Privacy notice
As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
Read our simple privacy notice below.
Follow this link to read our full privacy policy.
Follow this link to read the Health Information Exchange System privacy notice.
Follow this link to read the Children’s privacy notice.
Summary Privacy Notice
What is This?
We are required by law to provide you with information on how we use your data. There is a highly detailed privacy notice available from our website. Please visit our Privacy Notice page to view this but this simplified notice is provided for clarity.
Who are we?
We are the Edmonton Medical Centre. We provide medical services to you as a patient as part of the NHS.
- Address: 234 Fore Street, Edmonton, London, N18 2LY
- Email: Contact surgery via eConsult
- Telephone: 020 8803 6705
- Website: www.edmontonmedicalcentre.nhs.uk
Data Protection Officer
The practice is required by law to have a Data Protection Officer. The contact details are:
- Name: Steve Durbin
- Email: Dpo.Ncl@nhs.net
- Address: Please use the practice address above, marking “For the attention of the Data Protection Officer”
Purposes of Processing, Legal Basis, Types of Data
We process data to carry out our role as your General Practitioner in providing you with healthcare.
The legal basis for this purpose is provided by the various NHS and social care acts. The Data Protection Act 2018 section 8 allows us to process data for these purposes. This provide a legal basis for processing under the Applied GDPR Article 6 1(e) – task in the public interest.
For special category data Data Protection Act section 10 applies (health and social care purpose) and hence GDPR Article 9 2(h) – provision of health and social care. There are additionally some situations where other provisions are used; these are given in more detail in the full notice.
The types of data we keep relate to your health and care. These include both personal identifiers (e.g. your name, NHS number) and special category personal data (e.g. your health conditions). Further details are provided in the full notice.
Recipients of Your Data
We share data with other health and social care providers in order to provide you with care. You can opt out of this sharing, but this may affect your care. See the full privacy notice for details.
We are additionally required to supply data to other parts of the NHS for commissioning and audit purposes.
We share data for research purposes and health planning. You again can opt out of these purposes; this will generally not affect you individually, but will mean that research and planning may not take into account needs of people such as yourself. See the full privacy notice for details.
Transfers to Other Countries
We do not store or transmit your data outside of the UK and EU unless this is:
- Required for your care and you have consented to this
- Covered by a formal contract with a system provider to the NHS ensuring your data is not used for any purposes not in this notice and compliant with the UK GDPR; or
- We are required to under international law
We do not sell your data
How Long Will You Keep My Data?
This depends on a number of factors such as how long you stay with our practice and the type of data. Generally, when you leave our practice your data is transferred to the new practice or to central records and we do not retain after that point.
Full details of how long data is held can be found in the NHS Records Management Code of Practice.
Your Rights
You have the right to:
- Receive a copy of your data (Subject Access Request)
- Have your data corrected, erased or restrict processing
- Complain to our Data Protection Officer or the supervisory authority (the Information Commissioner) about our use or handling of your data
If you wish to exercise your rights, please contact the practice in the first instance – details above. You can also contact the Data Protection Officer if you prefer – details are again given above, or you can contact the Information Commissioner (ICO) – details via their website at www.ico.org.uk.
Provision of Data
It is not generally a legal requirement for you to provide us with data – however if you do not do so we may be unable to provide you with treatment. For more detail see the full privacy notice.
Automated Decision Making
We use various tools to simplify care and ensure that you get the best care possible.
Some of these have a degree of automation, for example, where a regular test is recommended for a health condition you have, or you are in a particular age and gender range and have not had a recommended screening test, we will have an automated list that flags you to be contacted. These recalls are automated, but it’s up to you to book an appointment; no action is taken beyond contacting you.
NO decisions on your care are taken without human intervention.
- This notice was last updated in April 2023
Letters/Scripts – Data Protection
If scripts, letters, etc are being collected by anyone other than named adult, they are to be accompanied by an authority letter giving the name of the person collecting plus proof of ID.
Personal health information in patients is used in accordance with the Data Protection Act 2018.