We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice v 5
Our GP practice is committed to working in partnership with local authorities and the Clinical Commissioning Group's safeguarding team to fulfil their safeguarding responsibilities.
GP practice website
As part of the enhanced services available on the GP practice website, personal information will be gathered when accessing on-line consultation services, such as, name, address/postcode, date of birth, gender, phone number and email address.
Staff and job applications
When individuals apply to work at our practice the information is used to process applications and recruit GP practice staff. Where the GP practice needs to disclose information to a third party, for example, to gain a reference, or to obtain a 'disclosure' from the Disclosure and Barring Service, the GP practice will not do so without informing the applicant beforehand, unless the disclosure is required by law.
Once a person has taken up employment the GP practice will maintain an employment file. The information contained in this file will be kept secure and will only be used for purposes directly relevant to that person's employment.
What is the lawful basis for processing your information?
The General Data Protection Regulations 2018, (Article 6(1) (a), 6(1)(e) and 9(2)(h) legally provides the GP practice the right to process your information. The NHS Act 2006 and the Health and Social Care Act 2012 invests statutory functions on GP Practices to promote and provide the health services in England, improve quality of services, reduce inequalities, conduct research, review performance of services and deliver education and training.
To do this we will need to process your information in accordance with current data protection legislation to:
- Protect your vital interests
- Pursue our legitimate interests as a provider of medical care, particularly where the individual is a child or a vulnerable adult
- Perform tasks in the public's interest
- Deliver preventative medicine, medical diagnosis and medical research
- Manage the health and social care system and services.
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.
Your information will only be shared if it is appropriate for the provision of your care or required to satisfy our statutory function and legal obligations.
Keeping your information private
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the General Data Protection Regulations, Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of practice on confidential information.
Every member of staff who works for our practice has a legal obligation to keep information about you confidential. Anyone who receives information from an NHS organisation or health care service, or processes it on their behalf, has a legal and contractual duty to keep it confidential.
The practice will not share your information with third parties without your consent unless there are exceptional circumstances, such as when the health and safety of you or others is at risk, to protect the health and wellbeing of children and vulnerable adults, or where the law requires us to do so.
Sharing information for your care and well-being
We will share relevant information from your medical record with other health or social care staff or organisations when they provide you with care. For example, your GP will share information when they refer you to a specialist in a hospital, or your GP will send details about your prescription to your chosen pharmacy.
Healthcare staff working in A&E/Urgent Care Centres and the out of hours GP care service will also have access to your information. For example, it is important that staff who are treating you in an emergency know if you have any allergic reactions and the medication you are taking. This will involve the use of your Summary Care Record For more information see: https://digital.nhs.uk/summary-care-records or alternatively speak to your practice.
Your information may be shared if you have received treatment to determine which Clinical Commissioning Group (CCG) is responsible for paying for your treatment. This may include your name, address, NHS number and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances such as;
- Through a court order, where a judge has ordered that specific and relevant information should be disclosed – in such an event as preventing crime or fraud
- When it is necessary for the reasons of public interest in the area of public health such as protecting again serious cross-border threats to health, such as a flu pandemic or rare infectious disease
- When it is necessary to protect the vital interests of an individual to protect the safety and welfare of vulnerable children and adults
- When there are specific lawful conditions to do so under the General Data Protection Regulations; or any subsequent data protection laws.
Caldicott Principle 7
The duty to share information can be as important as the duty to protect patient confidentiality. This means that health and social care professionals will share information in the best interest of their patients with the framework which is set out in the Caldicott principles.
https://www.gov.uk/government/publications/the-information-governance-review
Caldicott Guardian details
All NHS organisations are required to nominate a Caldicott Guardian. This role has the responsibility for protecting the confidentiality of patient information and enabling appropriate information sharing.
The name of our GP practice Caldicott Guardian is:
DR JHUMUR MOIR
Setting a national opt-out preference
Commissioned by the Secretary of State for Health Dame Fiona Caldicott, the National Data Guardian for Health Care (NDG) has reviewed data security and data sharing in the health and social care system. The so-called 'Caldicott review' provides for people to be able to make an informed choice about whether to share data or not.
Patients and public who decide they do not want their personally identifiable data used for planning and research purposes will be able to set their national opt-out preference
As of the 25th May 2018, residents have the right to opt out of your personal confidential information being used for the following purposes.
- Providing local services and running the NHS and social care
- Supporting research and improving treatment of care
To set an opt-out preference, NHS Digital will offer digital (online) and non-digital national data opt-out systems.
For further information and support relating to opt-outs, please contact NHS Digital
Exceptional circumstances
The opt-out will not apply where there is a mandatory legal requirement or an overriding public interest. These will be areas where there is a legal duty to share information (for example a fraud investigation) or an overriding public interest (for example to tackle the ebola virus).
Who are our partner organisations?
Below are just some of the organisations that we may have to share your information with. This would only be done in line with the lawful basis for sharing information under the data protection laws.
- •NHS Trusts / Foundation Trusts
- •Other GP's
- •NHS Commissioning Support Units
- •Independent Contractors such as dentists, opticians, pharmacists
- •Private Sector Providers
- •Voluntary Sector Providers
- •Ambulance Trusts
- •Clinical Commissioning Groups
- •Social Care Services
- •NHS Digital
- •Primary Care Support England
- •Local Authorities
- •Education Services
- •Fire and Rescue Services
- •Police & Judicial Services
- •Other 'data processors' which you will be informed of
- •BHNC Clock tower PCN
- •Southampton University and Nottingham University
We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.
Sharing your information to improve your care
To be able to provide the best care for our patients a system called Connect Care was developed. A similar system called Local Care Record is used in other parts of south east London. These systems allows GP staff, hospital staff, district nurses and other local organisations involved in your care to share important information about the people they care for. This could include checking which medications a patient is taking or a child's immunisations history.
Only authorised staff will have access to these systems on a need to know basis and the information is operated over a secure network.
You will be asked your permission at the point of care before viewing your record. If you are unable to give permission e.g. in an emergency, your care provider may access your record if they believe it is in your best interest.
Health providers who have access to your records will be better informed about your care and it enables faster and effective delivery of your care, without the need for sharing information by letter, email, fax or phone.
You have the right to choose not to have your information available through Connect Care and the Local Care Record. If you don't want your information to be available through this service and want to find out how to opt-out, or want to find out how this might affect your care, visit the Connect Care web page. If you do not have access to the website, you can call 020 8836 4592 and leave your name and number for someone to contact you.
Sharing information with our local partners in Bexley
Urgent Care Centre's NHS 111
The Hurley Group provide urgent care and out of hours service to residents of Bexley. This service is offered at two sites – Queen Mary's Hospital Sidcup and Erith District Hospital (GP Hubs - extended hours service)
Bexley Health Neighborhood Care (BHNC) provides patients that are registered with a GP practice in Bexley to access evening and weekend GP appointments. BHNC was created by local GPs and are based at Queen Mary's Hospital Sidcup and Erith District also some GP surgeries within the Clocktower PCN. BHNC. Referral services
BHNC Bexley Health Limited provides referral booking management services for GP practices and patients in Bexley.
Sharing information for research purpose
NHS England has been directed by the government to establish and operate the Open Safely COVID19 service and the Open Safely data analytics service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID -19 and other purposes. Each GP practice remains the controller of its own GP patient data but is requited to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym. Only approved users are allowed to run theses queries, and they will not be able to access information that directly or indirectly identifies individuals.
Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
Ways we may communicate with you
Our practice may need to contact you for a variety of reasons including to:
Discuss your care and treatment
- Offer you a new appointment or alter an existing one
- Send you a reminder of an existing appointment
- Ask your opinion of our services
- Tell you about other care services (such as flu jabs)
- Arrange for transport to be provided
- Arrange for a home visit
- If you are a member of the patient participation group, it is important to confirm with your GP practice your communication preferences at the time of registering.
Our standard way to contact you is by letter or telephone. We may also use emails and SMS text messaging.
When our practice uses text messaging services, no confidential information will be contained in the message; it will generally be a reminder for an appointment or care service message.
It is important that you advise your GP practice of any change of details in relation to your phone and contact details as soon as possible.
You can change your communication preferences or opt out of the SMS text service at any time by contacting the surgery. Please note: Changes of address must be made in writing or in person at the surgery or via the practice website function. We cannot accept over the telephone)
Contact that is made to and from the GP practice from an individual's private email account, are not secure. Any patient or service user using this method, do so at their own risk (however small).
How do I gain access to my personal information?
You have a right to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. You are able to either view or receive copies of records held in electronic or paper format.
This type of request is known as a 'Subject Access Request' (SAR) and can be made in writing to the GP via email or post. For information from the hospital you will need to write direct to them. In special circumstances your right to see some details in your health records may be limited, to protect you and others mentioned in your records from harm, and to maintain the confidentiality of others.
Under the Data Protection laws our GP practice are required to respond to your request within 30 days. You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified and your records located.
No fee will be charged for this service, unless a request is manifestly unfounded, excessive or repetitive.
GP patient on-line service
Patients with access to internet or a personal computer can register for 'Patient On-line service'. Patients can sign up and register with the practice to view parts of your GP record, including information about medication, allergies, vaccinations, previous illnesses and test results. This service also offers booking and cancelling appointments on-line and ordering repeat prescriptions. For more information see GP Online services
Other additional information rights
As well as the right to have access to your personal information, under the data protection laws of 2018, individuals also have;
- the right to be informed (Through this privacy notice and other methods of communication)
- the right for information to be rectified
- the right to erasure
- the right to restrict processing
- the right to portability
- the right to object
- rights in relation to automated decision making and profiling
There are various exception and circumstances where your request may be refused and therefore individuals should always consult with the Practice Manager when making a request under your individual rights.
Can I access the records of my children?
You may be able to access the records of your child/children. However, if a clinician has stated that he/she believes your child/children to be competent to make their own decisions, then you will not have an automatic right of access. If this is the case, any requests for copies of your child's records will need to be with the consent of your child/children.
As above, there may be legal exceptions when it will not be appropriate or possible to obtain information, such as safeguarding or a court order.
To apply for access, please use the procedure above.
To carry out your rights or request a copy of your information please contact:
Data Protection Lead
Name: JANET BORTHWICK
Address: THE WESTWOOD SURGERY, 24 WESTWOOD LANE WELLING KENT
Contact: 0208 303 5353
How long do we keep your information?
GP medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at:
Transfer of information outside the European Union to third countries or international organisations.
There are legal restrictions imposed on health and care organisations regarding the transfer of personal data outside the European Union, to third countries or international organisations. Our GP practice does not share or transfer information outside of the European Union, to third countries or international organisations.
Automated individual decision-making (Profiling)
Automated individual decision-making is defined as making decisions or evaluating things about an individual solely by automated means without any human involvement.
Most GP practices in Bexley provide an on-line healthcare consultation process which provides self-care advice. This on-line consultation service may use automated clinical decision making tools.
Personal data breaches
All organisations that process personal data have a duty to report certain types of personal data breach to the Information Commissioners Office within 72 hours of an incident occurring.
What to do if you have any questions?
Should you have any concerns about how your information is managed at the practice, please contact the PRACTICE MANAGER
If you are still unhappy following a review by the GP practice, you can contact NHS England England.contactus@nhs.net or the Information Commissioners Office. https://ico.org.uk/
NHS England leads the National Health Service (NHS) in England and set the priorities and direction of the NHS and encourages and informs the national debate to improve healthcare. The NHS England website provides information on how to provide your feedback or make a complaint. https://www.england.nhs.uk/
The Information Commissioners Office is a UK independent body which has been established to uphold information rights for individuals.
Review History
- Reviewed 18.03.2022
- Reviewed 30.03.2023
- Reviewed 15.05.2024
- Reviewed 30.04.2025
- Reviewed 12.12.2025