Privacy Policy

Privacy Notice

This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. This applies to personal information processed by or on behalf of the practice.

This notice explains:

  • Who we are, how we use your information and our Data Protection Officer.
  • What kinds of personal information about you we process.
  • What the legal grounds are for our processing of your personal information (including when we share it with others).
  • What you should do if your personal information changes.
  • How long your personal information is retained by us.
  • Your rights under data protection laws.

The General Data Protection Regulation (GDPR) is a single EU-wide regulation on the protection of confidential and sensitive information. 

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), and the Data Protection Act 2018 (currently in Bill format before Parliament) the practice responsible for your personal data is Whaddon Healthcare

This notice describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights

How We Use Your Information

Whaddon Medical Centre will be what’s known as the ‘Controller’ of the personal data you provide to us.

We collect basic personal data about you, which does not include any special types of information or location-based information. This does however include name, address, contact details, such as email and mobile number etc.

We will also collect sensitive confidential data known as ‘special category personal data’, during the services we provide to you, and/or linked to your healthcare through other health providers or third parties. These include:

  • Health information
  • Religious belief (if required in a healthcare setting)
  • Ethnicity
  • Gender

Why Do We Need Your Information?

The health care professionals who provide you with care maintain records about your health, and any treatment or care you have received previously (e.g. NHS trust, GP surgery, walk-in clinic, etc.). These records help to provide you with the best possible healthcare.

NHS health records may be electronic, on paper or a mixture of both, and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which the practice hold about you may include the following information:

  • Details about you, such as your address, carer, legal representative, emergency contact details.
  • Any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health.
  • Details about your treatment and care.
  • Results of investigations such as laboratory tests, x-rays etc.
  • Relevant information from other health professionals, relatives or those who care for you.

To ensure you receive the best possible care, your records are used to facilitate the care you receive. Information held about you may be used to help protect the health of the public, and to help us manage the NHS. Information may be used within the GP practice for clinical audit to monitor the quality of the service provided.

How Do We Lawfully Use Your Data?

We need to know your personal, sensitive, and confidential data in order to provide you with healthcare services as a general practice. Under the General Data Protection Regulation we will be lawfully using your information in accordance with:

  • Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.

This privacy notice applies to the personal data of our patients, and the data you have given us about your carers/family members.