Marine Lake & Estuary Medical Practice

Marine Lake Health & Wellbeing Centre, Orrysdale Road, West Kirby, Wirral, CH48 5AA

Telephone: 0151 625 9171

We're open

Privacy Policy

Privacy Policy Statement (GDPR Compliant)

Introduction

This Privacy Policy Statement explains what personal or company data we may collect and how we might use your data. It also explains reasons we may need to disclose your personal or company data to others and how we store your data securely.

Our website may contain links to other websites, which are provided for your convenience. We are only responsible for the privacy practices and security of this website and not external websites. You should therefore check any other linked website’s privacy policies.

This policy may be subject to change, so you are advised to check our website regularly for any further changes.

You can access our home page and browse our site without disclosing any personal or company data except for information automatically collected by cookies that we use.

Cookies on this website

We may send a small file to your computer when you visit our website. This will enable us to identify you on future visits and to track your movement within it for ‘user-friendly’ development purposes. We may use cookies to collect and store data and to link information stored by them with the personal or company data you supply to us.

Except for the use of cookies, we only collect information you specifically provide to us. You can set your computer browser to reject cookies, but this may impede your use of certain parts of this website.

Who are we?

We are SurgeryWeb, our core business is providing customised websites for medical centres and doctor’s surgeries, primarily within an NHS framework.

How the Law Protects You

Data protection laws (GDPR) state that we are only able to process personal or company data if we have valid reasons to do so. The basis for processing your personal or company data includes, but is not limited to, your consent, performance of a contract, to enable billing and to contact you for customer service purposes.

How Do We Collect Personal or Company Data From You?

We receive information about you, when you use our website, complete registration forms on our website and if you contact us by phone, email or otherwise in respect of any of our services.

Secure Hosting Facilities

This website is provided by SurgeryWeb and hosted by either TMZVPS within a UK data centre located in Maidstone, Kent, UK or a cloud based server provided by Amazon Web Servers (AWS).

Some of the data centre’s more notable security features are as follows:

  • Security: on-site officers, CCTV, key card controls
  • Pre-action fire suppression systems
  • 24-hour data centre monitoring
  • 24-hour Operations Support Centre
  • Diesel back-up generators
  • Full details of TMZVPS’s data centre can be found here.
  • All traffic (including transferral of files) between our website and your browser is encrypted and delivered over HTTPS.

Your personal or company data may automatically be collected when you use our website, including but not limited to, your IP address, device-specific information, server logs, device event information and location information.

What Type of Data Might We Collect From You?

The personal or company data that we may collect from you may include your name, address, email address, phone numbers and medical information submitted by online forms.

  • IP address (automatically collected)
  • Web browser type and version (automatically collected)
  • Operating system (automatically collected)
  • A list of URLs starting with a referring Site, your activity on this Site, and the Site you exit to (automatically collected)
  • Personal or company data submitted via a contact form or email link is emailed to the Practice and stored in a Content Management System (CMS) database or on the server that this website is hosted upon. This information is only accessible by authorised employees of the Practice or SurgeryWeb developers, and will auto-delete after 30 days.

We may also retain records of your enquiries and correspondence, in the event you contact us.

How Do We Use Your Data?

We may use information about you in the following ways:

  • To provide you with access to our services.
  • To comply with our contractual obligations we have with you.
  • To help us identify you and any accounts you might hold with us.
  • To enable us to review, develop and improve our website and services.
  • To provide customer care, including responding to your requests if you contact us.
  • To notify you about any changes to our website and services.
  • To provide you with information about services that you request from us, or where you have consented to be contacted for such purposes.
  • To inform you of any new service or price changes.

Retention Periods

We shall retain your data only for as long as necessary in accordance with applicable laws. Third party information, relating to patients, may be retained for up to 30 days only.

We assure you that your data shall only be used for the purposes stated herein.

Who Has Access to Your Personal or Company Data?

We process your data for administration, billing, support and the provision of services. Management and officers of SurgeryWeb may have access to your data for the process of conducting business related activities only.

Third Parties

We do not sell, rent or share your personal or company data to third parties for marketing, advertising or any other purposes.

We will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal or company data is secure and will not be used for any marketing purposes by any third parties.

We may need to share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal or company data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings.

Similarly, we may share your personal or company data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of SurgeryWeb, or others.

Your Rights

Under data protection legislation (GDPR), you have several rights regarding the use of your personal or company data, as follows:

The Right of Confirmation and Access

You have the right to obtain confirmation from the data controller appointed by SurgeryWeb, as to whether or not personal or company data concerning you is being processed or stored. You also have the right to request a copy of this information. You have the right to be informed of the appropriate safeguards relating to any transfer of your data to any international company.

Right to Rectification and Erasure (Right to be Forgotten)

You have the right to ask us to correct any inaccurate data or to complete any incomplete personal or company data that we may hold. You have the right to request that we erase your personal or company data without delay where one of the statutory grounds applies, so long as the processing is not necessary. If you request us to erase your personal or company data, then this means that our business relationship with you will end as we cannot provide our service without processing your data.

Right of Restriction of Processing/Right to Object

You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal or company data concerning you. You also have the right to restrict the processing of your personal or company data under certain circumstances, including if you have contested its accuracy and while this is being verified by us, or if you have objected to its processing and while we are considering whether we have legitimate grounds to continue to do so.

Right of Data Portability

You have the right for certain data you have given us to be provided to you in a structured and commonly used electronic format (for example, a MS document, XLS file), so that you can move, copy or transfer this data easily to another data controller. You may also request that we transmit this data directly to another organisation where it is practical for us to do so.

Automated Individual Decision-Making, Including Profiling

You have the right not to be subjected to a decision, based solely on automated processing, including profiling. We do not process any personal or company data in this way.

How to Exercise Your Rights

If you wish to contact us in respect of any of your rights as described above, please contact the Practice – We will respond to your request free of charge and usually within 30 days.

How to Complain About the Use of Your Data

If you wish to complain about how we have handled your personal or company data, including any of the rights outlined above, please contact the Practice.

Accessing and Updating Your Data

You must ensure all your details, including but not limited to, name, address, phone number and email address are kept up to date at all times. All changes should be notified to us directly.

Where We Store Your Personal or Company Data

All information you provide to us is stored on our secured, GDPR compliant system, which is protected by firewalls and anti-virus software programs. From time to time, your information may be transferred to and stored on other storage media and kept securely at our business premises. By providing your data to us, you agree to this transfer and storage.

Please note: As the transmission of information via the internet and email is not completely secure, we cannot guarantee the security of your data during transmission, therefore any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

All sensitive data are encrypted and fully protected.

Liability

We agree to take all reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions.

Data Breaches

In the event of a data breach, we shall ensure that our obligations under applicable GDPR data protection and UK Privacy laws are complied with, which may include, and is not limited to, notifying the Relevant Supervisory Authority.

Contact Us

Please contact us with any questions or comments you have about privacy issues.

Data Protection Officer
We have appointed a Data Protection Officer to ensure that we continuously process your personal or company data in an open, accurate and legal manner. If you have any questions about the processing of your personal or company data, please contact our Data Protection Officer at the Practice.

Your Right to Make a Complaint

You have the right to make a complaint about how we process your personal or company data to: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en

This notice was last updated on 20/09/2022. Should any information provided within this policy be subject to change then this page will be updated to reflect any changes in the law or our privacy practices. However, we will not use your personal or company data in any new ways without your prior consent.

All requests for information relating to your personal or company data and how we use and process this data will be provided free of charge.

 

 

 

Health Innovation North West Coast Privacy Notice for Acute Respiratory Infection Project – Marine Lake & Estuary Medical Centre

 

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

You can find more detailed information about how we use your information for the following specific purposes here:

· The data will be used for your direct care

· The data will also be used in a project to review if better care can be provided by conducting a test when you visit your surgery with influenza-like symptoms

 

Our contact details

Name: Health Innovation North West Coast

Address: Vanguard House, Sci-Tech Daresbury, Keckwick Lane, Daresbury WA4 4AB

General phone number: 0151 254 3400

General inquiries email address: info@healthinnovationnwc.nhs.uk

Website: https://www.healthinnovationnwc.nhs.uk/

 

Data Protection Officer contact details

Our Data Protection Officer is Tony Woods and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at info@healthinnovationnwc.nhs.uk

 

Controller contact details

 

Your GP Surgery

The controller is:

Name: Marine Lake & Estuary Medical Centre

Address: Marine Lake Health & Wellbeing Centre, Orrysdale Road, West Kirby, Wirral, CH48 5AA

Phone number: 0151 625 9171

Website: https://marinelakemedicalwirral.nhs.uk/

How do we get information and why do we have it?

The personal information we collect is provided directly from you for one of the following reasons:

● you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care

We also receive personal information about you indirectly from others, in the following scenarios:

● from other health and care organisations involved in your care so that we can provide you with care

 

What information do we collect?

Personal information

We currently collect and use the following personal information for this project:

● First part of your postcode

● Age

● Gender

 

More sensitive information

We process the following more sensitive data (including special category data):

● data revealing racial or ethnic origin

 

Who do we share information with?

We may share information with the following types of organisations:

● third party data processors (such as IT systems suppliers)

● planners of health and care services (such as Integrated Care Boards)

 

In some circumstances we are legally obliged to share information. This includes:

● when required by NHS England to develop national IT and data services

● when reporting some infectious diseases

● when a court orders us to do so

● where a public inquiry requires the information

 

We will also share information if the public good outweighs your right to confidentiality. This could include:

● where a serious crime has been committed

● where there are serious risks to the public or staff

● to protect children or vulnerable adults

We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality. These purposes will include to comply with the law and for public interest reasons.

 

Is information transferred outside the UK?

No. Our data is hosted in the UK and is only available to our staff and technical support staff in the UK.

What is our lawful basis for using information?

 

Personal information

 

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

· We have your consent – this must be freely given, specific, informed and unambiguous.

 

More sensitive data

· Archiving, research and statistics (with a basis in law).

Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):

 

· For Archiving, research and statistics (with a basis in law).

Common law duty of confidentiality

 

In our use of health and care information, we satisfy the common law duty of confidentiality because:

● you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)

 

How do we store your personal information?

Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:

● securely dispose of your information by shredding paper records and wiping hard drives to legal standards of destruction.

● Your data will be aggregated with data from other patients to create anonymised reports.

 

What are your data protection rights?

Under data protection law, you have rights including:

 

Your right of access – You have the right to ask us for copies of your personal information (known as a subject access request).

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at info@healthinnovationnwc.nhs.uk if you wish to make a request.

 

National data opt-out

● we not are applying the national data opt-out because we are not using confidential patient information for planning or research purposes

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

● improving the quality and standards of care provided

● research into the development of new treatments

● preventing illness and diseases

● monitoring safety

● planning services

This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.

Whenever possible data used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

How do I complain?

If you have any concerns about our use of your personal information, you can make a complaint to us at info@healthinnovationnwc.nhs.uk

Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.

The ICO’s address is:

 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

 

Date of last review

 

25th January 2024

 

 

 

Opening Times

  • Monday
    08:00am to 08:00pm
  • Tuesday
    08:00am to 08:00pm
  • Wednesday
    08:00am to 08:00pm
  • Thursday
    08:00am to 08:00pm
  • Friday
    08:00am to 06:30pm
  • Saturday
    CLOSED
  • Sunday
    CLOSED
NHS A-Z Conditions
Find Local Services
Live Well