Bramley Village Health and Wellbeing Centre

Middleton Park GP Surgery

Cottingley GP Surgery

Opening hours Monday to Friday (8am to 6.30pm)

Bramley Village Health and Wellbeing Centre

Middleton Park GP Surgery

Cottingley GP Surgery

Opening hours Monday to Friday (8am to 6.30pm)

Your privacy matters

 

Bramley Health and Wellbeing Centre Ltd, company no. 12097885 ('the Practice'), is the employer of our clinical staff and the contract holder for the following NHS contracts:

 

GMS Services (GP Surgery services at the locations listed at the bottom of this page)

 

The Practice's non-clinical staff and management services are provided by Reimagining General Practice Health Support Services Ltd.

 

At our Practice, we are committed to delivering services that enable patients to lead longer, healthier, and more fulfilling lives. We prioritize privacy and strive to be at the forefront of primary healthcare concerning GMC ethical standards and data protection standards outlined in General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA).

 

The commissioner of our services is our local NHS Integrated Care Board, whose details are at the bottom of this page.

 

Our Practice is the data controller responsible for managing your personal data when you are registered as a patient with us.

 

Key Data Protection Information

 

Data Protection Lead: Mr. Methven Forbes is the primary person responsible for data protection and security at the Practice.

 

Contact Information for queries or concerns regarding your data is found at the bottom of this page. 

 

Practice Responsibilities

 

Data Usage by Other NHS Services: The Practice is not liable for the use of your personal data by other NHS services or organisations. Each NHS entity is responsible for ensuring the accuracy and lawful use of the data they manage. Complaints about data use by other NHS services should be directed to the specific NHS service or organisation involved.

 

Services and Digital Tools

 

The organisation offers various services accessible both at our physical locations and digitally via our website and smartphone app.

 

Website and App Usage: This policy outlines the use of personal data across our NHS services and digital platforms, including thiswebsite and app. References to our "App" include related content on our website.

 

Policy Overview

 

This policy details how we handle your personal data to ensure transparency and control on your part:

 

Updates to the Policy: We periodically review and may update this policy. Significant changes will be communicated to you, and you will have the opportunity to review such changes. Continued use of our services after updates implies acceptance of the revised policy.

 

Contents of the Policy:

 

  • Who We Are
  • Personal Data We Hold and Its Sources
  • Purposes for Processing Your Personal Data
  • Sharing Your Personal Data
  • Data Retention Practices
  • Data Security Measures and Data Transfers
  • Your Rights Concerning Your Personal Data

 

For any additional questions about our data processing practices, or to get in touch with our Data Protection Officer, please write to Mr. Methven Forbes at the address provided above.

 

This comprehensive framework ensures that your personal information is managed responsibly and in compliance with applicable laws, providing clarity on how your data is used and safeguarded.

 

Who we are

 

Our healthcare services are delivered by the Practice. When you receive services from us, your relationship is with the Practice, which operates the contracts at the sites listed above. For clarity and to ensure proper data processing, these services may be conducted at any location deemed necessary by the Practice.

 

When this policy refers to 'the Practice', 'us', or 'we', it encompasses all services provided by us. This includes services conducted at any of our practice sites or any other location used by the Practice to facilitate healthcare delivery under the terms of our contracts.

 

What personal data we hold and how we get it

 

We use the following categories of personal data:

 

Personal Details


When you register with us, you complete forms (either online or in paper format) and provide us with basic information about yourself, such as your name, date of birth, physical address, and email address. You will also provide a copy of your identification for ID checks carried out by one of our commercial partners (for example, we use software called SystmOne or EmisWeb to maintain patients' medical records). We use our own support services company, "Reimagining General Practice Health Support Services Ltd," which is wholly owned by the owners of The Practice and Reimagining General Practice GPMS Services Ltd.

 

Health and Medical Information


The primary type of information we hold about you is health and medical information, which includes details about your health, symptoms, treatments, consultations, medications, and procedures. This includes:

Records of your consultations with our doctors and other clinicians.

Interactions with our digital services and non-clinical staff.

Medical history received from your previous GP if you use our NHS services.

 

If you register as a temporary patient and have given consent, we will send the consultation notes taken during your use of our private service to your NHS GP. For minors, we share such notes in line with medical guidelines, without requiring consent. All correspondence we receive from you is uploaded electronically to your medical record held on Emis Web as relevant.

 

For video consultations, we retain recordings to provide you with the option to re-watch them at your convenience, ensure high-quality care, and improve our services with your consent. These recordings are held securely in accordance with our retention policy and are accessible through the App once the service is live.

 

Financial Information


For transactions made via our App or website, such as medical examinations for an HGV licence, your credit/debit card details are processed directly by a third-party processor that stores all payment information and transaction details. We retain only the transaction details on our secure servers and do not keep your credit or debit card information.

 

Technical Information and Analytics


When using our App or website, we may automatically collect the following information (where permitted by your device settings):

 

Technical information, including the IP address, login details, system and operating system type and version, browser or app version, time zone setting, and platform.

Information about your visit, including the services you viewed or used, App response times, interaction information (such as button presses), and any phone number used to call our customer service number.

 

We partner with third parties to provide analytics and advertising services for our services only (not for third-party advertising). This helps us understand user interactions, provide advertisements on the internet, and measure the performance of our services and adverts. Cookies and similar technologies may be used to collect this information.

 

Our website uses cookies to enhance your browsing experience. Details on how to manage your settings are available on our website

 

Information Obtained from Third-Party Services


You may choose to link your accounts from other providers (such as social media platforms) to your account with us. This can simplify the creation of your account. If you do this, we will receive limited information from those providers, such as your email address, name, and other sign-up-related details.

 

Your personal data

 

Your medical record is owned by the Secretary of State for Health. You have the right to ensure that information held about you is accurate. However, you do not have the right to decide what information is held about you, provided that the information held is relevant to: the provision of health care, our legal and statutory obligations, our regulatory obligations, or as determined by the clinical or non-clinical staff member who has interacted with you. Your medical record may also hold details, including contact details, of your next of kin and family members, carers, individuals, and organisations who have provided you with care, or any other information deemed necessary by the Practice. This does not mean that such individuals and organisations have the right to view or obtain your personal medical record, nor does it mean that the Practice has the right to share your medical record with such individuals and organisations, except where it is lawful to do so. It is a condition of your registration that you accept we will hold all relevant information about you and about individuals and organisations as described above, and your registration with the Practice will be deemed as acceptance of your agreement to this condition.

 

The purposes for which we use your personal data and the legal grounds on which we do so are as follows:

 

We obtain and use your personal details and financial details to establish and deliver our contract with you. We obtain and use your medical information because it is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous NHS GP if you use our GP service (in the same way that any GP practice would receive your medical history if they become your NHS GP). It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your GP, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and diagnosis centres chosen by you for the purpose of imaging request forms. Where you have provided explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address, and contact details) to improve our healthcare products and services so that we can deliver better healthcare to you and other patients.

 

This medical information (de-identified as described above) may include your medical record (both records received and created by us), transcripts, and recordings of your consultations, and your interactions with any of our services, such as our online consultations. This involves improving our services and software to deliver a better experience to you and other patients and help achieve our aim of enabling patients to live longer and healthier lives that are full, active, and meaningful. Strict confidentiality and data security provisions apply at all times. We may obtain and use data about your precise location where you give your consent (by providing us access to your location), for example, to help direct you to the nearest pharmacy. We may also derive your approximate location from your IP address. We use your email address and/or phone number to contact you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you, subject to your right to opt out at any time. Based on our legitimate interest in managing and planning our business, we may analyze data about your use of our services to, for example, troubleshoot bugs within the App or website, forecast demand for service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you - it is only about improving our App or website so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.

 

We may use your contact details to send you health-related information or notifications about our services. You have the right to opt out of receiving such communications at any time.

 

Sharing your personal data with others

 

We may share your personal data with our partners (such as Reimagining General Practice Health Support Services or other services we have outsourced or subcontracted to) to help us deliver our services to you.

 

We may share your data with healthcare providers, consultants, insurance companies, and IT service providers to support your medical care. Data shared will be strictly on a need-to-know basis and compliant with GDPR.

 

We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR.

 

Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us. We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service.

Where you access our services through another health provider (including your employer) we may share with such partner your name, date of birth, email address, location, and the fact you have registered/used the service (and any other similar information).

 

Communications Risks

 

If you consent to us contacting you by text message or email following an e-consultation or other consultation, please be aware that there are risks associated with electronic communications, including but not limited to:

 

Emails and text messages can be circulated, forwarded, and stored in paper and electronic files.

Backup copies may exist even after the sender or the recipient has deleted their copy.

These messages can be intercepted, altered, forwarded, or used without authorization or detection.

They can introduce viruses into computer systems and phone systems.

 

If any of the above risks concern you, you should not consent to communication via email or text messages from us. If you do consent, ensure that the email address or mobile number you provide is your personal one.

 

Retention periods

 

We retain your medical records in accordance with national best practice guidelines, specifically following advice provided by the Department of Health in the "2006 Records management: NHS code of practice" and the summary guidance issued by the British Medical Association. Below is a summary of our retention policy, but please note that records may be retained for different periods if required by law or regulation.

 

GP Records Retention Period

 

GP records are retained for 10 years after a patient's death or after the patient has permanently left the country, unless the patient remains within the European Union.

For children, if the illness or death could potentially be relevant to adult conditions or could have genetic implications for the family, clinicians may advise retaining the records for a longer period.

Electronic Patient Records (EPRs) must not be destroyed or deleted for the foreseeable future.

 

Maternity Records Retention Period

 

Maternity records are retained for 25 years after the birth of the last child.

 

Records Relating to Mental Health Treatment Retention Period

 

Records of persons receiving treatment for a mental disorder, as defined by mental health legislation, are retained for 20 years from the date of the last contact, or 10 years after the patient’s death if this occurs sooner.

 

This retention policy ensures that we handle your medical records responsibly and in compliance with relevant health care regulations and legal requirements. If you have any questions about our records retention policy, please feel free to contact us.

 

Data Storage, Security, and Transfers

 

We do not store your personal health data on your mobile device. All your personal health data, including your primary care information, medication information, and diagnostic information, are stored on secure servers (such as those used to store your main medical record). If you have chosen a password to access certain parts of our App or website, it is essential that you keep this password confidential. We urge you not to share your password with anyone.

 

We do not store any credit or debit card information. Payments are processed through a third-party payment provider that complies with Level 1 Payment Card Industry (PCI) data security standards. All payment transactions are encrypted using SSL technology. We employ encryption to protect data transmitted to and from our App or website. Upon receiving your information, we implement strict procedures and security features designed to prevent unauthorized access. We take all reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy policy.

 

Your data may be processed or stored in locations outside of the UK and the European Economic Area (EEA); however, such processing or storage will always comply with data protection law. This includes the use of mechanisms that legally transfer data across borders and are subject to stringent safeguards. For example, we collaborate with third parties who assist in delivering our services, and their servers may be located outside the UK or EEA. If we transfer your data outside the UK or EU, we ensure similar protection and take appropriate safeguards to secure your data.

 

For patients who use Emis Web online (also known as Patient Access or Patient Access Online) or SystmOne online, the company that owns SystmOne is responsible for its data security and protection. SystmOne is the clinical system we use to record your health records; it can be accessed by us during consultations and by you online if you are registered for this service.

 

We will notify you and any applicable regulator of a suspected data security breach as required by law

 

For more details on the data security standards utilized by SystmOne, click here.

 

For more details on the data security standards utilized by EmisWeb, click here.

 

Your Rights

 

As noted, whenever we rely on your consent to process your personal data, you have the right to withdraw that consent at any time through the privacy settings in the App or website.

 

You also have specific rights under the GDPR and DPA, which include:

 

Withdrawal of Consent: You may withdraw consent at any time via the privacy section of our App or website.

 

Access to Information: You have the right to request a copy of the information we hold about you. You can access recordings of your appointments and other medical notes via the App or website.

 

Rectification: You may ask us to correct incorrect information we hold about you.

 

Erasure: You may ask us to erase information where permissible, which is subject to limitations due to our obligations to retain medical records for prescribed periods or if the information is deemed relevant by the Practice.

 

Restriction and Objection: You may ask us to restrict processing your personal data or object to processing.

 

Data Portability: You can request your data be provided in a portable format.

 

Additionally, you may contact the Information Commissioner's Office (ICO), the data protection regulator in the UK, at:

 

Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113 (local rate)

 

For any further questions or concerns, please contact us. We are committed to protecting your privacy and ensuring the secure management of your personal information.