GDPR

 

Privacy Notice for Patients

Grimethorpe Surgery collects, stores and uses large amounts of personal data every day, such as medical records, personal records and computerised information. This data is used by many people in the course of their work.  This privacy notice explains how we process your personal data.

[org name]  is the data controller of the personal data and is responsible for complying with data protection legislation.

Our registered address is Grimethorpe Surgery, The Grimethorpe Centre, Acorn Way, Grimethorpe, S72 7NZ.

We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.

We have a Data Protection Officer who ensures the organisation is accountable and compliant with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Data Use and Access Act 2025.

Our Data Protection Officer is Caroline Million. Any queries regarding Data Protection issues should be addressed to her at: –

Email: caroline.million@outlook.com

What information do we collect about you?

The health and social care professionals caring for you keep records about your health and any treatment and care you receive. These records help to ensure that you receive the best possible care. They may be written down in paper records or held on computer. These records may include:

  • Basic details about you such as name, address, date of birth, next of kin, etc
  • Details of your lifestyle and social circumstances
  • Contacts we have had with you such as appointments or clinic visits
  • Notes and reports about your health, treatment and care
  • Results of x-rays, scans and laboratory tests
  • If you stay in one of our hospitals, information about your dietary requirements and menu choices.
  • Relevant information from people who care for you and know you well such as health professionals and relatives
  • Visual images, personal appearance and behavior, for example if CCTV images are used as part of building security
  • Offences (including alleged offences, criminal proceedings, outcomes and sentences

We may also process sensitive categories of information that may include:

  • racial and ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • health information
  • sex life or sexual orientation

It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.

Using your personal data: the legal basis and purposes

We will use your personal data to direct, manage and deliver the care you receive to ensure that:

  • The health and social care professionals involved in your care have accurate and up to date information to assess your health and decide on the most appropriate care for you
  • Health and social care professionals have the information they need to be able to assess and improve the quality and type of care you receive
  • Appropriate information is available if you see another healthcare professional, or are referred to a specialist or another part of the NHS

Your information will also be used to help us manage the NHS:

  • Review the care we provide to ensure it is of the highest standard and quality
  • Manage the health services and ensure our services can meet future patient needs
  • Ensure our organisation receives payment for the care you receive
  • Prepare statistics on NHS performance
  • Audit NHS accounts and services
  • Investigate patient queries, complaints and legal claims
  • Helping to train and educate healthcare professionals

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e))and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

 

Who do we share personal information with?

Everyone working within the NHS has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.

We may share information with the following organisations:

  • Other NHS organisations and hospitals that are involved in your care
  • Integrated Care Board and other NHS bodies (see below)
  • General practitioners (GPs)
  • Ambulance services
  • Social care services
  • Education services
  • Local authorities
  • Voluntary and private sector providers working with the NHS

Yorkshire and Humber Care Record

We participate in the Yorkshire & Humber Care Record. The Yorkshire & Humber Care Record is a shared system that allows staff within the Yorkshire & Humber Health and Social Care community to appropriately access the most up-to date and correct information about patients, to deliver the best possible care. Organisations participating in the Yorkshire & Humber Care Record include:

 

  • GP practices
  • Acute hospitals
  • Community Healthcare
  • Mental Health Trusts
  • Hospices
  • Adults’ and children’s social care services

 

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e))and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

 

The Yorkshire & Humber Care Record Guarantee is our commitment that we will use records about you in ways that respect your rights and promote your health and wellbeing.

 

If you would like any further information, or would like to discuss this further, please contact the YHCR team using these details:

Via post:

Humber Teaching NHS Foundation Trust

Trust HQ

Willerby Hill

Willerby Road

Hull

HU10 6ED

 

Via email:

hnf-tr.yhcr@nhs.net

Call recording

Our organisation operates call recording on our telephone lines.  Recordings are used for verification purposes, including:

  • To support clinical practice
  • To provide delivery of training
  • To check the quality of the service provided
  • For complaints and investigations

This processing is necessary to perform a public task (UK GDPR Article 6(1)(e)) and necessary for the provision of health or social care treatment (UK GDPR Article 9(2)(h)).

 

Your rights

We will ensure your rights are respected. You have the right to:

 

  • Be informed – we will tell you what we do with your information. We do this through notices like this, service information leaflets, notices on our website and posters.

 

  • Rectification – we will correct any personal information if it is inaccurate or rectify any data that is incomplete.

 

  • Object – you have the right to object how we process your information. Your objection will be considered in relation to your particular situation. We will stop processing unless there is a legitimate reason for us not to e.g. we need to process your data to provide you with safe care.

 

  • Restrict processing – we will temporarily restrict processing your data, whilst we check the information, if you query the accuracy of it. We will also restrict processing (if you raise an objection to how we process your data) whilst we consider your objection.

 

  • Access – you can ask for copies of information we hold about you. This is called a subject access request.

National Data Opt-Out

Information may only be used for purposes beyond your care when there is a clear legal basis to use this information.  All these uses help to provide better health and care for you, your family and future generations.  Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters

You can find out more about how patient information is used for research at: Patient information and health and care research – Health Research Authority (hra.nhs.uk) (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

 

You can change your mind about your choice at any time.

 

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations had until 2020 to put systems and processes in place so they can apply your national data opt-out choice to any confidential patient information they use or share for purposes beyond your individual care.  Our organisation is compliant with the national data opt-out policy.

How you can access your records

The Data Protection legislation gives you a right to access the information we hold about you in our records. Requests must be made in writing to the Access to Health Records Department. Grimethorpe Surgery will aim to provide your information to you 30 calendar days from receipt of:

  • A completed application form, containing adequate supporting information to enable us to verify your identity and locate your records,
  • An indication of what information you are requesting, to enable the organisation to locate it in an efficient manner.

Please collect a request form from our reception and return the completed form to us with proof of ID to make a request.

 

 

Freedom of Information

The Freedom of information Act 2000 provides any person with the right to obtain information held by Grimethorpe Surgery subject to exemptions. Please contact us by writing to the Practice Manager at our registered address to make a request.

How long we keep your information

All records held by the NHS are subject to the Records Management Code of Practice (the Code). The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.

Complaints

If you have any concerns about how we have handled your data, you can contact us by writing to the Practice Manager at our registered address.

Additionally, you have the right to raise a complaint with the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Helpline: 0303 123 1113 or report online at: https://ico.org.uk/concerns/handling/

 

Further information and leaflets:

Please click the links to view the information.

GDPR Policy

Data Breach under GDPR

How we use your information leaflet

Subject Access Request Leaflet For Patient