Practice Policies
Confidentiality
The Practice is registered under the Data Protection Act with the Data Protection Registrar and any information that we hold on to you is subject to the conditions imposed upon us by the Data Protection Act. Patient information is shared with practice staff and allied healthcare professionals only when necessary. All these members of staff have signed and strictly adhered to the Data Protection Act. The Data Protection Officer for the practice is Mr Paul Couldrey PCDC.
Freedom of Information
The Freedom of Information Act 2000 obliges the practice to produce a Publication Scheme. A Publication Scheme is a guide to the ‘classes’ of information the practice intends to routinely make available.
Information Sharing
This practice may supply personal health data to comply with its legal obligations from time to time, as directed by the Secretary of State for Health, or other recognised Statutory Authority
The current NHS Digital (NHSD0 extract of GP data for research purposes (known as the GDPR) will commence from 1st September 2021.
You can choose whether your confidential patient information is used for research and planning.
Who can use your confidential patient information for research and planning?
It is used by the NHS, local authorities, University and hospital researchers, medical colleges and pharmaceutical companies researching new treatments.
Making your data opt-out choice
You can choose to opt out of sharing your confidential patient information for research and planning. There may still be time when your confidential patient information is used: for example, during an epidemic where there might be a risk to you or other peoples health. You can also still consent to take part in a specific research project.
Will choosing this opt-out affect your care and treatment?
No, your confidential patient information will still be used for your individual care. Choosing to opt out will not affect your care and treatment. You will still be invited for screening services such as screenings for bowel cancer
What should you do next?
You do not need to do anything if your happy about how your confidential patient information is used.
If you do not want your confidential patient information to be used for research and planning, you can choose to opt out securely online or through a telephone service.
You can change your choice at any time. To find out more or to make your choice visit nhs.uk/your-nhs-data-matters or call 0300 303 5678
Download the type 1 opt out form (PDF, 380KB)
Privacy Notices
Data Protection Privacy Notice For Patients
This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from you or about you.
This privacy notice applies to personal information processed by or on behalf of the practice.
Downloads
Generic GP GDPR Privacy Notice v3.8 September 2025 SystmOne Practices GP Connect NOA CHIS
Your Data Matters (PDF, 224KB)
Privacy Notice – Children – January 2024
Data Protection Privacy Notice for Patients – March 2024
COVID Privacy Policy – January 2024
Rights to Services
Patients registered with the Practice have a Right to the Services that are provided. In like manner, the Practice has a Right to expect Patients to attend and be on time for their Appointment and, when unable to keep an Appointment, to cancel it, so that time is not wasted and someone else can be seen.
The Practice will not tolerate Abuse of any kind or Violence aimed at any Member of the Practice Team or any Person Visiting the Surgery Premises. Any Person Threatening Violence or Abusing Staff will be removed from the Practice List.
Subject Access Requests
On 25 May 2018 the current UK Data Protection Act 1998 (DPA 1998) will be fully replaced by the UK General Data Protection regulation (2016/679).
As with DPA 1998 these new regulations give living individuals the right to request access to personal data held on them by the practice. This is known as Subject Access Request (SAR).
Requesters must be either, the data subject OR have the written permission of the data subject OR have legal responsibility for managing the subject’s affairs to access personal information about that person. It is the requesters responsibility to satisfy the practice of their legal authority to act on behalf of the data subject.
The practice must be satisfied of the identity of the requester before we can provide any personal information.
Download the Subject Access Request Form (PDF, 31KB)
Timeframe for responding to requests
The statutory timeframe has now been reduced to at least one month of receipt of the request, and in any event without delay.
The period of compliance can be extended by a further two months where requests are determined to be complex or numerous.
