For the purposes of the Data Protection Act 2018 (‘DPA’) and the EU General Data Protection Regulation (‘GDPR’), The Glebe Practice (‘we’ or ‘us’) is the ‘data controller’, which means that we are responsible for, and control the processing of, your personal data).
We have appointed a Data Protection Officer who is responsible for ensuring that we comply with our legal obligations in relation to data protection. Our Data Protection Officer is:
Dr Catherine Ash
The Glebe Practice
Telephone number: 01522 305298
Personal data we may collect about you
We will obtain personal data about you such as:-
- Name, address, next of kin and access details
- Past medical history, health conditions past and present, test results, medications, clinical correspondence, family history
- Third party information
- Social circumstances
This will be obtained whenever you complete an online form by which you consent to us holding that personal data for the purpose specified on that form.
For example, we will obtain your personal data when you register to use this website, send us feedback via the website, sign up to a service, or contact us for any reason.
Occasionally we may receive personal data about you from other sources such as, pharmacies, hospitals, community clinics, care/nursing homes, insurance companies, solicitors, police and HMP - which we will add to the information which we already hold about you. We will do this in order to help us ensure you are receiving appropriate care and that your medical record is up to date and accurate. We will notify you if we intend to disclose that personal data to anyone else.
How we use your personal data
We will use your personal data for the purposes described in the data protection notice that was given to you at the time your data were obtained. These purposes include:
- to help us identify you
- research, statistical analysis and behavioural analysis
- fraud prevention and detection
- customising this website and its content to your particular preferences to notify you of any changes to this website or to our services which may affect you
- security vetting
- improving our services
Lawful Basis for the Processing of Your Personal Data
We will use the personal data that we hold or the purposes of:
- performing any contractual or other obligations that we may have to you,
- complying with our legal obligations, and
- protecting our legitimate interests or those of others but only if it is necessary to do so and those interests are not overridden by your own interests or rights. You have the right to challenge those interests and to request that we stop processing your personal data on this basis. For further information see ‘Your rights’ below.
We can process your personal data for those purposes without your knowledge or consent, but we will not use your personal data held on that basis for any other purpose without telling you that we will do so and our legal basis for processing it.
We may also process your personal data for any purpose to which you have expressly consented. You can withdraw that consent at any time. For further information see ‘Your rights’ below.
You should be aware that if you do not provide or withdraw consent to our processing certain personal data it may not be possible for us to continue to, for example, process a request from a solicitor/insurance company, send a hospital referral, provide a blood test, have a vaccination etc.
Special Categories of Personal Data
Special categories of personal data are types of personal data consisting of information as to:
- your racial or ethnic origin;
- your political opinions;
- your religious or philosophical beliefs;
- your trade union membership;
- your genetic or biometric data;
- your health;
- your sex life and sexual orientation; and
- any criminal convictions and offences.
We will only hold and process special categories of your personal data in certain situations in accordance with the law. For example, we can do so if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request. You do not need to consent and can withdraw consent later if you choose by contacting the Data Protection Officer or the Data Controller.
We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:
- where it is necessary for carrying out legal rights and obligations;
- where it is necessary to protect your vital interests or those of another person where you or they are physically or legally incapable of giving consent;
- where you have made the data public;
- where processing is necessary for the establishment, exercise or defence of legal claims;
- where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.
We may process your race, ethnic origin, religion, sexual orientation, disabilities, medical condition or gender to monitor and to prevent possible discrimination.
Where Your Personal Data Will be Processed
We will not hold or send your personal data outside the European Economic Area.
We will contact you by email, phone, SMS about our services only if you have asked us to do so. If you have changed your mind and would prefer us not to contact you, then you can opt out at any time. For further information see ‘Your rights’ below.
Disclosure of your personal data
We may disclose your personal data to:
- other organisations within the NHS
- our agents and service providers eg clinical system provider (Emis Web), IT Services (NHS), Lincs West CCG (for data gathering eg diabetic retinopathy) and CQRS (automatic extraction for reports and payments)
- Police eg court request, court summons, mental health act (ie if you are a danger to yourself or other)
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
- access to your account is controlled by password and username which are unique to you
- we store your personal data on secure servers
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.
We may monitor and record communications with you such as telephone conversations and emails for the purpose of quality assurance, training, fraud prevention and compliance.
Your Rights in Respect of Personal Data
You have the right to information about what personal data we process, how and on what basis as set out in this policy.
You have the right to access your own personal data by way of a subject access request. We will respond as soon as reasonably practicable and in any event within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by up to a further two months. There is no fee for making a subject access request, but if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
You can correct any inaccuracies in your personal data. To do you should contact the Data Protection Officer as specified above.
You have the right to request that we erase your personal data if we are not legally entitled to process it without your consent or if it is no longer necessary to process it for the purpose for which it was collected. To do so you should contact the Data Protection Officer as above.
While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while that application is made. To do so you should contact the Data Protection Officer as above.
You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop such data processing.
You have the right to object if we process your personal data for the purposes of direct marketing.
You have the right to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
You have the right to be notified of a data security breach concerning your personal data.
In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact the Data Protection Officer as above.
You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). That website has further information on your rights and our obligations
- to recognise you whenever you visit this website (this speeds up your access to the site as you do not have to log on each time
- to make your online experience more efficient and enjoyable
We work with third-party suppliers who may also set cookies on our website, for example Adobe Flashplayer and YouTube which we use to display video content. These third-party suppliers are responsible for the cookies they set on our site. If you want further information about these third party cookies please go to the website for the relevant third party.
How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionalityof this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org
Our contact details
We welcome your feedback and questions. If you wish to contact us, please use the contact form on our website or you can write to us at The Glebe Practice, 85 Sykes Lane, Saxilby, Lincoln LN1 2NU or call us on 01522 305298.