GDPR/Privacy Notice

What information do we collect about you?

We only collect the information (“data”) that we need to help us keep you healthy – such as your name, address, next of kin, records of appointments, visits, telephone calls, your health record, treatment and medicines, test results, X-rays and any other information to enable us to care for you.

How do we use your information?

  • We share your medical records with other health professionals who are involved in providing you with care and treatment. This is only ever on a need-to-know basis and event by event.
  • Some of your data is automatically copied to the Shared Care Summary Record.
  • We share some of your data with local out-of-hours provider
  • Data about you is used to manage national screening campaigns such as flu, cervical cytology and diabetes prevention.
  • Your data about you is used to manage the NHS and make payments.
  • We share information when the law requires us to, for instance when we are inspected or reporting certain illnesses or safeguarding vulnerable people
  • Your data is used to check the quality of care provided by the NHS.
  • We may also share medical records for medical research

How to access your records?

We encourage patients to sign up to online services (Patient Access) where you can also access your medical records. Please ask our receptionist for more details.

If you want to see what is written about you, you have a right to access the information we hold on you, but you will need to complete a form called Subject Access Request (SAR). Please ask at reception for a SAR form and you will be given further information. You can request to view only certain parts of your records if you prefer.

Furthermore, should you identify anything in your record which is incorrect,  you have the right to have the inaccurate data corrected.

Processors of personal data

In order to deliver the best possible service, the practice contracts Processors to process personal data, including patient data on our behalf.

When we use a Processor to process personal data we will always have an appropriate legal agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by a Processor include:

  • Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services etc.
  • Delivery services (for example if we were to arrange for delivery of any medicines to you).
  • Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

Don’t want to share?

All our patients can choose not to share their information. Should you wish to opt out of data collection, please contact a member of staff, alternatively,

Patients can set their opt-out preferences at www.nhs.uk/your-nhs-data-matters You will need their NHS number and a valid email address or telephone number which is on the GP record or on the Personal Demographics Service database to register their decision to opt out. Patients who are unable to use the online facility can use a phone helpline to manage their choice 0300 303 5678. A paper print-and-post form is also available at www.nhs.uk – Other ways to make a choice about sharing data.

Alternatively, please contact a member of staff for support.

Have a question?

If you have any questions, ask a member of the surgery team. You can:

Contact the practice’s data controller via email at lamccg.exchangesurgeryreceptionnhs@nhs.net. GP practices are data controllers for the data they hold about their patients

Ask to speak to the practice manager Lucie Lehane who is also Data Protection Champion for The Exchange Surgery.

Data Protection Officer (DPO) contact for The Exchange Surgery:

IG Help Desk Contact:

GP DPO Service Lead: Claire Clements

If you’re not happy about how we manage your information

We really want to make sure you’re happy, but we understand that sometimes things can go wrong. If you are unhappy with any part of our data-processing methods, you can complain. For more information, visit ico.org.uk and select ‘Raising a concern’.

We always make sure the information we give you is up-to-date. Any updates will be published on our website, in our newsletter and leaflets, and on our posters. This policy will be reviewed in May 2019.

For more information see Our Healthier South East London Privacy Notice.