Privacy Policy

SurgeryWeb are the suppliers of this practice website and takes privacy and security very seriously, especially when it comes to personal information.

This privacy policy describes how the Practice collects, protects and makes use of information held about you. This policy may be updated regularly and any amendments are effective immediately so we recommend you review this policy often to stay informed.

Our website may contain links to other websites, which are provided for your convenience. We are only responsible for the privacy practices and security of this website and not external websites. You should therefore check any other linked website’s privacy policies.

If you have any questions about this policy or the data we hold about you, please contact the practice.

What we collect and how we use it

Users may visit our website and use it as often as they like without providing any information, however certain services provided via the website do require the processing of personal data.

The processing of personal data is performed by SurgeryWeb who act as Data Processors on behalf of the Practice and the Data Processing Agreement can be seen here: https://easthamgrouppractice.co.uk/data-processing-agreement

Contact Form

Our website contains a contact form which collects information such as your name, email address, telephone number and practice name. This information is used for the sole purpose of contacting you to answer any questions you may have about our services. By submitting the contact form online, you consent to the use of your details for this purpose.

Other Online Forms

Our website may also contain other online forms which collect information such as your name, date of birth, NHS number, address and postcode, telephone number, email address and other health related data. This information is used for the sole purpose of what the respective form is created for, and by submitting each form online, you consent to the use of your details for this purpose.

A data flow of the form submission process can be seen here: Data Flow

How patient information may be used for research

When you agree to take part in a research study, the sponsor will collect the minimum personally-identifiable information needed for the purposes of the research project. Information about you will be used in the ways needed to conduct and analyse the research study. NHS organisations may keep a copy of the information collected about you. Depending on the needs of the study, the information that is passed to the research sponsor may include personal data that could identify you. You can find out more about the use of patient information for the study you are taking part in from the research team or the study sponsor. You can find out who the study sponsor is from the information you were given when you agreed to take part in the study.

For some research studies, you may be asked to provide information about your health to the research team, for example in a questionnaire. Sometimes information about you will be collected for research at the same time as for your clinical care, for example when a blood test is taken. In other cases, information may be copied from your health records. Information from your health records may be linked to information from other places such as central NHS records, or information about you collected by other organisations. You will be told about this when you agree to take part in the study.

Even though consent is not the legal basis for processing personal data for research, the common law duty of confidentiality is not changing, so consent is still needed for people outside the care team to access and use confidential patient information for research, unless you have support under the Health Service (Control of Patient Information Regulations) 2002 (‘section 251 support’) applying via the Confidentiality Advisory Group in England and Wales or similar arrangements elsewhere in the UK

Your choices about health and care research

If you are asked about taking part in research, usually someone in the care team looking after you will contact you. People in your care team may look at your health records to check whether you are suitable to take part in a research study, before asking you whether you are interested or sending you a letter on behalf of the researcher.

In some hospitals and GP practices, you may have the opportunity to sign up to a register to hear about suitable research studies that you could take part in. If you agree to this, then research nurses, researchers or administrative staff authorised by the organisation may look at your health records to see if you are suitable for any research studies.

It’s important for you to be aware that if you are taking part in research, or information about you is used for research, your rights to access, change or move information about you are limited. This is because researchers need to manage your information in specific ways in order for the research to be reliable and accurate. If you withdraw from a study, the sponsor will keep the information about you that it has already obtained. They may also keep information from research indefinitely.

If you would like to find out more about why and how patient data is used in research, please visit the Understanding Patient Data website:

https://understandingpatientdata.org.uk/what-you-need-know

In England you can register your choice to opt out via the “Your Data Matters” webpage on the link below:

https://www.nhs.uk/your-nhs-data-matters/

If you do choose to opt out you can still agree to take part in any research study you want to, without affecting your ability to opt out of other research. You can also change your choice about opting out at any time.

To find out more about UK GDPR and using personal data for research, please visit the Health Research Authority website on the link below:

https://www.hra.nhs.uk/hra-guidance-general-data-protection-regulation/

How we store it

The Practice will retain your personal data as long as it is required for the purpose for which the data is collected. Any data submitted via online forms are also retained on the web hosting server for a period of time specified by the practice, default period is 30 days. Backups of this data is stored by SurgeryWeb for a maximum period of 14 days at which time this data is auto-deleted.

Your data is held on a server provided by Catalyst2 and you can see more about their infrastructure and security here – https://www.catalyst2.com/about-us/infrastructure/

The data centre is UK based and all data is encrypted when stored and in transit such as when you submit a form to us. This website is https-secured which means communication between the users web browser and the server hosting this website is encrypted and cannot be intercepted en-route, this can be verified by the padlock icon in the address bar.

Access to your information

In accordance with the Data Protection Act 2018, you have the right to request a copy of the information that we hold about you, if you would like a copy of some or all of your personal information, please contact the practice.

Erasure of Data (right to be forgotten)

You have the right to have your data erased if the personal data is no longer required for the purpose it was originally collected for, if we are processing the personal data for direct marketing purposes and you object to that processing, or if you believe we are processing your personal data unlawfully.

To request erasure of your personal data, please contact the practice.

Complaints about the handling of your data

If you have any issue with how your data is being processed, we would recommend you to contact us first, putting your complaint in writing to the practice. We take all complaints seriously and do our best to resolve them.

Under the EU General Data Protection Regulation 2016 you have the right to complain to the supervisory authority which in the UK is the Information Commissioners Office (ICO). You can find more details about how to do this on the ICO’s website here: https://ico.org.uk/make-a-complaint/

This policy was last updated on 04/06/2024.

Additional Information

NHS Digital Data Collection Policy

Carers

Healthwatch Wirral

Immunisations & Vaccinations

Non-NHS Services

Seafarers Medical Examination

Phlebotomy Service

Well Women Clinic

The Little Orange Book

Practice Newsletter

Patient Participation

Zero Tolerance

Feedback

Supporting Mental Health

Chronic obstructive pulmonary disease (COPD)

Research