We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice
Policy statement
- Version 1
- Edited by: Shannon McAree
- Date Issued: 15/07/2025
- Next review date: 15/07/2026
Practice Manager: Shannon McAree
Data Protection Officer (DPO): Dennis Owusu-Agyekum
Senior Information Risk Owner (SIRO): Chris Newman
Caldicott Guardian: Alison Varey
This policy explains how we inform patients about the use of their data for direct care, research, audit, and screening. It should be read alongside the organisation’s UK GDPR policy.
A children’s privacy notice is also available: TBC
Status
In accordance with the Equality Act 2010, the potential impact of this policy has been considered for all individuals. This document is non-contractual and may be updated or withdrawn at any time. It applies to all staff and contractors of the organisation.
Compliance with regulations
Data Protection Act 2018 and UK GDPR
UK GDPR, implemented via the Data Protection Act 2018, sets out rules for the use of confidential and sensitive data. This organisation processes personal data in line with Article 5 and provides relevant information to individuals under Article 12 of the UK GDPR.
Communicating privacy information
We communicate our Privacy Notice in the following ways:
• Online: Available on our practice website
• Printed Copy: Available at reception upon request
• Oral Explanation: Staff are trained to explain our Privacy Notice verbally if requested.
What data will be collected
• Patient identification details (name, DOB, NHS number)
• Contact and Next of Kin (NOK) information
• Medical history and treatment records
• Test results (e.g. pathology, X-rays)
• Relevant clinical information
National data opt-out
The national data opt-out allows patients to prevent their confidential information being used for purposes beyond their care. We comply with this policy and provide support via NHS England’s detailed guidance and resources.
Additional information is also available for patients at Make a choice about sharing data from your health records.
General practice data for planning and research collection
The GPDPR programme enables:
- Monitoring of care quality
- Public health planning
- Research and development of new treatments. We direct patients to NHS England for further details and opt-out options.
Practice Privacy Notice
Introduction
Clapham Park Group Practice is committed to protecting your personal and healthcare information. This privacy notice explains how we use your data to provide and improve care. Your information is stored securely and shared only, when necessary, with healthcare professionals involved in your treatment.
Why We Provide This Privacy Notice
We are legally required to provide you with this privacy notice under data protection legislation. It explains:
- Why we collect your personal and healthcare information.
- How we use it
- Who we may share it with and why.
- How long we keep it.
- Your rights regarding your data
If you have questions or concerns about this notice or how your data is handled, please contact our Data Protection Officer: Dennis Owusu-Agyekum here.
Legal Basis for Processing Your Data
Our use of your information is governed by:
- The UK General Data Protection Regulation (UK GDPR)
- The Data Protection Act 2018 (DPA18)
These laws allow us to use your data for the purposes of providing healthcare and managing NHS services.
How We Use Your Information
We use your information to:
- Review and improve the quality of care we provide
- Support direct patient care
- Conduct health risk assessments and offer preventative care
- Comply with legal obligations, including safeguarding
Your information may be shared with other health or social care providers directly involved in your care—for example, hospital specialists, pharmacies, or out-of-hours services.
Examples of Data Use in Care:
- Referrals: Your GP may share relevant information when referring you to another service.
- Prescriptions: Your prescription details may be shared with your chosen pharmacy.
- Emergency Care: Staff in A&E or out-of-hours services may access your Summary Care Record. For more information, see: Summary Care Record - NHS England Digital
You have the right to:
- Object to the sharing of your information,
- Request corrections to any inaccuracies.
London Care Record
You have the right to object to your information being available through London Care Record. Although patients have the right to object and request restrictions on sharing their records, there may be instances where this request will not be upheld due to a clinical need as determined by the direct care giver. Please discuss this with your GP or health and social care worker and you can find further information on the One London website
For further information and advice about data protection or your right to object to sharing your data you can contact the team at Lewisham and Greenwich Trust who manage the London Care Record for South East London via their website or call 020 3192 6011 and leave your name and number for someone to contact you.
If you have already requested to stop sharing on ConnectCare/Local Care Record in South East London, then you will not have to request this again for London Care Record.
Registering for NHS care
- All patients who receive NHS care are registered on a national database (NHS Spine). The Spine is held and maintained by NHS England, a national organisation which has legal responsibilities to collect NHS data.
- More information can be found at Spine - NHS England Digital
Identifying health risks
- Your medical records will be searched by a computer programme so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital. This means we can offer patients additional care or support as early as possible.
- This process will involve linking information from your GP record with information from other health or social care services you have used. Information which identifies you will only be seen by this organisation.
Safeguarding
- Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
- These circumstances are rare.
- We do not need your consent or agreement to do this.
- Speak to the practice for more information.
- A copy of the practice safeguarding policy is available by request.
Medical research
Your health and care information are used to improve your individual care.
- It is also used to help the NHS research new treatments, decide where to put GP clinics and plan for the number of doctors and nurses in your local hospital.
- Wherever possible, the NHS try to use data that does not identify you, but sometimes it is necessary to use your confidential patient information.
- You can opt out from sharing your confidential information for research and planning if you want to.
- To opt out, or to find out more information, you can visit Choose if data from your health records is shared for research and planning - NHS.
- You can also call 0300 303 5678.
OpenSAFELY
- NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service.
- These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.
- Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data.
- This means identifiers are removed and replaced with a pseudonym. Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.
- Patients who do not wish for their data to be used as part of this process can register a type 1 opt out with their GP.
- Here you can find additional information about OpenSAFELY. (link OpenSAFELY: About OpenSAFELY )
We are required by law to provide you with the following information about how we handle your information:
Data Controller contact details
Chris Newman, Business Partner
Clapham Park Group Practice, 72 Clarence Avenue, London, SW4 8JP
Data Protection Officer contact details
Dennis Owusu-Agyekum
South East London Integrated Care Board (SELICB)
Purpose of the processing
To give direct health or social care to individual patients. An example is, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.
To check and review the quality of care. (This is called audit and clinical governance).
Medical research and to check the quality of care which is given to patients (this is called national clinical audit).
Lawful basis for processing
These purposes are supported under the following sections of the GDPR:
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Healthcare staff will also respect and comply with their obligations under the common law duty of confidence
Recipient or categories of recipients of the processed data
The data will be shared with:
- healthcare professionals and staff in this surgery;
- local hospitals;
- out of hours services;
- diagnostic and treatment centres;
- or other organisations involved in the provision of direct care to individual patients.
Rights to object and the national data opt-out
You have the right to object to information being shared between those who are providing you with direct care. This may affect the care you receive – please speak to the practice. You are not able to object to your name, address and other demographic information being sent to NHS England. This is necessary if you wish to be registered to receive NHS care.
You are not able to object when information is legitimately shared for safeguarding reasons. In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm. The information will be shared with the local safeguarding service.
The national data opt-out model provides an easy way for you to opt-out of information that identifies you being used or shared for medical research, planning, or audit purpose. Please contact the practice if you wish to opt-out. Further information is available from NHS England.
Right to access and correct
You have the right to access your medical record and have any errors corrected. Please speak to a member of staff or look at our ‘subject access request’ policy on the practice website.
We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you may obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention period
Records will be kept in line with the law and national guidance. Information on how long records are kept can be found in the Records Management Code of Practice.
Right to complain
In the unlikely event that you are unhappy with any element of our data-processing methods, do please contact the Practice Manager in the first instance. If you feel that we have not addressed your concern appropriately, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
For further details, visit Make a complaint | ICO or telephone: 0303 123 1113.
Data we get from other organisations
We receive information about your health from other organisations who are involved in providing you with health and social care. For example, if you go to hospital for treatment or an operation the hospital will send us a letter to let us know what happened. This means your GP medical record is kept up-to date when you receive care from other parts of the health service.
Consent and Your Rights
In most cases, we rely on lawful bases other than consent to process your personal data (such as the provision of direct care, compliance with legal obligations, or tasks in the public interest). However, where we do ask for your consent—for example, to send you health promotion information or to share your data with third-party services not directly involved in your care—you have the right to choose whether to give or withhold that consent.
How We Obtain Consent
When consent is required, we will explain:
- What information we are collecting
- Why we are collecting it
- Who it may be shared with
- How long it will be kept
We will only proceed if you give your explicit, informed consent.
Withdrawing Consent
If you have previously given consent and change your mind, you have the right to withdraw it at any time. To do this, please contact the practice either:
- In writing (by letter or email)
- By speaking to a member of staff at reception
- By phoning the practice
We will action your request as soon as possible and confirm once this has been done. Please note that withdrawing consent will not affect the lawfulness of any processing carried out before the withdrawal.