personal information must do so in accordance with the provisions of the Data Protection Act. The Act applies to personal data held in both electronic and physical media.
We collect personal information from you when you:
The information we collect from you helps us to personalize and continually improve your experience when using our site. You have the option of not providing certain information.
- Register to be a patient and therafter when you interact with our services
- following attendances at NHS or health partner facilities for scheduled or unsceduled episodes of care
- Join our Patient Group
- If you apply for a position with us, during the recruitment process.
- Use any of our services.
- Complete a survey form for us.
- Contact us by email, phone or social media.
- Engage in any of the interactive features of our Website.
Why We Collect Your Information
We use your records and information to:
How Long Do We Keep This Information For?
- Provide you with the information, products or services you ask of us
- See to it that your care is safe and effective
- Work together for those providing you with care
- Respond to your requests when we are obliged to do so
- Check the quality of care you have received
- Ensure that our Website’s content is provided to you in the most efficient manner
- Collect data regarding public health matters
Records are maintained in compliance with the Health and Social Care Department's nationwide guidelines and the Health and Social Care Records Management Code of Conduct 2016. In keeping up with this code of practice, records including confidential information are securely destroyed.
Lawful Basis for Keeping Your Information
In accordance with the data protection law, a lawful basis must be established to process your information. This lawful basis includes at least one of the following:
Who We Share Your Personal Data With
We may share your information with staff in other organizations for the purpose of delivering or improving healthcare or in instances where there is a legal requirement for us to do so. Such organisations include but are not limited to:
- Health authorities
- Other NHS organisations
- General practitioners (GPs)
- Ambulance services
- Social services
- Education services
- Local authorities
- Department for Work & Pensions
- Clinical commissioning groups
- Voluntary sector providers and private sector providers.
- Other NHS common services agencies such as primary care agencies
Security of Your Information
We do not sell your information to third parties, and we only share it with organisations that are involved delivering healthcare or supporting the delivery of your healthcare. Information is kept on our secure network and our emails are encrypted.
Use of CCTV
Records from CCTVs (video and audio recordings) may be used for the prevention and detection of crime. Images may be shared with the Police for the investigation of crimes. Where CCTV is in operation, we comply with all legislation - including secure storage
You have the following rights in relation to your personal data
You have the right to withdraw consent you have previously given to us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent.
Please note that your rights are not absolute. There are instances in which they do not apply. However, we will inform you of instances in which they do not apply in our correspondence with you and let you know whether we will be able to comply with your request. If you want to exercise your rights in respect of your personal data, the best way to do so is to contact the Practice Manager.
How Do I Raise a Concern?
If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office, the UK's independent body set up to uphold information rights on 0303 123 1113 or visit their website (https://www.ico.org.uk)