PATIENT PRIVACY STATEMENT
General Data Protection Regulation (GDPR) – How your information will be used
1. As one of your health and social care providers, the Claypath and University Medical Group needs to keep and process information about you for
normal health care purposes.
The information we hold and process will be used for our management and administrative use only. We will keep and use it to provide health care and
manage our relationship with you effectively, lawfully and appropriately, during your registration, whilst you are under our care, and at the time when you
have been discharged or are no longer under our care. This includes using information to enable us to comply with any service/performance contracts, to
comply with any legal requirements, to pursue the legitimate interests of the practice and to protect our legal position in the event of legal proceedings.
If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that
2. As a business we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, for administrative
purposes or to manage your health care. We will never process your data where these interests are overridden by your own interests.
3. Much of the information we hold will have been provided by you, but some may come from other internal sources, such as clinical and administrative staff,
or in some cases, external sources, such as other health and social care providers.
4. The sort of information we hold includes your contact details, your medical records; correspondence with or about you, for example information from other
health and social care providers, medications; records of appointments, visits and other attendances.
5. Where we record or process special categories of information relating to your health and social care records, racial or ethnic origin, religious, biometric
data or sexual orientation, we will always obtain your explicit consent to those activities unless this is required by law or the information is required to
6. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
7. We may record computer and telephone/mobile telephone contacts.
8. Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply
with our contractual duties to you, for instance we may need to pass on certain information to other providers where it is required by law.
9. We may transfer information about you to other health and social care providers for purposes connected with your healthcare or the management of the
practice business, such as Commissioning bodies, hospital trusts, health and social care services.
10. Your personal data will be stored only for as long as we require it in relation to the purpose for which it was collected and/or processed.
11. If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that
purpose and any other relevant information.
12. Your rights
- Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data. You also have the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
- If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
- You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.
13. Identity and contacts details of data controller and data protection officer
The Claypath and University Medical Group acts as the controller and processor of data for the purposes of GDPR.
If you have any concerns as to how your data is processed you should contact the practice Data Protection Officer who for the purposes of GDPR is:
Liane can be contacted by E-mail: firstname.lastname@example.org or you can write to her at:
Liane Cotterill, Senior Governance Manager & Data Protection Officer
North of England Commissioning Support
4 June, 2018