This privacy notice describes the information that we as doctors at the Guildford Private General Practice (GPGP) may collect from you, how it may be used and how we protect it.
We are known as a Data Controller in respect of the information we hold about you.
We are registered with the Information Commissioner’s Office (ICO)
What personal information is collected?
The information will mainly relate to your medical treatment and includes ‘special categories of personal information’ previously known as ‘sensitive personal data’
Personal Information held about you may include:
Date of Birth
Contact details eg. address, telephone numbers, e-mail address
Emergency contact details including next of kin
Special Categories Personal Information may include:
Details of your current or previous physical or mental health, treatments you have received, medication & allergies
Your Nationality &/ or Ethnicity
Genetic or biometric data
Information concerning your sex life &/or sexual orientation
How is information collected?
Directly from you when:
You complete a medical questionnaire
You visit us at the Practice
You send an enquiry via our website
You contact us by email or telephone
You provide us with a summary of your past medical history
From other healthcare organisations:
Letters from clinicians following clinic appointments or hospital admissions
Results of laboratory tests or x-rays & scans.
This is in order that your GPGP medical record is kept up to date when you receive care from us next time.
What are the purposes for which your information is used?
To provide you with healthcare
For medical research & to check the quality of care given to patients (clinical audit)
Compliance with legal obligations
To communicate with you and resolve any queries or complaints you might raise.
We may also send you information about our services (marketing) if you have given your consent. We will NOT give your personal information to other companies for marketing purposes.
Lawful basis for processing data
‘Processing is necessary for the purpose of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.’
‘Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.’
‘Processing is necessary for compliance with a legal obligation to which the controller is subject.’
For medical research: ‘the data subject has given explicit consent..’
How is your data stored?
The medical record containing your personal data is stored on a secure electronic database and any paper records are kept in a locked cabinet.
We use a secure e-mail system called egress switch which encrypts e-mails & attachments in order to protect your personal data, however we cannot guarantee the security of any information you transmit to us in an un-encrypted e-mail and you do so at your own risk. Our website http://www.thegpgp.co.uk does not use ‘cookies’
How long is the information kept?
We will keep your GP medical records in line with the law & national guidance. Information can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016
Who do we share your information with?
Your data may be shared with other healthcare professionals involved in your treatment including:
In a referral to a Hospital Specialist or allied professional (including their medical secretary)
In a letter to your NHS GP
On a prescription to your chosen pharmacy
In a request for a diagnostic test
Your data may also be shared with organisations including:
Our regulators such as the Care Quality Commission:
For more information about the CQC see http://www.cqc.org.uk
National and other professional research/audit programmes & registries:
We carry out clinical audits within the practice to check the quality of the care we provide & help improve patient care in the future.
We may share information with medical research organisations with your explicit consent or when the law allows. Medical research helps answer questions about diseases & is useful in the development of new treatments.
Selected third parties in connection with any sale, transfer or disposal of our business
In addition, we sometimes need to share information when there are safeguarding concerns, this is in order to protect someone including a child from the risk of harm. These circumstances are rare. We do not need your consent or agreement to do this.
The safeguarding lead at Mount Alvernia Hospital is Marian Pearson, Director of Nursing and the local safeguarding service is Surrey Multi-Agency Safeguarding Hub (MASH) email@example.com tel 03004709100
We will also share information with our local health protection unit or Public Health England when the law requires us to do so, for example to prevent the spread of infectious diseases or other diseases which threaten the health of the population.
We may also be required to share information with the police where reasonably necessary for the prevention or detection of crime.
We must also share your information if a court of law orders us to do so.
We may also disclose your personal information to our third party service providers such as: IT suppliers, Defence Organisations and our accountant.
We don’t share your information with third parties for commercial purposes.
Your right to object:
You have the right to object to information being shared between those who are providing you with direct care. This may affect the care you receive- please speak to one of us at the GPGP.
You have the right to object to your identifiable data being used or shared for medical research purposes. Please speak to us if you wish to object.
You are not able to object when information is legitimately shared for safeguarding reasons.
Your right to access and to rectification:
You have the right to access your medical record, although please note in some circumstances we may not be able to fully comply with your request, for example if it involves the personal data of a third party.
You have the right to any errors being corrected.
Your right to erasure:
You have the right to ask that we delete the personal information we hold. However, there are exceptions to this right & in some circumstances we can refuse to delete the information, for example if it is necessary to keep the information in order to carry out duties which are in the public interest including public health or for the purpose of defending legal claims.
Your right to restriction:
You have the right to request the restriction of your personal data in certain circumstances for example during the verification of the accuracy of the data.
Your right to complain:
You have the right to complain to the Information Commissioner’s Office
You can call the helpline on 0303 123 1113 or contact them at