Privacy notice
As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect. Please find documents and links below.
Named Data Protection Officer is Samuel Kingsley.
How we use your information
We’re committed to protecting and respecting your privacy.
This policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Any questions relating to this policy and our privacy practices should be sent to:
The Operation Manager, Pembroke Surgery, 31 Alexandra Road Reading, Berkshire, RG1 5PG
Telephone: 0118 935 2121
Our Commitment to Data Privacy
We are committed to protecting your privacy and will only process personal confidential data in accordance with the General Data Protection Act (GDPR).
The Surgery is the Data Controller under the terms of the General Data Protection Act. We are therefore legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you, is done in compliance with the GDPR.
Everyone working for the NHS has a legal duty to keep information about you confidential. All of our staff receive appropriate training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.
Our Legal Basis for Processing
We will only use and process your personal data for:
Performing a contract or service between us;
If it is necessary for our legitimate interests and only if your interests and rights do not override ours.
We will not use your personal data for an unrelated purpose without informing you and the legal basis that we intend to rely on for processing it.
Information we hold about you
Information you give us
You may provide us with personal information through your use of this website. This may include:
‘Identifiable’ personal data that can be used to directly or indirectly identify the person. This can include but is not limited to name, address and email address.
‘Special categories’ personal data (sensitive personal data) relating to racial or ethnic origin, religious or philosophical beliefs and data concerning health or medical conditions.
‘National Obesity Audit’
The Secretary of State has directed NHS England to analyze and link obesity data to support the NHS long term plan, which aims to provide better outcomes for patients.
Information we collect about you.
We may automatically collect the following information about your visit to our website. This information will not identify you, it relates to:
‘Google Analytics’ collects technical information, including your browser type and version, time zone setting, operating system and platform and the pages you visits.
‘Cookies’ are stored whilst you are using this site. We use cookies to recognise your computer when you visit our website to improve the website’s usability. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
How will your information be used
Your personal information will only be used for the purpose of which it was originally given by the individual. For example any information you provide via an online request through the website will only be processed for that request and will not be used for any other reason.
Your information will never be used for marketing or profiling without your explicit consent.
Your Rights
You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any personal confidential data we hold about you.
Right to be informed
You have the right to be informed about the collection and use of your data.
You also have the right to be notified of a data security breach concerning your personal data.
Right of access
You have the right to access any of your personal data that is being processed together with supplementary information. If we do hold information about you we will:
Give you a description of it;
Tell you why we are holding it;
Tell you who it could be disclosed to; and
Let you have a copy of the information in a plain readable format.
Right to be forgotten
You have the right to have your personal data erased. This right is not guaranteed and applies only in certain circumstances.
Right to restrict
You have the right to request the restriction of your personal data from being processed. This will restrict any ongoing processing but not erase any data we hold.
Right to rectification
You have the right to have inaccurate personal data rectified or completed if it is incomplete.
Right to object
You have the right to object to data processing of the information we hold about you, where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
Rights in relation to automated decision making and profiling
The website does not make any automated decisions or profiling with your personal data.
How to make a request
Requests must be made in writing to: The Operation Manager, Pembroke Surgery, 31 Alexandra Road, Reading, Berkshire, RG1 5PG.
The information we will require when you make a request is your name, address, contact telephone number and date of birth and a description of the request.
We will respond within a reasonable period and no later than one calendar month.
Data Retention
Personal data processed for any purpose via this website shall not be kept for longer than is necessary for that purpose.
Third Parties
We do not share or sell your personal information to any third parties outside the NHS.
We would not share information that identifies you unless we have a fair and lawful basis such as:
You have given us permission;
To protect children and vulnerable adults;
When a formal court order has been served upon us;
and/or
When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
Emergency Planning reasons such as for protecting the health and safety of others;
When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals
Processing outside the UK
Your personal information will not be sent outside the United Kingdom.
Other organisations that support the website
The practice uses the services of the additional data processors, who will provide additional expertise to support the work of the Practice.
We have entered into contracts with other organisations to provide some services for us or on our behalf.
These organisations are known as “data processors”.
These organisations are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.
Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.
Complaints
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
To make a complaint or bring concerns to our attention, please contact us in writing:
The Operation Manager, Pembroke Surgery, 31 Alexandra Road, Reading, Berkshire, RG1 5PG
The information we will require when you make a complaint will be:
Your name, address and contact telephone number and those of the person that you may be complaining for; including their date of birth and NHS Number.
A summary of what has happened, giving dates where possible.
A list of things that you are complaining about.
What you would like to happen as a result of your complaint
Contact
If you have any questions about this policy or how we handle your data please do not hesitate to contact us at:
Pembroke Surgery, 31 Alexandra Road, Reading, Berkshire, RG1 5PG
Telephone: 0118 935 2121
Monitoring and Review
We regularly review and, where necessary, update this notice at least annually. If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.
Confidentiality Policy
The practice complies with the Data Protection Act. All information about patients is confidential: from the most sensitive diagnosis, to the fact of having visited the surgery or being registered at the Practice. All patients can expect that their personal information will not be disclosed without their permission except in the most exceptional of circumstances, when somebody is at grave risk of serious harm.
All members of the primary health care team (from reception to doctors) in the course of their duties will have access to your medical records. They all adhere to the highest standards of maintaining confidentiality.
As our reception area is a little public, if you wish to discuss something of a confidential nature please mention it to one of the receptionists who will make arrangements for you to have the necessary privacy.
Under 16s
The duty of confidentiality owed to a person under 16 is as great as the duty owed to any other person. Young people aged under 16 years can choose to see health professionals, without informing their parents or carers. If a GP considers that the young person is competent to make decisions about their health, then the GP can give advice, prescribe and treat the young person without seeking further consent.
However, in terms of good practice, health professionals will encourage young people to discuss issues with a parent or carer. As with older people, sometimes the law requires us to report information to appropriate authorities in order to protect young people or members of the public.
Useful Websites
Freedom of Information Policy
The Freedom of Information Act creates a right of access to recorded information and obliges a public authority to:
- Have a publication scheme in place
- Allow public access to information held by public authorities.
The Act covers any recorded organisational information such as reports, policies or strategies, that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland, however it does not cover personal information such as patient records which are covered by the Data Protection Act.
Public authorities include government departments, local authorities, the NHS, state schools and police forces.
The Act is enforced by the Information Commissioner who regulates both the Freedom of Information Act and the Data Protection Act.
The Surgery publication scheme
A publication scheme requires an authority to make information available to the public as part of its normal business activities. The scheme lists information under seven broad classes, which are:
- who we are and what we do
- what we spend and how we spend it
- what our priorities are and how we are doing it
- how we make decisions
- our policies and procedures
- lists and registers
- the services we offer
You can request our publication scheme leaflet at the surgery.
Who can request information?
Under the Act, any individual, anywhere in the world, is able to make a request to a practice for information. An applicant is entitled to be informed in writing, by the practice, whether the practice holds information of the description specified in the request and if that is the case, have the information communicated to him. An individual can request information, regardless of whether he/she is the subject of the information or affected by its use.
How should requests be made?
Requests must:
- be made in writing (this can be electronically e.g. email)
- state the name of the applicant and an address for correspondence
- describe the information requested.
What cannot be requested?
Personal data about staff and patients covered under Data Protection Act.
For more information see these websites:
Your Rights and Responsibilities
Patient’s Rights
We are committed to giving you the best possible service. This will be achieved by working together. Help us to help you. You have a right to, and the practice will try to ensure that:
- You will be treated with courtesy and respect
- You will be treated as a partner in the care and attention that you receive
- All aspects of your visit will be dealt with in privacy and confidence
- You will be seen by a doctor of your choice subject to availability
- In an emergency, out of normal opening hours, if you telephone the practice you will be given the number to receive assistance, which will require no more than one further call
- You can bring someone with you, however you may be asked to be seen on your own during the consultation
- Repeat prescriptions will normally be available for collection within two working days of your request
- Information about our services on offer will be made available to you by way of posters, notice boards and newsletters
- You have the right to see your medical records or have a copy subject to certain laws.
Patient’s Responsibilities
With these rights come responsibilities and for patients we would respectfully request that you:
- Treat practice staff and doctors with the same consideration and courtesy that you would like yourself. Remember that they are trying to help you
- Please ensure that you order your repeat medication in plenty of time allowing 48 working hours.
- Please ensure that you have a basic first aid kit at home and initiate minor illness and self-care for you and your family.
- Please attend any specialist appointments that have been arranged for you or cancel them if your condition has resolved or you no longer wish to attend
- Please follow up any test or investigations done for you with the person who has requested the investigation
- Attend appointments on time and check in with Reception
- Patients who are more than 10 minutes late for their appointment may not be seen.
- If you are unable to make your appointment or no longer need it, please give the practice adequate notice that you wish to cancel. Appointments are heavily in demand and missed appointments waste time and delay more urgent patients receiving the treatment they need
- An appointment is for one person only. Where another family member needs to be seen or discussed, another appointment should be made
- Patients should make every effort to present at the surgery to ensure the best use of nursing and medical time. Home visits should be medically justifiable and not requested for social convenience
- Please inform us when you move home, change your name or telephone number, so that we can keep our records correct and up to date
- Read the practice leaflets and other information that we give you. They are there to help you use our services. If you do not understand their content please tell us
- Let us have your views. Your ideas and suggestions whether complimentary or critical are important in helping us to provide a first class, safe, friendly service in pleasant surroundings.
NHS Constitution
The NHS Constitution establishes the principles and values of the NHS in England. For more information see these websites: