Downton Surgery respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.
Purpose Of This Privacy Notice
This privacy notice aims to give you information on how Patient Link collects and processes your personal data through your use of the surgery website. Any data relating to a child needs to be provided by their legal guardian. It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Changes To The Privacy Notice And Your Duty To Inform Us Of Changes
This version was last updated in March 2021.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The Data We Collect About You
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together, as follows:
Identity Data includes name, gender, date of birth, address, telephone number, email, NHS number.
Contact Data includes email address and telephone numbers.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Special Categories of Data includes sensitive medical details such as symptoms, conditions, biometrics, family history, medication and any other health data you provide to us by filling the form on the website.
Usage Data includes information about how you use our website, products and services.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
If You Fail To Provide Personal Data
Where we need to collect personal data for the information to be forwarded via the practice website to the GP practice you have chosen and you fail to provide that data when requested, we may not be able to send the information to the GP practice. This does not affect your ability and freedom to visit your medical practitioner.
How Is Your Personal Data Collected?
You may give us your Identity, Contact and Special Categories of Data by filling in forms or by Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.
How We Use Your Personal Data?
We collect the personal data that you may volunteer while using our services. We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not collect or use personal data for any purpose other than that indicated below:
To send you confirmation of requests that you have made to us.
To send you information when you request it.
We intend to protect the quality and integrity of your personally identifiable information and we have implemented appropriate technical and organisational measures to do so. We ensure that your personal data will not be disclosed to State institutions and authorities except if required by law or other regulation.
Data Security
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:
• Data Protection Act 2018
• The General Data Protection Regulations 2016
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality, Information Security and Records Management
• Information: To Share or Not to Share Review
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention
How Long Will You Use My Personal Data For?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Integrated Care Record
‘Bath and North East Somerset, Swindon and Wiltshire Integrated Care Record (BSW ICR) is a digital care record system for sharing information in Bath and North East Somerset, Swindon and Wiltshire. It allows instant, secure access to your health and social care records for the professionals involved in your care.
Relevant information from your digital records is shared with people who look after you. This gives them up-to-date information making your care safer and more efficient.
Downton Surgery uses the system in the following way
- We can access your data stored within the system and provide relevant information about you and your health
If you would like to learn more about BSW ICR and how your information is being used please click here.’
Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
Request access to your personal data
Request correction of your personal data
Request erasure of your personal data
Object to processing of your personal data
Request restriction of processing your personal data