Privacy Notice – Weatheroak Medical Practice

Privacy Notice – Weatheroak Medical Practice

This Privacy Notice explains how our practice collects, uses, and protects your personal information. It applies to all personal data processed by or on behalf of the practice.

  1. Who we are and what we do

We are the data controller for the personal information you give us or that is collected about you. We comply with UK Data Protection Law, including GDPR and the Data Protection Act 2018.

A Data Protection Officer oversees how we manage your data.

 

Our DPO –

Mr Umar Sabat

IG-Health

Website: www.ig-health.co.uk

Email: umar.sabat@ig-health.co.uk

 

  1. What information we collect

We collect:

  • Basic details – name, address, date of birth, contact details, and information about carers or next of kin.
  • Health and other sensitive (‘special category’) data – medical history, test results, treatment records, ethnicity, sex, and any information shared by other health professionals.

These records may be electronic, paper, or both.

  1. Why we need your information

Your records allow us to:

  • Provide safe and effective healthcare
  • Coordinate treatment with other NHS organisations
  • Review care quality through audits
  • Help manage NHS services and protect public health
  1. Legal basis for using your data

We use your data because:

  • It is necessary for providing healthcare and treatment (GDPR Articles 6e and 9h).
  • It allows us to carry out tasks in the public interest or under official authority.
  1. Other ways your data may be used
  • Risk stratification: to identify patients who may benefit from extra support. You may opt out.
  • Medicines management: to ensure your medication is appropriate, safe, and cost-effective.
  • Research or service improvement: only with your consent unless data is anonymised.
  1. Sharing your information

We only share information when necessary for your care or when the law requires it. Organisations we may share with include:

  • NHS Trusts, GPs, community services
  • Pharmacies, dentists, opticians
  • NHS England, local authorities, social care
  • Ambulance services, safeguarding teams
  • Approved external data processors (under strict confidentiality agreements)

We will not share your information for marketing.

  1. How we protect your information

We follow NHS and legal confidentiality standards. All staff and contractors sign confidentiality agreements and access your data only when required. Some data is stored electronically and may be held on secure EU-based servers.

  1. How long we keep your information

We keep records in line with the NHS Records Management Code of Practice, after which they are securely destroyed.

  1. Your rights

You have the right to:

  • Access your records (Data Subject Access Request)
  • Correct inaccurate information
  • Object to certain types of processing
  • Withdraw consent where consent is the basis for processing
  • Request erasure of your data in specific circumstances
  • Request transfer of your data to another provider

We normally respond within one month.

  1. Keeping your information up to date

Please inform us promptly if your personal details change, especially your address or phone number.