As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
Estuary Group Practice is the controller for personal information we process. The practice is is committed to protection your personal information and respecting your privacy. We have a legal duty to explain how we use personal information about you as a registered patient at the practice
What Information do we collect about you?
We will collect information about you and in relation to your health and health care services you have received. This will include personal information such as your NHS number, name, address, contact information, date of birth, and next of kin.
We will also collect sensitive personal information about you (also known as special category data) which includes information relating to your health (appointment visits, treatments information, test results, X-rays or reports), as well as information relating to your sexual orientation, race or religion.
All the above information we collect and hold about you forms part of your medical record and is primarily held to ensure you receive the best possible care and treatment.
We may also collect your personal image on surgery CCTV when you attend the practice premises.
How is your personal data collected?
The information we hold is collected through various routes; these may include:
Direct interactions with you as our patient, when you register with us for care and treatment, during consultations with practice staff and when you subscribe to services for example, newsletters, text messaging, telephone recordings, creating an account for online services.
Indirectly from other health care providers. When you attend other organisations providing health or social care services for example out of hours GP appointments or visits to A&E and some interactions with Social Care, they will let us know so that your GP record is kept up to date.
Through wearable monitoring devices such as blood pressure monitors
When your image is captured on practice CCTV Cameras
Automated technologies such as when you interact with our website, we may automatically collect data about your equipment, browsing actions and patterns. This is collected using cookies, for further information about how we use cookies please see our cookie policy.
How do we use your information?
The Information we collect about you is primarily used for your direct care and treatment but may also be used for:
- The management of healthcare services
- Participation in National Screening Programmes
- National Data Collection Requirements
- Medical research and clinical audit
- Legal requirements
- Security and Safety of our staff and premises
We will not share your information with any third parties for the purposes of direct marketing.
Partners we may share your information with
We may share your information, subject to agreement on how it will be used with the following organisations:
- NHS Trusts / Foundation Trusts/Health Boards
- Other GP’s such are those GP Practices as part of a cluster
- Out of hours providers
- Diagnostic or treatment centres
- Independent Contractors such as dentists, opticians, pharmacists
- Private Sector Providers
- Ambulance Trusts
- Social Care Services
- NHS Wales Informatics Services
- NHS Wales Shared Services
- Health and Care Research Wales
- Public Health Wales
- Healthcare Quality and Improvement Partnership
- Local Authorities
- Education Services
- Fire and Rescue Services
- Police & Judicial Services
- Voluntary Sector Providers
We may also use external third-party companies (data processors) to process your personal information. These companies will be bound by contractual agreements to ensure information is kept confidential and secure. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Download our Freedom of Information Policy (Word)
Download the Freedom of Information quick reference guide (Word)
Read the Freedom of Information Act from the ICO (PDF)
Download our Privacy Information Leaflet (Word)
If you need any of this information in a different format, please contact reception.