Data Controller

This is your GP surgery who holds your personal data and decides on how to use the data it holds.

GP Surgery Stamp

                             The Hive health centre

                                   Clough Street

                                   Middleton

                                   Manchester

                                   M24 5LQ

Principle 1:

Legality, Transparency and Fairness

In using your data there may be times when we have to seek your consent to use the data but on other occasions we may need to use your data to comply with our NHS contract, compliance with a legal obligation, to safeguard your vital interest, carry out tasks of public interest or to comply with our official authority.

You have a right to understand how your data is used by the surgery in a clear and transparent manner and have the right to access your information free of charge as long as it doesn’t become excessive.

You have the right to request correction of any inaccurate information held on you. 

Under the Data Protection Act (2108) children from age 13 will have the right to consent to their own services and how the Surgery engages with and provides them care (no need to engage with parent or guardian under DPA(2018) but directly with the child)

Principle 2:

Purpose Limitation

Data collected on you will be limited to what is required for the Surgery to comply with its duty to you and the NHS to deliver healthcare.

Your data may be shared with other agencies that work with the GP surgery. These will include the local Out of Hours

Service (BARDOC), 7 Day GP Services, Hospitals, Pharmacy’s, Canalside PCN and Rochdale Health Alliance.

Community Nurses, Ambulance services and others who may need to be involved in your care. The Surgery may need to share your data for the purposes of medical research.

Information shared will be limited to what is required to continue providing ongoing care.

Once in place a boroughwide IT system allowing safe sharing of information across the health and social care services called Graphnet will ensure safe sharing of your data to enhance the care you receive.

In certain circumstances you will have the right to object to your data being shared.

Principle 3:

Minimisation

The data the surgery holds will be relevant, adequate and limited to what is required for the Surgery to fulfil its duty.

Principle 4:

Accuracy

Data held will be up to date. Any inaccurate information should be brought to the attention of the Surgery to ensure the inaccuracies are rectified.

Principle 5:

Storage Limitation

Your data will be kept in line with NHS requirements. The

Surgery will retain records from birth to death. Following

death the NHS may destroy your records after 10 years

Principle 6:

Integrity and Confidentiality

The Surgery complies with NHS rules on keeping your data safe and secure. The surgery IT system that stores your data is EMIS Web and is one of the NHS approved GP computer systems. The surgery also has internal systems in place to ensure that the premises are secure and staff appropriately trained to comply with confidentiality with regard to your data. When sharing your data with other agencies the Surgery complies with NHS rules on safe transfer of information.

Principle 7:

Accountability

The Surgery has taken the appropriate steps to comply with GDPR. The surgery has appointed a Data Protection Officer (DPO) Paul Fox to ensure the surgery complies with the GDPR legislation and you can contact Paul via the DPOs email address or directly:

dpo.rochdale@nhs.net

paul.fox9@nhs.net 

There is more information available on GDPR on the surgery website.

Should you have concerns about any aspect of the way in which your data is held or used by the Surgery you can contact the Practice Manager at the Surgery (address as above). If you are not satisfied you can contact the Information Commissioners Office (ICO):

Information Commissioner’s Office (ICO)

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Tel: 01625 545700

www.ico.gov.uk