Privacy Notice

Purpose of the document

This Privacy Notice has been prepared to meet the requirements of the General Data Protection Regulation (GDPR) (EU) 2016/679.The Notice explains your rights to privacy and how we gather, use and share information about you.

Who we are

Gossoms End Surgery is a General Practice operated by Dr Ojo-Aromokudu; which has entered into a contract with NHS England to provide General Medical Services for patients. We are registered with the Information Commissioner’s Office; Registration Number Z9202092.

Who is the data subject?

This Privacy Notice applies to all those who are or have in the past been registered patients of the Practice; and patients using the services of the Practice as Temporary Residents, or for immediately necessary treatment.

Who is collecting the data?

Personal data is collected by our clinical staff (doctors, nurses and health care assistants), other clinicians working with in the Practice (such as the midwife or dietician), receptionists and administrative staff.

Data Controller

Dr Ojo-Aromokudu, is responsible for the processes of data collection and  processing within the practice.

Data Protection Officer

Barry Moult has been appointed Data Protection Officer.

What data is being collected?

  • Data held by the practice includes:Name, address, NHS Number and phone number
  • Medications
  • Test results and investigations
  • Correspondence between healthcare professionals involved in your care
  • Clinical history
  • Emergency department treatment
  • Future and past appointments
  • Health plans and alerts
  • Mental health alerts and diagnoses
  • Social care information
  • Social care plan.

How will the information be used?

The use of personal information is integral to you receiving quality treatment and care. This will ensure:

  • Safer and faster treatment
  • Reduced duplication of tests and results
  • Reduced delays to treatment
  • Better informed clinical decision making

Will the data be shared with any third parties?

The people caring for you need to access about your health and care records in order to make the best decisions about your diagnosis, treatment and care. The organisations that could be involved in your care are:

  • General Practice Surgeries
  • Hospitals
  • Community Services
  • Out of Hours Services
  • Ambulance Services

What is the legal basis for processing the data?

In the majority of situations, our legal basis for processing the data is defined in the Lawful Basis for Processing Health and Social Care information Direct Care and administration relating to care General Data Protection Regulation (GDPR) – Article 6 (1)e

  • Necessary for the performance of a task carried out in the public interest or in the exercise of official authority

General Data Protection Regulation (GDPR) – Article 9 (2)h

  • Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and  safeguards referred to in Article 9 – paragraph 3

Health and Social Care Act 2012

Safeguarding For the purposes of safeguarding children and vulnerable adults, the following Article 6 and 9 conditions may apply: General Data Protection Regulation (GDPR) – Article 6 (1)e

  • Necessary for the performance of a task carried out in the public interest or in the exercise of official authority General Data Protection Regulation (GDPR) – Article 9(2)b
  • Necessary for the purposes of carrying out the obligations and exercising the
    specific rights of the controller or of the data subject in the field of …social
    protection law in so far as it is authorised by Union or Member State law..’

How long will the data be stored?

All information exchanged/viewed /shared is stored securely for as long as we need for the purposes described, destruction of records is carried out as per to the IGA Records Retention Schedule.

Your rights

You have the right to object how we process your personal information. You have the right to access, correct and restrict the information we use. You can tell your care provider if you don’t want them to make your information available to any partners. Your record will be updated accordingly and no information will be available to access. You can change your mind about opting out or at any time. Access to your information If you require a copy of your own information please contact the GP practice. Full details of your rights can be found on the Information Commissioner’s website

How can the data subject make an enquiry or raise a complaint?

An enquiry or complaint may be communicated in writing to the Data Protection Officer.
Barry Moult
Practice Manager
Gossoms End Surgery
Victory Road
Berkhamsted HP4 1DL
Patients also have the right to make a complaint to the Information Commissioner’s Office regarding breaches of confidentiality: