Privacy Notice – Peacocks Medical Group
Protecting your privacy
Introduction
This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
We want you to be fully informed about your rights, and how Peacocks uses your data.
It’s likely that we’ll need to update this Privacy Notice from time to time and we will notify you of any significant changes. You are welcome to come back and check it whenever you wish.
This Privacy Notice sets out how Peacocks handles, stores, uses and shares your personal information when it collects such information from you or from a third party.
The Data Controller is Peacocks Medical Group, located at Benfield Business Park, Benfield Road, Newcastle upon Tyne, NE6 4NQ.
What we collect and how we use personal data
Peacocks processes personal data of individuals and these include names, addresses, telephone numbers, email addresses, financial details, employment details and educational details. Peacocks processes personal data to enable it provide health services to its service users, to maintain accounts and records, promote its services and manage / support employees.
Peacocks does not sell personal information to anyone and only share it with third parties who are facilitating the delivery of Peacocks’ services.
How we share your personal information
Peacocks may need to share your personal information with other organisations. Where such sharing is necessary, we will comply with the requirements of the GDPR on data sharing. The types of organisations / groups that we may share personal data with are set out below:
- Healthcare professionals
- NHS Trusts
- CCGs
- Social & welfare organisations
- Government departments
- Business partners
- Families, associates, representatives of the person whose personal data is processed
- Suppliers and service providers
- Financial organisations
- Current, past and prospective employees
- Employment agencies
Your rights as a Data Subject
You have the following rights in relation to your personal information which you can exercise by writing to our Data Protection Officer at the following address:
Data Protection Officer, Peacocks Medical Group, Benfield Business Park, Benfield Road, Newcastle upon Tyne, NE6 4NQ.
• The right to make a subject access request. This enables you to receive certain information about how we use your personal data. It entitles you to receive a copy of it and to check that we are lawfully processing it.
• The right to request that we correct incomplete or inaccurate personal data that we hold about you.
• The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
• The right to object to our processing your personal data where we
are relying on our legitimate interest (or those of a third party),
where we cannot show a compelling reason to continue the
processing
• The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
• The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
How long we retain your personal information
We will retain your personal information for no longer than necessary taking into account the following:
The purpose(s) for which we are processing your personal information, such as whether it is necessary to continue to store that information in order to perform our obligation under a contract;
Whether we have any legal obligation to continue to process your personal information such as any recordkeeping obligations imposed by an applicable law;
Whether we have a business reason to continue to process your personal information;
How we secure your personal information
We take appropriate technical and organisational measures to secure your personal information and protect it against unauthorised or unlawful processing as well as against its accidental loss or destruction or damage including:
Using secure servers to store your personal information;
Using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt confidential data in transit and at rest;
Verifying the identity of individuals that access your personal information;
Providing access to the minimum personal data necessary, using appropriate restrictions and anonymisation/pseudonymisation whenever possible
How we secure NHS Patient data
This is done via rigorous applicatuion of the Caldicott principles.
Caldicott Principles
The Caldicott Principles were developed in 1997 following a review of how patient information was handled across the NHS. The Caldicott principles, which were updated in 2013, should be employed to examine the conditions under which patient-identifiable information is used or shared. They are as follows;
- Principle 1 — justify the purpose(s) for using confidential information.
- Principle 2 — only use confidential information when absolutely necessary.
- Principle 3 — use the minimum information that is required.
- Principle 4 — access to confidential information should be on a strict need-to-know basis.
- Principle 5 — everyone must understand their responsibilities.
- Principle 6 — understand and comply with the law.
- Principle 7 — the duty to share personal information can be as important as the duty to have regard for patient confidentiality.
The Caldicott Guardian
The role of the Caldicott Guardian for both health and social care covers not only the principles outlined above but also the wider aspects of information management, including:
- the Data Protection Act 2018
- the NHS Act 2006 (section 251)
- the Freedom of Information Act 2000
- the Human Rights Act 1998
- the Computer Misuse Act 1990
- the NHS Constitution (January 2009, updated February 2015)
- NHS Information Governance
The Caldicott Guardian at Peacocks Medical Group is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing.
Our Caldicott Guardian is;
Cameron Hall BSc(Hons) MBAPO
Peacocks Medical Group
Benfield Business Park,
Benfield Road
Newcastle upon Tyne NE6 4NQ
Phone: 0191 276 9600
Email: caldicott.guardian@peacocks.net
Transfer of your personal information to other countries
We may need to transfer your personal information to countries outside the European Economic Area (EEA) from time to time. Where that is the case, we will ensure that appropriate safeguards are put in place to provide for data subjects’ rights and enforceable legal remedies. The most appropriate method of providing protection for the rights of data subjects whose data are transferred will be used and incorporated into the contractual clauses of the relevant agreement.
Our use of cookies and similar technologies
We use cookies and similar technologies on our website. You can view our cookie policy here as part of our Privacy Policy https://www.peacocks.net/privacypolicy
Questions and Concerns
If you have any question or concern on how we collect, handle, store or secure your personal information, contact our Data Protection Officer using the contact details provided above.
You also have the right to lodge a complaint with the Supervisory Authority for the UK which is the Information Commissioner’s Office (ICO). The ICO’s contact details are as follows:
Information Commissioner’s Office,
Wycliffe House,
Water Lane, Wilmslow,
Cheshire, SK9 5AF,
Tel: 0303 123 1113.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.