Website Privacy Notice – GDPR
How we use your information
At Gordon House Surgery we’re committed to protecting and respecting your privacy.
This policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Any questions relating to this policy and our privacy practices should be sent to:
Gordon House Surgery, 78 mattock Lane, Ealing, London W13 9NZ
Our Commitment to Data Privacy
We are committed to protecting your privacy and will only process personal confidential data in accordance with the General Data Protection Act (GDPR).
For Gordon House Surgery, Dr Ian Bernstein is the Data Controller under the terms of the General Data Protection Act. Dr Ernest Norman-Williams is the Data Protection Officer for Ealing CCG. We are therefore legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you, is done in compliance with the GDPR.
Everyone working for the NHS has a legal duty to keep information about you confidential. All of our staff receive appropriate training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.
Our Legal Basis for Processing
We will only use and process your personal data for:
- Performing a contract or service between us;
- If it is necessary for our legitimate interests and only if your interests and rights do not override ours.
We will not use your personal data for an unrelated purpose without informing you and the legal basis that we intend to rely on for processing it.
Information we hold about you
Information you give us
You may provide us with personal information through your use of this website. This may include:
‘Identifiable’ personal data that can be used to directly or indirectly identify the person. This can include but is not limited to name, address and email address.
‘Special categories’ personal data (sensitive personal data) relating to racial or ethnic origin, religious or philosophical beliefs and data concerning health or medical conditions.
Information we collect about you.
We may automatically collect the following information about your visit. This information will not identify you, it relates to:
‘Google Analytics’ collects technical information, including your browser type and version, time zone setting, operating system and platform and the pages you visits.
How will your information be used
Your personal information will only be used for the purpose of which it was originally given by the individual. For example any information you provide via an online request through the website will only be processed for that request and will not be used for any other reason.
Your information will never be used for marketing or profiling without your explicit consent.
You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any personal confidential data we hold about you.
Right to be informed
You have the right to be informed about the collection and use of your data.
You also have the right to be notified of a data security breach concerning your personal data.
Right of access
You have the right to access any of your personal data that is being processed together with supplementary information. If we do hold information about you we will:
- Give you a description of it;
- Tell you why we are holding it;
- Tell you who it could be disclosed to; and
- Let you have a copy of the information in a plain readable format.
Right to be forgotten
You have the right to have your personal data erased. This right is not guaranteed and applies only in certain circumstances.
Right to restrict
You have the right to request the restriction of your personal data from being processed. This will restrict any ongoing processing but not erase any data we hold.
Right to rectification
You have the right to have inaccurate personal data rectified or completed if it is incomplete.
Right to object
You have the right to object to data processing of the information we hold about you, where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
Rights in relation to automated decision making and profiling
The website does not make any automated decisions or profiling with your personal data.
How to make a request
Requests must be made in writing to Gordon House Surgery at
78 Mattock Lane, Ealing, London, W13 9NZ
The information we will require when you make a request is your name, address, contact telephone number and date of birth and a description of the request.
We will respond within a reasonable period and no later than one calendar month.
Personal data processed for any purpose via this website shall not be kept for longer than is necessary for that purpose.
We do not share or sell your personal information to any third parties outside the NHS.
We would not share information that identifies you unless we have a fair and lawful basis such as:
- You have given us permission;
- To protect children and vulnerable adults;
- When a formal court order has been served upon us;
- When we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime;
- Emergency Planning reasons such as for protecting the health and safety of others;
- When permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals
Processing outside the UK
Your personal information will not be sent outside the United Kingdom.
Other organisations that support the website
The practice uses the services of the additional data processors, who will provide additional expertise to support the work of the Practice.
We have entered into contracts with other organisations to provide some services for us or on our behalf.
These organisations are known as “data processors”.
These organisations are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.
Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
To make a complaint or bring concerns to our attention, please contact us in writing to:
Furiha Chaudry, Gordon House Surgery, 78 Mattock Lane, Ealing, London, W13 9NZ
The information we will require when you make a complaint will be:
- Your name, address and contact telephone number and those of the person that you may be complaining for; including their date of birth and NHS Number.
- A summary of what has happened, giving dates where possible.
- A list of things that you are complaining about.
- What you would like to happen as a result of your complaint
If you have any questions about this policy or how we handle your data please do not hesitate to contact us at:
Furiha Chaudry, Gordon House Surgery, 78 Mattock Lane, Ealing, London, W13 9NZ
Monitoring and Review
We regularly review and, where necessary, update this notice at least annually.
If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.
Use of the Website
Generally, our website will not require you to enter personal information. When it does, for example; online appointment booking, we will apply the same confidentiality principles as those described above.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should be aware that we do not have any control over the other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting these sites.
We intend to protect the confidentiality, quality and integrity of your personal information and we have implemented appropriate technical and organisational measures to do so. These include staff training, up to date policies and procedures and working to align with national cyber security guidelines.