As data controllers, GPs have fair processing responsibilities under the Data Protection Act and GDPR law 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
Privacy Information for Patients
As a patient, our practice will need to keep information about you to deliver care and treatment. This information will briefly explain what information the Practice collects about you and how we keep this information safe. For further information, please contact the practice or refer to our main privacy notice which is available upon request or via our website.
What Information do we collect about you?
We will collect information about you, your health and health care you have received.
This will include personal information such as your NHS number, name, address, contact information, date of birth, and next of kin.
We will also collect sensitive personal information about you (also known as special category data) which includes information relating to your health (appointment visits, treatments information, test results, X-rays, or reports), and may include information relating to your sexual orientation, race or religion.
Most of the above information we collect and hold about you forms part of your medical record and is primarily held to ensure you receive the best possible care and treatment.
The information we hold is collected through various routes; these may include:
- Direct interactions with you as our patient
- Indirectly from other health care providers for example when you attend other organisations providing health or social care services
- Through wearable monitoring devices such as blood pressure monitors
- Automated technologies such as when you interact with our website, we may automatically collect data about your equipment, browsing actions and patterns.
How do we use your information
The Information we collect about you is primarily used for your direct care and treatment but may also be used for:
- The management of healthcare services
- Participation in national screening programmes
- National data collection requirements
- Medical research and clinical audit
- Legal requirements
- Security and safety of our staff and premises
Partners we may share your information with
We may also use external third-party companies (data processors) to process your personal information. These companies will be bound by contractual agreements to ensure information is kept confidential and secure. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
We will not share your information with any third parties for the purposes of direct marketing.
For further information on how we use your information and the organisations whom we may share your information with please contact the practice or refer to our main privacy notice which is available upon request or via our website.
Retention / Storing of your Personal Information
We are required by UK law to keep your information and data for a defined period, often referred to as a retention period. The Practice will keep your information in line with our records management policy, this is available upon request from the Practice.
Our legal basis for processing your personal data
The legal bases for most of our processing relates to your direct care and treatment:
Article 6(1)(e) – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Where we have a specific legal obligation that requires the processing of personal data, the legal basis is:
Article 6(1)(c) – processing is necessary for compliance with a legal obligation to which the controller is subject.
Where we are processing special category personal data for purposes related to the commissioning and provision of health services the condition is:
Article 9(2)(h) – processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and service;
Article 9(2)(i) – processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices.
There may be other scenarios where other legal bases are utilised, for further information on this please contact the practice or refer to our main privacy notice which is available upon request or via our website.
The UK General Data Protection Regulation (UK GDPR) includes a number of rights. We must generally respond to requests in relation to your rights within one month, although there are some exceptions to this.
The availability of some of these rights depends on the legal basis that applies in relation to the processing of your personal data, and there are some other circum- stances in which we may not uphold a request to exercise a right. A list of the rights available to you are listed below:
- Right to be Informed Right of Access
- Right to Rectification
- Right to Erasure (‘right to be forgotten’) Right to Restriction of Processing
- Right to Data Portability
- Right to Object
- Rights in relation to automated individual decision-making including profiling Right to complain to the Information Commissioner
Please contact the Practice for further information on exercising any of the above rights.
How to contact us
Please contact the practice if you have any questions about our privacy notice or information we hold about you via the below methods:
Contact Details of our Data Protection Officer
The Practice is required to appoint a data protection officer (DPO). This is an essential role in facilitating practice accountability and compliance with UK Data Protection Law.
Practice Name: Mountain View Health Centre, 51 Mayhill Road, Mayhill, Swansea, SA1 6TD
Tel: 01792 957600
Our Data Protection Officer:
Digital Health and Care Wales,
Information Governance, Data Protection Officer Support Service
5th Floor, Tŷ Glan-yr-Afon
21 Cowbridge Road East
The information Commissioner’s Office
Information Commissioner’s Office
Tel: 0303 123 1113
How to Contact us
PRACTICE NAME: Mountain View Health Centre
TEL: 01792 957600
A cookie is a small file, typically of letters and numbers, downloaded on to a device (like your computer or smart phone) when you access certain websites.
Cookies allow a website to recognise a user’s device.
Some cookies help websites to remember choices you make (e.g. which language you prefer if you use the Google Translate feature). Analytical cookies are to help us measure the number of visitors to a website. The two types we use are ‘Session’ and ‘Persistent’ cookies. Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time.
We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.
What can I do to manage cookies on my devices?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
If you are concerned about cookies and would like to ask further questions please do not hesitate to write to our website developers – email@example.com