Privacy policy

Policy effective from : 1 June 2015

Policy review and updated : 22 May 2025

This privacy policy sets out how The Grantham Practice uses and protects any information that you give. If you wish to speak to someone about this privacy policy, just contact us at the practice and ask to speak with Jonathan Wilmshurst, our Patient Liaison.

The Grantham Practice is committed to ensuring that your privacy is protected. Any personally identifiable information we request of you will only be used in accordance with this privacy statement. The Grantham Practice may change this policy from time to time by updating this page.

The Grantham Practice exercises a legal duty to tell patients how their personal information will be used. This fulfils the specific requirement set out in the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) and is known as a “privacy notice”.

We collect the following information:

  • Contact information including your address, telephone number, email address
  • Your name, date of birth, NHS number
  • Name(s), contacts details of carers and next of kin
  • Demographic information such as location
  • We hold your medical record that contains clinical information about you so that we can provide you with safe care and treatment
  • Your ethnicity, gender, sexual orientation, religion which we used for equality monitoring.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our services. We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail. We may use the information to customise the website according to your interests. If you wish to opt out, please contact the practice.

Call Recording

All inbound and outbound calls at the Grantham Practice are recorded. This is done in line with our call recording policy and procedure.

When you call the practice, you will get an automated voice message announcing that calls are recorded.

Purpose of call recording

Lawful reasons for call recording are:

  • The individuals involved in the call have given consent to be recorded
  • Recording of the call is necessary for the fulfilment of a contract
  • Recording of the call is necessary for the fulfilment of a legal obligation
  • Recording of the call is necessary to protect the interests of the participants or another natural person
  • Recording of the call is in the public interest or necessary for the exercise of official authority
  • Recording of the call is in the legitimate interests of the recorder, unless the interests are overridden by the interests of those involved in the call

Recordings will automatically stop when the staff member terminates the call.

How the recordings are stored and for how long

Calls are routed through Surgery Connect X-On’s network. The calls are recorded and stored by X-ON. The recordings are kept in a secure environment on X-ON servers.

Call recordings will be retained for 6 years

Access to call recordings

Your data is only accessible by authorised personnel.

Call can only be accessed by the Practice Manager, the Assistant Practice Manager and the Partners of the Practice.

Other staff members can access their individual calls only.

Staff can access call recordings in the following circumstances:

  • For recollection of facts when dealing with patients, suppliers or other organisation who we need to call or who need to call our Practice.
  • To ensure that any request or agreement can be checked between parties
  • To ensure the Practice complies with its practice policies and procedures
  • Those reasons previously mentioned in the purpose of call recording

You do have a right to request a copy of your call recording in line with the practice’s procedures.

Our call recordings are protected from unauthorised access or use as follows:

  • Recordings are accessed by logging into a dedicated, password protected computer system.
  • All call recordings are encrypted and stored on a secure server system.
  • All staff members have restricted access to their own calls. Only the Practice Manager, Assistant Practice Manager and the Partners of the practice can access all calls made inbound and outbound.

CCTV

CCTV images are captured in the surgery and the immediate surrounding area outside the building.

How we use and share your information

We use information about you so that we can check and review the quality of care that we provide. It helps us to improve our services we deliver. To find out more about how we use your information you can visit  Records Management Code of Practice – NHS Transformation Directorate (england.nhs.uk) 

How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • Data Protection Act 2018 and General Data Protection Regulation 2018
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Health and Social Care Act 2012
  • NHS Codes of Confidentiality, Information Security and Records Management Information: To Share or Not to Share Review

Every member of staff who works for an NHS organisation has a legal obligation to keep information about you confidential.

We will only ever use or pass on information about you if others involved in your care have a genuine need for it.

We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), where the law requires information to be passed on and / or, in accordance with the new information sharing principle following Dame Fiona Caldicott’s information sharing review (Information to share or not to share) where “The duty to share information can be as important as the duty to protect patient confidentiality.”

This means that health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by the Caldicott principles. They should be supported by the policies of their employers, regulators and professional bodies.

Whom we share your information with

– We share your information with other health organisations who provide you with care. Examples of other organisations we share information with are:

  • Hospital NHS Trusts where you are referred to them by us,
  • Pharmacies where you have nominated for us to send your prescription to via the Electronic Prescribing Service [EPS]
  • Lambeth DataNet  – this is a service which uses anonymised patient data to analyse healthcare provision and trends in the local area
  • NHS Digital National Database –  If you receive NHS services this database holds information about you. The information held will include your name, date of birth, NHS number, address, telephone number or mobile and your email address etc.
    • They do not have access to any data about any care that you have received.To find out more information about NHS Database and the information it holds, visit their website at https://digital.nhs.uk/ or call them on 0300 303 5678
  • Your consent is given. We share your information with organisations / person(s) where you have given us consent to do so.
    • E.g. for an insurance report, at the request of your solicitor, in the event of relative acting on your behalf.
  • Where we are legally required to eg if required by court order or where child safeguarding is concerned and if required as important for public health

We may also legally be required to share your information with the following organisations:

  • NHS Trusts / Foundation TrustsGP’s
  • NHS Commissioning Support Units
  • The London Care Record
  • Lambeth access Hubs – http://www.lambethgpaccesshubs.co.uk/
  • NHS national database managed by NHS Digital https://digital.nhs.uk/
  • Summary Care Records – https://digital.nhs.uk/services/summary-care-records-scr
  • Independent Contractors that also provide you with healthcare, e.g. dentists, opticians, pharmacists etc
  • Clinical Commissioning Groups
  • Social Care Services
  • Health and Social Care Information Centre (HSCIC)
  • Local Authorities
  • Ambulance Trusts
  • Education Services
  • Fire and Rescue Services
  • Police & Judicial Services
  • Voluntary Sector Providers
  • Private Sector Providers

There are some circumstances where we will share information about our employees with other organisations. In these circumstances we do not need their permission to share such data. These organisations are the Disclosure and Barring Service, HMRC, DWP, Home Office

We will not:

Share any identifiable information about you with anyone that is not involved with your healthcare without your express consent.

Opting out of Data Collection

Please contact us directly to opt out

Alternatively, you can log onto https://www.nhs.uk/your-nhs-data-matters/ to opt out.

You will need your NHS number and your email address or telephone number which is kept on your GP records. You can also use the helpline to submit your choice. The number is 0300 303 5678. If you want a paper form to register your choice, click on https://www.nhs.uk/your-nhs-data-matters/manage-your-choice/other-ways-to-manage-your-choice/

Summary Care Record (SCR)

We share your information with organisations that are involved in your healthcare through something called the London Care Record [LCR]. For more information go to https://www.thegp.london/medical-records/

A summary of your data will automatically upload to your SCR unless you opt out.

To confirm if you have opted in or out, please contact the practice directly

For more information about the SCR please follow these links:

 https://www.thegp.london/medical-records /

Records Management Code of Practice – NHS Transformation Directorate (england.nhs.uk) 

To opt out, contact us.

Your rights

You have the right to:

  • Access to your personal data or be provided with a copy of your information.
  • Access your data online. Accessing your data online will enable you to view your medical records.  You will need to complete an application form for this to be set up for you. Please speak with our reception team.
  • Receive a copy of your medical records. If you want a copy of your medical records you will need to complete a Subject Access Request application. For more information about this you can visit: https://www.nhs.uk/using-the-nhs/about-the-nhs/how-to-access-your-health-records/  There is no fee for this but you may be charged for repetitive requests.
  • Discuss with a healthcare professional any mistakes or errors you find in your record.

Rights to object

You have the right to object to information being shared about you with other providers of health care – however please note this may affect any care you receive so please contact us to discuss

Information Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Retention of records

Your records are kept for a certain period of time. For further information about this please visit:  Records Management Code of Practice – NHS Transformation Directorate (england.nhs.uk)

Right to complain

Should you have any concerns about how your information is managed by the Practice please contact the Practie Manager, Annie England, at the following address:

The Grantham Practice, 275-277 Clapham Road, London, SW9 9BH

Tel: 0207 733 6191

Email: contact@thegp.london

If you are still unhappy following a review by the Practice you can then complain to the Information Commissioners Office (ICO). www.ico.org.uk , casework@ico.org.uk  telephone: 0303 123 1113 (local rate) or 01625 545 745

Who is the Data Controller?

The Data Controller is the Grantham Practice. The staff responsible for keeping your information secure and confidential is the Practice Manager, Annie England who can be contacted at:

The Grantham Practice, 275-277 Clapham Road, London, SW9 9BH.

Tel: 020 7733 6191 or email at the contact@thegp.london

Our Data Protection Officer is the NEL Commissioning Support Unit [CSU]

Lawful basis for processing

These purposes are supported under the following sections of the GDPR:

Article 6(1)(e) necessary for the performance of a task carried out in the public interest or in the exercise of official authority; and

Article 9(2)(h) necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

Healthcare staff will also respect and comply with their obligations under the common law duty of confidence. https://www.health-ni.gov.uk/articles/common-law-duty-confidentiality

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so.

You may request details of personal information which we hold about you under the Data Protection Act 2018.¶There is no charge for this information.If you would like a copy of the information held on you please contact the practice:

If you believe that any information we are holding on you is incorrect or incomplete, please let us know. We will promptly correct any information found to be incorrect.

Alternative ways that we can provide this privacy policy and others

  • Orally, face to face or when you phone the practice. We can arrange for you to speak with someone
  • We can provide privacy policy as a paper document. We can arrange for a privacy policy to be printed in large print if you need it. If you would like a paper copy of a privacy notice, please write to the practice via post or email. Alternatively, you can print this off of the website.