Privacy Notice

The Practice and Your Information

We take your privacy very seriously. We are registered with the Information Commissioner’s Office as a Data Controller and our registration number can be found if you search the ICO online register.

We aim to provide you with the highest quality health care.

To do this we must keep records about you, your health and the care we have provided or plan to provide to you.

Your doctor and other health professionals caring for you, such as nurses or physiotherapists, keep records about your health and treatment so that they are able to provide you with the best possible care.

Please be aware that both clinical and administrative staff will access your personal data, this allows us to manage high volumes of communication and activity.

Administrative staff are bound by confidentiality in the same way as the clinician is and will keep your information private.

These records are called your ‘health care record’ and may be stored in paper form or on computer and electronic systems and may include Personal Data;

  • basic details about you, such as address, date of birth, NHS number, and next of kin​

as well as Sensitive Personal Data;

  • contact we have had with you, such as clinical visits

  • notes and reports about your health

  • details and records about your treatment and care

  • results of x-rays, laboratory tests etc​

Healthcare providers are permitted to collect, store, use and share this information under Data Protection Legislation which has a specific section related to healthcare information.

If you have any questions or wish to make a request in relation to your information, please contact us using the details on our main page or contact our Data Protection Officer at

​Our Data Protection Officer service is provided by Kafico Ltd. When we ask for their support, we will aim to remove any reference to individual patients. Where this is not possible, we will use the minimum necessary to allow us to obtain advice and support.

You can find out more about Kafico Ltd, including their privacy policy at

What We Do With Your Information

Below is a description of the routine uses of your information;

  • Refer you to other healthcare providers when you need other service or tests

  • Discuss or share information about your health or care with other health or social care providers, including using technology such as GP Connect

  • Share samples with laboratories for testing (like blood samples)

  • Share test results with hospitals or community services (like blood test results)

  • Allow out of hours or extended hours GPs to look at your health record when you are going to an appointment

  • Send prescriptions to a pharmacy

  • Text patients in relation to healthcare services. See Information Technology for more information.

  • Samples are provided to the courier for delivery to pathology

  • Share reports with the coroner

  • Receive reports of appointments you have attended elsewhere such as with the community nurse or if you have had a stay in hospital

  • Produce medical reports on request from third parties such as the DVLA or your employer

  • Movement of Patient records to Primary Care Support England

14th April 2019: Amended to include “Discuss or share information about your health or care with other health or social care providers”

25th October 2020 Amended to include link for more information about text messaging

28th May 2021: Amended to include a link about opting out of research

What Else Do We Use Your Information For?

Along with activities related directly to your care, we also use information in ways which allow us to check that care is safe and provide data for the improvement and planning of services.

  • Quality / payment / performance reports are provided to service commissioners

  • As part of clinical research – information that identifies you will be removed, unless you have consented to being identified

  • Undertaking clinical audits locally to ensure safety and efficiency

  • Supporting staff training

  • Incident and complaint management

  • Sending practice information to other NHS bodies for national audits or research that are required by law (e.g. NHS Digital Audit Data Collection) or the Learning Disabilities Census

  • Local evaluations and planning activities

Sharing When Required by Law

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly. Examples might be for the purposes of detection or prevention of crime, where it is in the wider public interest, to safeguard children or vulnerable adults, reporting infectious diseases or where required by court order.

Care Quality Commission Access to Health Records

CQC has powers under the Health and Social Care Act 2008 to access and use your health information where it is necessary to carry out their functions as a regulator.​

This means that inspectors may ask to look at certain records to decide whether we are providing safe, good quality care.

More information about the CQC can be obtained on their website

Children and Young People

Young people from aged 13 (and sometimes younger) are allowed to make decisions about how their health information is shared.

A parent or guardian may apply for access to young person’s information.

If a young person does not consent – we may not provide access to the adult.

If the young person does not have the capacity to understand, we may provide access to the adult because it is in the young person’s best interest to do so.

Young people can ask us to keep certain parts of their information confidential.

If the young person is making decisions about their information that puts them at risk – we may notify adults with parental rights.

Information Technology

The practice will use third parties to provide services that involve your information such as;
  • Removal and destruction of confidential waste

  • Provision of clinical systems

  • Provision of connectivity and servers

  • Digital dictation services

  • Data analytics or warehousing (these allow us to make decisions about care or see how effectively the practice is run – personal data will never be sold or made available to organisations not related to your care delivery)


We have contracts in place with these third parties that prevent them from using it in any other way that instructed. These contracts also require them to maintain good standards of security to ensure your confidentiality.


Text Messaging

Our practice may wish to use text messaging to communicate with you about practice activities or your own healthcare. 


We may text you;

  • To send survey/questionnaires which, if they are clinical, we will save into your medical record

  • With a link so you can send photos to the clinician of your rash or lump for example

  • Ask you to update clinicians on your treatment or wellbeing

  • Invite you to health screenings or vaccinations

  • send referrals letters or summaries

  • Contact you if you miss an appointment e.g. at outpatients 

  • Contact you if you are not able to answer a phone call

  • Send you test results or ask you to call to discuss your results

  • Send you general public health messages about COVID 19, flu clinics, mental health or wellbeing services

  • In relation to research projects, unless you have objected


You can object at any time by getting in touch with us.

If you share a mobile phone with someone, please be mindful that they may see information about your health.

For information about the providers we use for our SMS, please see our list of providers on the main privacy policy page.


GP Connect

We use a facility called GP Connect to support your direct care. GP Connect makes patient information available to all appropriate clinicians when and where they need it, to support direct patients care, leading to improvements in both care and outcomes.

GP Connect is not used for any purpose other than direct care.

Updated 21st June 22 to include research projects for potential SMS
Updated 2nd July 22 to include GP Connect paragraph
Updated 22nd August 22 to include “invitations to screenings or vaccinations”
Updated 31st August 23 to include a new link to GP Connect transparency notice

Your Rights

Data protection law provides you with a number of rights that the practice is committed to supporting you with;

Right to Access

You have the right to obtain:

  • Confirmation that your information is being used, stored or shared by the practic

  • A copy of information held about you

  • We will respond to your request within one month of receipt or will tell you when it might take longer.

  • We are required to validate your identity including the identity of someone making a request on your behalf

Right to Object or Withdrawn Consent

​We mainly use, store and share your information because we are permitted in order to deliver your healthcare but you do have a right to object to us doing this.

Where we are using, storing and sharing your information based on explicit consent you have provided, you have a right to withdraw that consent at any time.

You can choose to opt out of sharing your confidential patient information for research and planning. There may still be times when your confidential patient information is used: for example, during an epidemic where there might be a risk to you or to other people’s health. You can also still consent to take part in a specific research project.

Visit to opt out.

Our Data Protection Officer will be happy to speak with you about any concerns you have.

Right to Correction

If information about you is incorrect, you are entitled to request that we correct it

There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time.

We will respond to your request within one month of receipt or will tell you when it might take longer.

Right to Complain

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

For more detailed information on your rights visit

15th September 2022 removed section indicating that requests may be processed late due to COVID-19.

Online Access to Your Health Records

What is Online Access?

Online Access allows patients to view their health record online, either through the NHSapp or a web portal.
Between November 2022 and the end of the year, the practice is planning to activate a new online access service. It will mean that new items added to a patient health record will be made visible to patients that have created an account with the web portal or NHS App. The date that this is enabled will depend on when the practice is able to taken the necessary steps to support a safe and effective process.
Please be aware that we do not recommend that patients share logins for their Online Access. If you have previously shared access for the limited view of your record, this will automatically show more details and you should consider removing this access.
This will not necessarily show you everything that is in your record and so it is important to note that if you want a copy of all the information the practice holds about you, you will need to make a request to the practice, and we will arrange this to be emailed or posted to you.

What are the Benefits?

Involvement in the decisions made about us is a really important part of our human rights. Having access to information that concerns our health, empowers us and helps us to make informed decisions about our health and health care.
You will be able to access consultations, test results and other useful information via the Online Access systems. You can also book or cancel appointments and request prescriptions.

What might be withheld?

The practices may not provide access to information that could cause harm to patients or others or affect (prejudice) the activities of third parties such as social services or the police.
Whether data is actually harmful will often depend on the circumstances of the particular patient. and the practice may need to take some time to work through records prior to them being made available online.

Is this a Subject Access Request?

Online Access may satisfy your requirements if you need certain information but the items available online will not necessarily be everything that is in your record and so it is important to note that if you want access to all the information the practice holds about you, you will need to make a request to the practice, and we will arrange this for you.

When Will I be Able to See All My Records?

NHS England has plans to release all records to patients, including historic records in the coming years. We will notify you as these changes come into force.

Can I Switch Online Access Off?

Yes, to discuss this you can contact the practice directly or contact our Data Protection Officer at
If you are concerned that someone is coercing you into sharing access to your online records or you want particular items to be withheld, please let your practice know and they will arrange this for you.​

What if I have Complaints or Concerns about the Information I can See?

You can contact the practice directly or contact our Data Protection Officer at

How Do We Keep Your Information Safe?

We are committed to ensuring the security and confidentiality of your information.

There are a number of ways we do this;

Staff receive annual training about protecting and using personal data

Policies are in place for staff to follow and are regularly reviewed

We check that only the minimum amount of data is shared or accessed

We use ‘smartcards’ to access systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’

We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information

We report and manage incidents to make sure we learn from them and improve

We put in place contracts that require providers and suppliers to protect your data as well

We do not send your data outside of the UK without appropriate, lawful safeguards.


15th September 2022 Amended “We do not send your data outside of the EEA” to “We do not send your data outside of the UK without appropriate, lawful safeguards”

How Long Do We Keep Your Information?

In line with the NHSX Records Management Code of Practice, we will retain / store your health record for your lifetime.

When a patient dies, we will send your record to Primary Care Services England review the record and generally it will be destroyed 10 years later, unless there is a reason to keep it for longer.

If you move away or register with another practice, we will send your records to the new practice.

Your Information: Planning and Research

Information about your health and care helps the NHS to improve your individual care, speed up diagnosis, plan your local services and research new treatments. 

It can also help research organisations to explore new treatments or make discoveries.

You can decide that you do not want your information to be used in this way.

There are two main options;

Option 1: Opting out of the GP Data for Planning and Research (GPDPR) Formally known as GPES. 

This means you don’t want your data to be extracted from your GP clinical system and used for Planning and Research Purposes. You can opt out at any time but opting out before the end of August 2021 will mean your data is not extracted by the new process. Opting out after that date will mean that no further extractions will occur. Find out more about GPDPR.

Option 2: Opting out of NHS Digital using or sharing your health data (held by any provider, not just your GP), for Planning and Research purposes. 

You can opt out at any time.  Find out more about opting out of Research and Planning.

Other materials and materials in other languages are available here.

How do I Opt Out?

To opt out of your data leaving the GP Practice for Research and Planning (Type 1), just contact your GP practice by website, phone, email or post and let us know.

To opt out of your health data being used or shared by NHS Digital (Type 2), you can Call.

The phone number is 0300 303 5678 – Monday to Friday, 9am to 5pm (excluding bank holidays).

National Data Opt Out
Contact Centre
NHS Digital
HM Government
7 and 8 Wellington Place




The practice is required to share patient information with NHS England in order to support the work being undertaken in relation to COVID-19.  

The OpenSAFELY COVID-19 service provides a secure analytics service for academics, analysts and data scientists to access GP and NHS England de-identified patient data for COVID-19 research, COVID-19 clinical audit, COVID-19 service evaluation and COVID-19 health surveillance purposes (COVID-19 Purposes). The Service is currently operated by NHS England in collaboration with the Bennett Institute and The Phoenix Partnership (TPP), or Egton Medical Information Systems (EMIS) (the GP System Suppliers). 

You can find out more by clicking here.

If you have opted out of your data being shared for research and planning purposes, your data will not be included.

Page added June 1st 2021
Added chapter “OpenSAFELY COVID-19” 9th July 2023

COVID-19 Research: NHS Digital

This practice is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital.

The health and social care system has been / is facing significant pressures due to the coronavirus (COVID-19) outbreak.

Health and care information is essential to deliver care to individuals, to support health, social care and other public services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the coronavirus outbreak.


In the current emergency it has become even more important to share health and care information across relevant organisations. This practice is supporting vital coronavirus planning and research by sharing your data with NHS Digital, the national safe haven for health and social care data in England. 

​National Data Opt Out and NHS Digital

Our legal basis for sharing data with NHS Digital

NHS Digital has been legally directed to collect and analyse patient data from all GP practices in England to support the coronavirus response for the duration of the outbreak. NHS Digital will become the controller under the General Data Protection Regulation 2016 (GDPR) of the personal data collected and analysed jointly with the Secretary of State for Health and Social Care, who has directed NHS Digital to collect and analyse this data under the COVID-19 Public Health Directions 2020 (COVID-19 Direction).

All GP practices in England are legally required to share data with NHS Digital for this purpose under the Health and Social Care Act 2012 (2012 Act). More information about this requirement is contained in the data provision notice issued by NHS Digital to GP practices.

Under GDPR our legal basis for sharing this personal data with NHS Digital is Article 6(1)(c) – legal obligation. Our legal basis for sharing personal data relating to health, is Article 9(2)(g) – substantial public interest, for the purposes of NHS Digital exercising its statutory functions under the COVID-19 Direction.

The type of personal data we are sharing with NHS Digital

The data being shared with NHS Digital will include information about patients who are currently registered with a GP practice or who have a date of death on or after 1 November 2019 whose record contains coded information relevant to coronavirus planning and research. The data contains NHS Number, postcode, address, surname, forename, sex, ethnicity, date of birth and date of death for those patients. It will also include coded health data which is held in your GP record such as details of:

  • diagnoses and findings

  • medications and other prescribed items

  • investigations, tests and results

  • treatments and outcomes

  • vaccinations and immunisations

How NHS Digital will use and share your data

NHS Digital will analyse the data they collect and securely and lawfully share data with other appropriate organisations, including health and care organisations, bodies engaged in disease surveillance and research organisations for coronavirus response purposes only. These purposes include protecting public health, planning and providing health, social care and public services, identifying coronavirus trends and risks to public health, monitoring and managing the outbreak and carrying out of vital coronavirus research and clinical trials. The British Medical Association, the Royal College of General Practitioners and the National Data Guardian are all supportive of this initiative.

NHS Digital has various legal powers to share data for purposes relating to the coronavirus response. It is also required to share data in certain circumstances set out in the COVID-19 Direction and to share confidential patient information to support the response under a legal notice issued to it by the Secretary of State under the Health Service (Control of Patient Information) Regulations 2002 (COPI Regulations).

Legal notices under the COPI Regulations have also been issued to other health and social care organisations requiring those organisations to process and share confidential patient information to respond to the coronavirus outbreak. Any information used or shared during the outbreak under these legal notices or the COPI Regulations will be limited to the period of the outbreak unless there is another legal basis for organisations to continue to use the information. 

Data which is shared by NHS Digital will be subject to robust rules relating to privacy, security and confidentiality and only the minimum amount of data necessary to achieve the coronavirus purpose will be shared. Organisations using your data will also need to have a clear legal basis to do so and will enter into a data sharing agreement with NHS Digital. Information about the data that NHS Digital shares, including who with and for what purpose will be published in the NHS Digital data release register.

For more information about how NHS Digital will use your data please see the NHS Digital Transparency Notice for GP Data for Pandemic Planning and Research (COVID-19).

National Data Opt-Out​

The application of the National Data Opt-Out to information shared by NHS Digital will be considered on a case by case basis and may or may not apply depending on the specific purposes for which the data is to be used. This is because during this period of emergency, the National Data Opt-Out will not generally apply where data is used to support the coronavirus outbreak, due to the public interest and legal requirements to share information.

Your rights over your personal data

To read more about the health and care information NHS Digital collects, its legal basis for collecting this information and what choices and rights you have in relation to the processing by NHS Digital of your personal data, see:

Privacy Policy Videos