GDPR (General Data Protection Regulation)
As of 25 May 2018 a new Data Protection Policy has come into force. It is an EU wide regulation that will remain part of the British Law after Brexit. The Data Protection Act of 1998 and 2003 changed into the DPA 2018 and the GDPR 2016 and DPA 2018 are the UK's Data Protection Legislation.
The Heathfield and Firs Surgeries, in accordance with GDPR will ensure:
- Data is processed lawfully, fairly and in a transparent manner
- Data is collected for specified and legitimate purposes and not processed further than is necessary
- Relevant and limited to what is necessary in relation to the purpose
- Data is accurate and is kept up-to-date
- Data is retained no longer than is necessary for processing purposes
- Data is processed lawfully and securely
The Heathfield and Firs Surgeries have a legal basis for sharing confidential health care data for the provision of direct care.
The Heathfield and Firs Surgeries will use your data for other legal bases for processing data for purposes other than direct care are, and may also have to share your data with other organisations not involved in your direct care. This may be for:
- Clinical audits
- Medical Research: your consent will be asked for this use.
- Legally required reasons (CQC, Court Orders, Public Health, NHSE)
- National Screening Audit
We may also share non personal data with other organisations for planning and performance:
CCG, NHS England and Auditors.
As patient you have a right to:
- Access your medical record: please ask at reception as to the different ways and protocols to do this.
- Object to sharing your record (please see above): please look for information regarding the National Opt Out Programme
- Rectification, Objection and complain to the Information Commissioner
To read our full Privacy Notice please click here
Both the High Street and Firs Branch Surgeries use CCTV for the purposes of crime prevention and the safety of staff and patients. Please note that CCTV footage may be used as evidence and shared with the police and third parties (e.g. insurance companies for vehicle damage).
We are committed to protecting the privacy of all individuals using this website.
This policy explains how we use any personal information we collect from you through this website.
Collection of personal information
You can access most of the pages on our website without giving us your personal information. However, you may choose to provide us with your personal information on some pages of the website by completing an on-line form.
Use of personal information
We shall use any personal information you give to us, in accordance with this policy, and with any additional statements appearing on forms used for submitting your personal information. We shall not disclose your personal information to any third parties without obtaining your prior consent unless we are required by law to do so. In particular:
We shall use your personal information to administer, and may respond to, your request.
We shall securely store the information you supply together with any response we may provide.
If you contact us regarding the website we may use your details to reply to you. If you make a comment or complaint about other aspects of the service we may use your details to investigate your comments.
This website uses https to ensure data is encrypted in transmission. This encryption, known as TLS encryption protocol, allows us to protect your privacy. You can usually verify that the page is encrypted by seeing a small lock symbol in the upper left corner of your browser and the website address is prefixed with https://.
All data obtained by us is held and used in compliance with the Data Protection Act 2018.
This website contains links to other sites. We are not responsible for the privacy practices of third parties that run any other websites. Please refer to their own privacy policies for more information.
Access to your personal information
You have a right under the Data Protection Act 2018 to ask us to provide you with the information we hold about you and to have any inaccuracies corrected. If you would like to access a copy of your information, please contact the Practice Manager using the following contact details in the heading above.