Marine Lake Health & Wellbeing Centre, Orrysdale Road, West Kirby, Wirral, CH48 5AA
Telephone: 0151 625 9171
Protected Learning Time (PLT) PCN Training 22/11/23 The Transgender Support Service Patient Q&A How our appointment system works Next PPG meeting – Travel Imms update Appointment data Child immunisations Planned closure days for training this year
Our website may contain links to other websites, which are provided for your convenience. We are only responsible for the privacy practices and security of this website and not external websites. You should therefore check any other linked website’s privacy policies.
This policy may be subject to change, so you are advised to check our website regularly for any further changes.
You can access our home page and browse our site without disclosing any personal or company data except for information automatically collected by cookies that we use.
Cookies on this website
Who are we?
We are SurgeryWeb, our core business is providing customised websites for medical centres and doctor’s surgeries, primarily within an NHS framework.
How the Law Protects You
Data protection laws (GDPR) state that we are only able to process personal or company data if we have valid reasons to do so. The basis for processing your personal or company data includes, but is not limited to, your consent, performance of a contract, to enable billing and to contact you for customer service purposes.
How Do We Collect Personal or Company Data From You?
We receive information about you, when you use our website, complete registration forms on our website and if you contact us by phone, email or otherwise in respect of any of our services.
Secure Hosting Facilities
This website is provided by SurgeryWeb and hosted by either TMZVPS within a UK data centre located in Maidstone, Kent, UK or a cloud based server provided by Amazon Web Servers (AWS).
Some of the data centre’s more notable security features are as follows:
Your personal or company data may automatically be collected when you use our website, including but not limited to, your IP address, device-specific information, server logs, device event information and location information.
What Type of Data Might We Collect From You?
The personal or company data that we may collect from you may include your name, address, email address, phone numbers and medical information submitted by online forms.
We may also retain records of your enquiries and correspondence, in the event you contact us.
How Do We Use Your Data?
We may use information about you in the following ways:
We shall retain your data only for as long as necessary in accordance with applicable laws. Third party information, relating to patients, may be retained for up to 30 days only.
We assure you that your data shall only be used for the purposes stated herein.
Who Has Access to Your Personal or Company Data?
We process your data for administration, billing, support and the provision of services. Management and officers of SurgeryWeb may have access to your data for the process of conducting business related activities only.
We do not sell, rent or share your personal or company data to third parties for marketing, advertising or any other purposes.
We will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal or company data is secure and will not be used for any marketing purposes by any third parties.
We may need to share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal or company data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings.
Similarly, we may share your personal or company data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of SurgeryWeb, or others.
Under data protection legislation (GDPR), you have several rights regarding the use of your personal or company data, as follows:
The Right of Confirmation and Access
You have the right to obtain confirmation from the data controller appointed by SurgeryWeb, as to whether or not personal or company data concerning you is being processed or stored. You also have the right to request a copy of this information. You have the right to be informed of the appropriate safeguards relating to any transfer of your data to any international company.
Right to Rectification and Erasure (Right to be Forgotten)
You have the right to ask us to correct any inaccurate data or to complete any incomplete personal or company data that we may hold. You have the right to request that we erase your personal or company data without delay where one of the statutory grounds applies, so long as the processing is not necessary. If you request us to erase your personal or company data, then this means that our business relationship with you will end as we cannot provide our service without processing your data.
Right of Restriction of Processing/Right to Object
You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal or company data concerning you. You also have the right to restrict the processing of your personal or company data under certain circumstances, including if you have contested its accuracy and while this is being verified by us, or if you have objected to its processing and while we are considering whether we have legitimate grounds to continue to do so.
Right of Data Portability
You have the right for certain data you have given us to be provided to you in a structured and commonly used electronic format (for example, a MS document, XLS file), so that you can move, copy or transfer this data easily to another data controller. You may also request that we transmit this data directly to another organisation where it is practical for us to do so.
Automated Individual Decision-Making, Including Profiling
You have the right not to be subjected to a decision, based solely on automated processing, including profiling. We do not process any personal or company data in this way.
How to Exercise Your Rights
If you wish to contact us in respect of any of your rights as described above, please contact the Practice – We will respond to your request free of charge and usually within 30 days.
How to Complain About the Use of Your Data
If you wish to complain about how we have handled your personal or company data, including any of the rights outlined above, please contact the Practice.
Accessing and Updating Your Data
You must ensure all your details, including but not limited to, name, address, phone number and email address are kept up to date at all times. All changes should be notified to us directly.
Where We Store Your Personal or Company Data
All information you provide to us is stored on our secured, GDPR compliant system, which is protected by firewalls and anti-virus software programs. From time to time, your information may be transferred to and stored on other storage media and kept securely at our business premises. By providing your data to us, you agree to this transfer and storage.
Please note: As the transmission of information via the internet and email is not completely secure, we cannot guarantee the security of your data during transmission, therefore any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
All sensitive data are encrypted and fully protected.
We agree to take all reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions.
In the event of a data breach, we shall ensure that our obligations under applicable GDPR data protection and UK Privacy laws are complied with, which may include, and is not limited to, notifying the Relevant Supervisory Authority.
Please contact us with any questions or comments you have about privacy issues.
Data Protection Officer
We have appointed a Data Protection Officer to ensure that we continuously process your personal or company data in an open, accurate and legal manner. If you have any questions about the processing of your personal or company data, please contact our Data Protection Officer at the Practice.
Your Right to Make a Complaint
You have the right to make a complaint about how we process your personal or company data to: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
This notice was last updated on 20/09/2022. Should any information provided within this policy be subject to change then this page will be updated to reflect any changes in the law or our privacy practices. However, we will not use your personal or company data in any new ways without your prior consent.
All requests for information relating to your personal or company data and how we use and process this data will be provided free of charge.
Health Innovation North West Coast Privacy Notice for Acute Respiratory Infection Project – Marine Lake & Estuary Medical Centre
This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.
You can find more detailed information about how we use your information for the following specific purposes here:
· The data will be used for your direct care
· The data will also be used in a project to review if better care can be provided by conducting a test when you visit your surgery with influenza-like symptoms
Our contact details
Name: Health Innovation North West Coast
Address: Vanguard House, Sci-Tech Daresbury, Keckwick Lane, Daresbury WA4 4AB
General phone number: 0151 254 3400
General inquiries email address: firstname.lastname@example.org
Data Protection Officer contact details
Our Data Protection Officer is Tony Woods and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at email@example.com
Controller contact details
Your GP Surgery
The controller is:
Name: Marine Lake & Estuary Medical Centre
Address: Marine Lake Health & Wellbeing Centre, Orrysdale Road, West Kirby, Wirral, CH48 5AA
Phone number: 0151 625 9171
How do we get information and why do we have it?
The personal information we collect is provided directly from you for one of the following reasons:
● you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care
We also receive personal information about you indirectly from others, in the following scenarios:
● from other health and care organisations involved in your care so that we can provide you with care
What information do we collect?
We currently collect and use the following personal information for this project:
● First part of your postcode
More sensitive information
We process the following more sensitive data (including special category data):
● data revealing racial or ethnic origin
Who do we share information with?
We may share information with the following types of organisations:
● third party data processors (such as IT systems suppliers)
● planners of health and care services (such as Integrated Care Boards)
In some circumstances we are legally obliged to share information. This includes:
● when required by NHS England to develop national IT and data services
● when reporting some infectious diseases
● when a court orders us to do so
● where a public inquiry requires the information
We will also share information if the public good outweighs your right to confidentiality. This could include:
● where a serious crime has been committed
● where there are serious risks to the public or staff
● to protect children or vulnerable adults
We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality. These purposes will include to comply with the law and for public interest reasons.
Is information transferred outside the UK?
No. Our data is hosted in the UK and is only available to our staff and technical support staff in the UK.
What is our lawful basis for using information?
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:
· We have your consent – this must be freely given, specific, informed and unambiguous.
More sensitive data
· Archiving, research and statistics (with a basis in law).
Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):
· For Archiving, research and statistics (with a basis in law).
Common law duty of confidentiality
In our use of health and care information, we satisfy the common law duty of confidentiality because:
● you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
How do we store your personal information?
Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:
● securely dispose of your information by shredding paper records and wiping hard drives to legal standards of destruction.
● Your data will be aggregated with data from other patients to create anonymised reports.
What are your data protection rights?
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information (known as a subject access request).
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
National data opt-out
● we not are applying the national data opt-out because we are not using confidential patient information for planning or research purposes
The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
● improving the quality and standards of care provided
● research into the development of new treatments
● preventing illness and diseases
● monitoring safety
● planning services
This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.
Whenever possible data used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.
You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
How do I complain?
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com
Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.
The ICO’s address is:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Date of last review
25th January 2024