Privacy Notice

Glenlyn Medical Centre Privacy Notice

Effective From:  12 May 2025

Review Date:  1 June 2026

Approved By:  JJ Todd

Author:  JJ Todd

1.         Introduction

1.1   Glenlyn Medical Centre is committed to protecting your personal information. This Privacy Notice explains how we collect, use, and share your data in accordance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and NHS requirements.

2.         Data Controller Details

Name:  Glenlyn Medical Centre

Address:  115 Molesey Park Road, East Molesey, Surrey, KT8 0JX

Phone:  020 8979 3253

Data Protection Officer (DPO):  Provide by SyHeartlandsICB

3.         What Information We Collect

3.1   We may collect and hold personal information about you including

a.           Name, address, date of birth, NHS number

b.           Contact details

c.           Medical history and treatment

d.           Results of investigations (e.g., blood tests, x-rays)

e.           Relevant information from other health professionals

4.         Why We Collect This Information

4.1   We use your information to:

a.           Provide you with appropriate healthcare

b.           Coordinate and manage NHS services

c.           Refer you to other healthcare services

d.           Support preventative medicine, medical research and audit

e.           Report on public health and NHS performance

f.             Fulfil our legal and regulatory obligations

5.         Lawful Basis for Processing

5.1   Our lawful bases include:

a.           UK GDPR Article 6(1)(e) – Performance of a task carried out in the public interest.

b.           UK GDPR Article 9(2)(h) – Provision of health or social care

5.2   We only collect the minimum necessary data to deliver effective care.

6.         Sharing Your Information

6.1   We share information with:

a.           NHS hospitals and community services

b.           Other GP practices and out-of-hours services

c.           Local authorities and social care providers

d.           NHS England, Surrey Heartlands ICB, and other statutory bodies

e.           Third-party providers for digital services (e.g. text reminders)

6.2   All sharing is undertaken securely and in accordance with NHS guidance and relevant data protection law.

7.         Your Rights

7.1   Under UK GDPR you have the right to:

a.           Access your information

b.           Request rectification of incorrect data

c.           Request erasure in certain circumstances

d.           Object to processing

e.           Restrict processing in some cases

f.             Lodge a complaint with the Information Commissioner's Office (ICO)

8.         Retention and Storage

8.1   Your records are kept securely and retained in accordance with NHS Records Management Code of Practice.

9.         Data Security

9.1   We take appropriate technical and organisational measures to protect your data, including:

a.           Role-based access to systems

b.           Secure NHS mail and clinical systems

c.           Staff training in information governance

10.     Changes to This Notice

10.1 We may update this Privacy Notice from time to time. The latest version will always be available on our website and at reception.

11.     Contact Us

11.1 For queries, contact the Practice Manager or our DPO via Surrey Heartlands ICB. For complaints, you may contact the ICO:

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

www.ico.org.uk | Tel: 0303 123 1113