TOOTING MED CENTRE LTD
PROTECTING YOUR PRIVACY
This Notice explains why the Practice collects information about you, how that information may be used and what rights you have regarding the data we hold about you. We are committed to respecting and protecting your privacy. We will keep your personal information safe, secure and private.
Tooting Med Centre Ltd trading as Tooting Medical Centre and SW11 Medical (hereinafter referred to as “TMC”, “we”, “us”, “our”), is the data controller for the purpose of the Data Protection Act 1998. The company is registered in England and Wales with company number 07758028 and having its registered office at 5 London Road, London SW17 9JR.
We are registered under the Data Protection Act 1998 with the Information Commissioner’s Office (“ICO”, the UK data protection regulatory body) our ICO registration number is ZA008395.
WHY WE COLLECT AND STORE YOUR DATA
Our health care professionals who provide you with care maintain records about your health and any treatment or care you have received from them. These records help to provide you with the best possible healthcare. As a healthcare provider we are obliged to retain your records for certain periods of time, (details of which are contained in our Retention Policy). We have to insure that we store your information for as long as required by law and as long as it is needed to provide efficient services to you. When the information is no longer needed, we will delete it using reasonable measures to protect the information from unauthorized access or use.
DATA WE HOLD ABOUT YOU
Your health records may be processed electronically, on paper or a mixture of both, and a combination of working practices and technology are used to ensure that your information is kept confidential and secure. They include data you gave us, data we have collected about you and data we have received from other sources (such as your GP, hospital, laboratories etc.).
Records held by our Practice may include the following categories:
• Details about you, such as address and next of kin
• Any contact the Practice has had with you, such as appointments, clinic visits, emergency appointments, etc.
• Notes and reports about your health
• Details about your treatment and care
• Results of investigations, such as laboratory tests, x-rays, etc.
• Relevant information from other health professionals, relatives or those who care for you
HOW WE USE YOUR DATA AND WHEN WE MAY DISCLOSE IT
Medical information will be kept confidential, it will only be disclosed to those involved with your treatment or care or their agents, specialists, laboratories, our administration or legal department and, if applicable, to any person or organization who may be responsible for meeting your treatment expenses, or their agents.
We can disclose personal information if:
• It is required by law
• You consent – either implicitly or for the sake of their own care or explicitly for other purposes
• It is justified in the public interest
On some occasions it may be necessary to undertake clinical audits of records to ensure that the best possible care has been provided to you or to prevent the spread of infectious disease, wherever possible this will be done in anonymised form.
Sometimes your information may be requested to be used for research purposes – the Practice will always endeavour to gain your consent before releasing the information.
We will also disclose some or all of the data (depending on the purpose it is needed for) to the following third parties:
• Our professional advisors including our lawyers and accountants (and those of any prospective purchasers of our business – see below) when required for them to provide us (or prospective purchasers of our business) with professional advice – we will disclose only data that are necessary to be disclosed for the purpose and we will impose appropriate obligations to protect the security and privacy of your information;
We will disclose and/or transfer your personal information to third parties:
In the event that we sell, transfer, buy, re-organise, re-structure any business or assets, in which case we will transfer your personal data including your medical records to the prospective transferee or buyer of such business or assets for them to continue to use it in the same or similar way as we have prior to the transfer. The Practice will always endeavour to inform you about it in advance.
We do not disclose information about identifiable individuals to our advertisers or insurers, but we may provide them with anonymous aggregate information about our customers.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your anonymous information to any third party for such purposes. You can exercise your right to object to such processing by contacting us at email@example.com
HOW WE MAINTAIN THE CONFIDENTIALITY OF YOUR RECORDS
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 1998 (which is overseen by the Information Commissioner’s Office), Human Rights Act and the Common Law Duty of Confidentiality.
All of our staff and independent practitioners receive appropriate and on-going training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff have access to personal information where it is appropriate to their role and is strictly on a need-to-know basis.
We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you as set out in this Privacy Notice. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.
YOUR RIGHT OF ACCESS TO INFORMATION
The Data Protection Act 1998 gives you the right to access information held about you. Any Data Subject Access Request will be subject to a fee of up to £50.00 to meet our costs in providing you with details of the information we hold about you. Please write to the Practice Manager at our address as shown at the top of this Privacy Notice or email us at firstname.lastname@example.org if you wish to make a request or if you wish us to make a rectification of any of your personal details that you consider we hold and are inaccurate.
Under the new legislation (GDPR), you have a right to access, to request rectification or erasure, a right to restrict processing or object to processing of your data.
If you have any concerns, comments or questions about this Privacy Notice or the way we process your data please do feel free to email us at: email@example.com
If we cannot resolve your complaint or answer your questions regarding this you can contact the ICO at Wycliffe House, Water Lane, Wimslow, Cheshire SK2 5AF.