Privacy Policy
Introduction
Sloane Square Medical takes the security of our patient’s data very seriously and is committed to protecting our patient’s privacy by ensuring the security of patient information. We strive to be transparent about the personal information we are collecting and open with what we do with this information.
This policy sets out the following:
A.How we get personal data and the type of personal data we collect
B. Why we have personal data
C. How we store your personal data
D. Who we transfer and disclose your personal data to
E. Your data protection rights
F. How to complain
All personal data is collected and processed in accordance with EU data protection laws.
A. How we collect personal data and the type of personal information we collect:
Personal data refers to any information relating to you which allows us to identify you, such as your name, date of birth, contact details and home address.
When you register as a new patient to the practice we collect personal data, this can include:
Full name, home address, DOB, contact telephone number, and email address.
A contact for next of kin which may include name, telephone number and relationship to you.
Your NHS GP details if available including GP name, Surgery name, surgery phone number and address.
Your medical history, current medication and allergies.
Any communications directly with us such as emails, letters and text messages.
For covid testing purposes, we are also collecting the following information: Name, address, phone number, email address, age, DOB, passport number, ethnicity, gender, photo ID, COVID vaccination status, covid test results.
B. Why we have your personal data:
Your data may be used for the following purposes:
Appointment information: We will send notifications and information with regard to upcoming appointments and any changes to this service. These communications are not made for marketing purposes and cannot be opted out of.
For billing purposes, sending invoices and receipts.
Onward medical referrals: We will share relevant medical information with other health care professionals such as specialist consultants and organisations.
Pharmacy for prescriptions: If a prescription is required, we will share details of your prescription with the relevant pharmacy.
Customer Service: We use your data to manage our relationship with you as our customer and to improve our services.
We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we have collected and need to use your personal data for.
Marketing purposes: If you have opted in to receive our marketing emails your data provided at opt-in (usually name and email address) will be stored via the Squarespace platform. Please see squarespace.com/privacy for details on how this data is stored. You can opt-out of receiving these emails at any time.
Website analytics: Our website uses cookies to track the way our website is used. This information is stored by the platform provider Squarespace. Please see squarespace.com/privacy for details on how this data is stored.
We may also process your personal data for one or more of the following:
To comply with a legal obligation (e.g. Police reports, safeguarding authorities).
The Care Quality Commission. It regulates health and social care services to ensure that safe care is provided. The law says that we must report certain serious events to the CQC, for example, when patient safety has been put at risk.
Public health Authorities for example infectious diseases.
C. How we store your personal information:
Personal data storage and security:
We follow strict security procedures in storing and disclosing your personal data and protecting it against accidental loss, destruction or damage. The data you provide to us is protected using a method of encrypting personal information so that it can be securely held.
Personal data retention:
All records are held for a minimum of 7 years. All records are securely stored on Cross Care in accordance with the Data Protection Act. Cross Care is a remote hosting system used for the patients registered in accordance with CQC guidelines.
Personal data disposal:
When records have reached their retention period, data will be disposed of securely and confidentially. The confidential destruction of records is a crucial element of good records management practice. It is a requirement of data protection legislation that all information relating to identifiable, living individuals is disposed of in an appropriately secure manner. Data disposal takes place on an annual basis (usually through the month of August), where the senior staff are responsible for ensuring that their respective teams sort through and dispose of redundant electronic records.
D. Sharing your data
Personal data may be shared with:
Healthcare professionals and staff at Sloane Square Medical.
All secondary care hospitals.
Out-of-hours services.
Trusted service providers who are involved in the provision of direct care to individual patients. E.g The Doctors Laboratory.
Credit and debit card companies which facilitate your payments to us
Government authorities (CQC), law enforcement bodies and regulators.
E. Your data protection rights:
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at manager@sloanesquaremedical.org or call us on 020 7730 8835 if you wish to make a request.
F. How to complain:
If you have any concerns about our use of your personal information, you can make a complaint to us at manager@sloanesquaremedical.org