Privacy Notice

Introduction

Glenlyn Medical Centre is committed to protecting your personal information. This Privacy Notice explains how we collect, use, and share your data in accordance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and NHS requirements.

Purpose

This Privacy Notice explains how Glenlyn Medical Centre collects, uses, stores, and shares personal information to provide safe and effective healthcare services. It sets out what information we hold about patients, why it is needed, how it is protected, who it may be shared with, and the rights individuals have over their data. The Notice ensures transparency and demonstrates our compliance with UK data protection law, NHS requirements, and our commitment to protecting patient confidentiality and trust.

Data Controller Details

Name:  Glenlyn Medical Centre

Address:  115 Molesey Park Road, East Molesey, Surrey, KT8 0JX

Phone:  020 8979 3253

Data Protection Officer (DPO):  Provide by SyHeartlandsICB

What Information We Collect

We may collect and hold personal information about you including

a.          Name, address, date of birth, NHS number

b.          Contact details

c.           Medical history and treatment

d.          Results of investigations (e.g., blood tests, x-rays)

e.          Relevant information from other health professionals

Why We Collect This Information

We use your information to:

a.          Provide you with appropriate healthcare

b.          Coordinate and manage NHS services

c.           Refer you to other healthcare services

d.          Support preventative medicine, medical research and audit

e.          Report on public health and NHS performance

f.            Fulfil our legal and regulatory obligations

Lawful Basis for Processing

Our lawful bases include:

a.          UK GDPR Article 6(1)(e) – Performance of a task carried out in the public interest.

b.          UK GDPR Article 9(2)(h) – Provision of health or social care

We only collect the minimum necessary data to deliver effective care.

Sharing Your Information

We share information with:

a.          NHS hospitals and community services

b.          Other GP practices and out-of-hours services

c.           Local authorities and social care providers

d.          NHS England, Surrey Heartlands ICB, and other statutory bodies

NHS OpenSAFELY Data Analytics Service 

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Whilst each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.

Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register type 1 opt out with us.

Find additional information about OpenSAFELY and a link to an Easy Read Version of this summary here

e.          Third-party providers for digital services (e.g. text reminders)

All sharing is undertaken securely and in accordance with NHS guidance and relevant data protection law.

Your Rights

Under UK GDPR you have the right to:

a.          Access your information

b.          Request rectification of incorrect data

c.           Request erasure in certain circumstances

d.          Object to processing

e.          Restrict processing in some cases

f.            Lodge a complaint with the Information Commissioner's Office (ICO)

Retention and Storage

Your records are kept securely and retained in accordance with NHS Records Management Code of Practice.

Data Security

We take appropriate technical and organisational measures to protect your data, including:

a.          Role-based access to systems

b.          Secure NHS mail and clinical systems

c.           Staff training in information governance

Changes to This Notice

We may update this Privacy Notice from time to time. The latest version will always be available on our website and at reception.

Contact Us

For queries, contact the Practice directly, or our DPO via Surrey Heartlands ICB. For complaints, you may contact the ICO:

Address:  Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Web:  www.ico.org.uk

Telephone:  0303 123 1113

 

Date Published: 12th May, 2025
Date Last Updated: 22nd December, 2025