We use cookies to make this site work. We'd also like to set optional cookies so we can understand how the site is used and improve it. We will not set optional cookies unless you accept them. You can change your choice at any time from the Cookie settings link in the footer.
Strictly necessary cookies
These cookies are required for the site to work. They store your cookie preferences and keep your session secure. They are exempt from consent under PECR Regulation 6(4) because they are essential to deliver the service you have requested.
Optional cookies
Optional cookies help us understand how the site is used and provide additional features such as analytics, accessibility tools and translation. We will only set them if you accept.
What is a privacy notice?
A privacy notice helps this surgery to tell you how we use the information it has about you. The data could be name, address, date of birth and, importantly, the clinical records that a clinician may write about you in your healthcare record.
Why do we need one?
By law, this practice needs a privacy notice. This is detailed within the Data Protection Act 2018 and is part of the UK General Data Protection Regulation (or UK GDPR for short)
What is the UK GDPR?
The UK GDPR is part of a law that states that the information about you must remain secure. All staff at the surgery must follow these rules and keep your information safe.
How can I learn more about the privacy notice?
You can request a copy of our long read privacy notice at any time via the patient feedback lead. More information on how the wider NHS uses data
The UK GDPR details what needs to be provided within the privacy notice, this is:
- What information we hold about you
- How we keep this especially important information safe and secure and where we keep it
- How we use your information
- Who we share your information with
- What your rights are
- When the law gives us permission to use your information
What information do we collect about you?
Personal information is anything that identifies you as a person and we all have personal information. Personal information that tells us something about you includes:
- Your name
- Address
- Mobile and/or home telephone number
- Information about your parent(s) or person with parental responsibility
- All your health records
- Appointment records
- Treatments you have had
- Medicines prescribed for you and any other information to help us to look after you
How do we use your information?
Your information is taken to help us to provide your care. We might need to share this information with other medical teams. We only usually use your information to help us to care for you. That means we might need to share your information with other people who are concerned and involved with looking after your health, such as hospitals if you need to be seen there.
We might also need to share your information with the police, courts, social services, solicitors and other people who have a right to your information, but we always make sure that they have a legal right to see it (or have a copy of it) before we provide it to them. The law gives us permission to use your information in situations when we need it to take care of you. Because information about your health is very personal, sensitive and private to you, the law is very strict about how we use it. So, before we can use your information in the ways we have set out in this privacy notice, we have to have a good reason in law which is called a ‘lawful basis’.
Not only do we have to do that, but we also have to show that your information falls into a special group or category because it is very sensitive. By doing this, the law makes sure we only use your information to look after you and that we do not use it for any other reason.
If you would like more information about this, please ask to speak to our Data Protection Officer (DPO) who is mentioned in this privacy notice who will explain this in more detail.
How do we keep your information safe?
We know that it is really important to protect the information we have about you. Therefore, we will follow the rules that are written in the Data Protection Act and the Chapter that details the UK GDPR. The law says that we must do all we can to keep your information private, safe and secure.
We use secure computer systems and we make sure that any written information held about you is kept securely and we train our staff to respect your privacy and deal with your information in a manner that makes sure it is always kept and dealt with in a safe way.
Does this practice use artificial intelligence (AI)?
Yes, we do use AI although, prior to doing so, a full data protection impact assessment has been completed to guarantee that any AI use will comply with UK data protection laws and this includes UK GDPR.
We will use AI in the following:
- Clinicians may use AI software during consultations to support both the compiling and documenting of your clinical record. Data will include your name, any contact details, medical history, diagnosis, treatment information, and any other information shared during the consultation.
- Further to this, there may also be an audio recording of the clinician, although this is only to detail their professional identifiers, such as name and title.
Should you not wish the clinician to use any AI during your consultation, please make them aware of this.
For further information, a privacy notice that specifically supports AI use is available upon request.
What if I have a long-term medical problem?
If you have a long-term medical problem then we know it is important to make sure your information is shared with other healthcare workers to help them to help you, making sure you get the care you need when you need it.
Who else will see my information?
Usually, only staff at this practice are allowed to see your information. Should you need to go to the hospital then we may be asked to share your information with them, but this is only so that we can take care of you.
Sometimes we might be asked to take part in medical research that could help you in the future. We will always ask you or your parent(s) or an adult with parental responsibility if we can share your information if this happens.
Possibly the police, social services, the courts or other organisations may have a legal right to see your information.
What if I don’t want to opt out of sharing my medical information?
All our patients, no matter what their age, can say that they don’t want to share their information. If you’re under 13 this is something that your parents or an adult with parental responsibility will have to decide. If you’re over 13 and need help, then it may make sense to discuss this with those who care for you.
Should you want to discuss this further, then you can discuss any concerns that you have with a member of staff at the surgery.
You have a right to ask us not to share your information. Should you want to talk to us about not sharing your information, even if this means you do not want us to share your information with your parent(s) or an adult with parental responsibility, please let us know.
How to access my records?
If you want to see what is written about you, you have a right to access the information we hold about you, but you will need to complete a Subject Access Request (SAR). There are some rules on this.
- If you are under 16, your parents or adults with parental responsibility can do this on your behalf.
- If you are over 12, you may be classed as being competent and may be able to do this yourself.
- If you are over 16 and need help in understanding what to do, then you can still ask the person who cares for you to do it on your behalf.
You may also be able to access your records online and you can discuss this with a member of staff at the surgery.
What if there is something wrong in my record?
If you believe that there are any errors in the information that we hold about you, then you can ask us to correct it.
Can I get anything removed from my record?
Legally, we cannot remove any of the information we hold about you as we need all this information to take care of you.
What to do if I have a question?
Should you have any questions about this privacy policy or the information we hold about you, you can discuss this with a member of staff, or your parents or adults with parental responsibility, or the person who cares for you.
They will advise you to either:
- Send a query, comment or suggestion via our website
- Write to the data protection officer Dan Clement at: kmicb.ig@nhs.net by telephone 01634 335095 or by post to: NHS Kent and Medway, 2nd floor, Gail House, Lower Stone Street, Maidstone, ME15 6NB
- Ask to speak to the Practice Manager Arif Ladha or Operations Manager Nicole Bingham
Please note that the DPO is specially trained in data management.
What if I have a complaint about how my information is being managed?
If you are unhappy with any element of our data processing methods, contact the Patient Feedback Lead in the first instance. If you feel that we have not addressed your concern appropriately, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
For further details visit the ICO Website
The ICO is the regulator for the UK GDPR and offers independent advice and guidance on the law and personal data including your rights and how to access your personal information.
Using your health data for planning and research
You can decide whether you wish to have your information extracted and there are two main options available to you.
Option 1:
Type 1 opt-out applies at organisational level and means that your medical record is not extracted from the organisation for any purpose other than for direct patient care. You can opt-out at any time. Opting out will mean that no further extractions will be taken from your medical record.
For a Type 1 Opt-out, you need to contact the organisation by phone, email or post to let us know that you wish to opt-out. Further information is available on the NHS website
Option 2:
The National Data Opt-out (NDO-O) allows data to be extracted by NHS England for its lawful purposes but it cannot share this information with anyone else for research and planning purposes. You can opt-out at any time.
NDO-O
You need to inform NHS England. Unfortunately, this cannot be done by this organisation for you. You can opt in or out at any time and complete this by any of the following methods:
- Online service: You will need to know your NHS number or your postcode as registered at this organisation via make your choice about sharing data from your health records
- Telephone service 0300 303 5678 which is open between 9.00am to 5.00pm Monday to Friday
- NHS App: For use by patients aged 13 and over. The app can be downloaded from the App Store or Google Play
Photocopies of proof of the applicant’s name (e.g., passport, UK driving licence etc.) and address (e.g., utility bill, payslip etc.) need to be sent with the application.
It can take up to 14 days to process the form once it arrives at NHS, PO Box 884, Leeds. LS1 9TZ
Further information on NDO-O is available on the NHS England website
Love meLove my mind
A ParkrunPractice
Surrey Coalition ofDisabled People
Armed Forces veteranfriendly accredited
GP practice
The Old Cottage Hospital
Alexandra Road
Epsom
Surrey
KT17 4BL
Telephone: 01372 724434
Car park available
Fitznells Manor Surgery
2 Chessington Road
Ewell
Surrey
KT17 1TF
Telephone: 01372 724434
Car park available
Stoneleigh Medical Centre
24 The Broadway
Stoneleigh
Surrey
KT17 2HU
Telephone: 01372 724434
Free Timed Street Parking Only