Farleigh Clinic aims to meet the requirements of the Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), the guidelines of the UK Information Commissioner’s website, as well as our professional commitments, guidelines and requirements.
The data controller at Farleigh Clinic is:
The Information Governance Lead is:
The Data Protection Officer is:
This Notice is available on the practice website at www.farleighclinic.co.uk/dataprotection.html, at Farleigh Clinic's reception, or by request via email if you contact email@example.com or by calling 020 8657 4477.
1. Personal data that we hold:
In order to provide our patients with the highest standard of care, we need to hold certain personal information about you. You will be asked to provide certain personal information when joining the practice. The purpose of us processing this data is to provide optimal care to you.
This personal data includes:
The categories of data we process in relation to our patients are:
We never pass, sell, rent or lease your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual’s permission before the referral is made and the personal data is shared
Lawful basis for processing special category data such as patients’ health data:
Lawful basis for processing personal data such as name, address, email or phone number:
2. Why we hold information about you:
We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate care. Although Farleigh Clinic is an independent private clinic, we also need to process personal data about you in order to provide care should we need to refer patients to an NHS resource such as hospital, clinical specialist or other specialised resource.
3. How we process personal data that we hold about you:
The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Record Retention (M 215) procedure available from the practice.
You have the following personal data rights:
Further details of these rights can be seen in our Information Governance Procedures (M 217C) or at the Information Commissioner’s website (link: https://ico.org.uk/for-
Here are some practical examples of your rights:
4. Security of information
Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not available or accessible to the public. Access is strictly controlled -
Our website management partner does not have access to the practice's computer system or manual filing system. Any data requests made to our website management partner for patient information or personal data will be referred to the practice team for consideration or actioning.
Our website exists as a completely separate system to the practice's computer system.
Our website management partner may on occasion interact with a correspondent on our behalf in non-
5. Information Disclosure
In order to provide professional and safe care, we may need to disclose personal information about you to any of the following:
6. Comments, suggestions and complaints regarding data processing:
Please contact our designated Data Protection Officer, [name], at the practice for a comment, suggestion or a complaint about your data processing at firstname.lastname@example.org or 020 8657 4477 or by writing to or visiting the practice at 10 Old Farleigh Road, Selsdon, South Croydon, Surrey, CR2 8PB. We take all complaints very seriously.
If you are not happy with our response to a request or enquiry, or if you require advice, you should contact the Information Commissioner’s Office (ICO). The ICO's telephone number is 0303 123 1113, and you can also chat with an advisor online at the ICO website. The ICO are able to investigate claims and take action against individuals or organisations that are found to have misused personal data. You can also visit their website for information on how to make a data protection complaint. The ICO website can be accessed at https://ico.org.uk/.