For the purposes of the Data Protection Act 2018 (‘DPA’) and the EU General Data Protection Regulation (‘GDPR’), Carepoint Practice (‘we’ or ‘us’) is the ‘data controller’, which means that we are responsible for, and control the processing of, your personal data).
We have appointed a Data Protection Officer who is responsible for ensuring that we comply with our legal obligations in relation to data protection. Our Data Protection Officer is:
Name of Data Protection Officer: Dr Manish Patel
Address: Carepoint Practice, Northwood Health Centre
Telephone number: 01923 820 866
Personal data we may collect about you
We will obtain personal data about you (such as your name, address, health data) whenever you complete an online form by which you consent to us holding that personal data for the purpose specified on that form.
For example, we will obtain your personal data when you send us feedback or contact us for any reason.
Occasionally we may receive personal data about you from other sources which we will add to the information which we already hold about you. We will do this in order to help us provide services, to improve and personalise our service to you. If we receive such personal data we will notify you as soon as reasonably practicable (and in any event within one month) that we have received that personal data. We will notify you if we intend to disclose that personal data to anyone else.
Your Data Matters to the NHS
Fair Process Notification
For more information about how we use your personal data including our privacy notice, please click here for our Fair Process Notification
How we use your personal data
We will use your personal data for the purposes described in the data protection notice that was given to you at the time your data were obtained. These purposes include:
to help us identify you and any accounts you hold with us
research, statistical analysis and behavioural analysis
customer profiling and analysing your purchasing preferences
marketing—see ‘Marketing and opting out’ below
fraud prevention and detection
billing and order fulfilment
improving our services
Lawful Basis for the Processing of Your Personal Data
We will use the personal data that we hold or the purposes of:
performing any contractual or other obligations that we may have to you,
complying with our legal obligations, and
protecting our legitimate interests or those of others but only if it is necessary to do so and those interest are not overridden by your own interests or rights. You have the right to challenge those interests and to request that we stop processing your personal data on this basis. For further information see ‘Your rights’ below.
We can process your personal data for those purposes without your knowledge or consent, but we will not use your personal data held on that basis for any other purpose without telling you that we will do so and our legal basis for processing it.
We may also process your personal data for any purpose to which you have expressly consented. You can withdraw that consent at any time. For further information see ‘Your rights’ below.
You should be aware that if you do not provide or withdraw consent to our processing certain personal data it may not be possible for us to continue to act as your health providers.
Special Categories of Personal Data
Special categories of personal data are types of personal data consisting of information as to:
your racial or ethnic origin;
your political opinions;
your religious or philosophical beliefs;
your trade union membership;
your genetic or biometric data;
your sex life and sexual orientation; and
any criminal convictions and offences.
We will only hold and process special categories of your personal data in certain situations in accordance with the law. For example, we can do so if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request. You do not need to consent and can withdraw consent later if you choose by contacting the Data Protection Officer.
We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:
where it is necessary for carrying out legal rights and obligations;
where it is necessary to protect your vital interests or those of another person where you or they are physically or legally incapable of giving consent;
where you have made the data public;
where processing is necessary for the establishment, exercise or defence of legal claims;
where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.
We may process your race, ethnic origin, religion, sexual orientation, disabilities, medical condition or gender to monitor and to prevent possible discrimination.
Where Your Personal Data Will be Processed
We will not hold or send your personal data outside the European Economic Area.
We will contact you by email, phone, SMS when we need to inform you of any health related activity. If you have changed your mind and would prefer us not to contact you, then you can opt out at any time. For further information see ‘Your rights’ below.
COVID-19 contingency sharing.
Primary care staff across each borough will be able to access your full medical record without consent during the COVID-19 pandemic but will only do so when this is necessary to provide you with care. They will be required to use a smartcard which confirms their identity, and which limits their access and actions to those appropriate for their role. They will all have been trained to understand their professional and legal responsibilities in providing you with care.
Data Sharing Measure in relation to the COVID pandemic
1) The secretary of state has served notice under the Health Service COPI (Control of Patient Information) Regulations 2002 to require organisations to process confidential patient information during the COVID Pandemic and these measures will remain in place until September 2020. In addition, aggregate data which supports the planning and delivery of health care during the COVID pandemic will be processed securely through the Whole Systems Integrated Care database. Any such data will be formally identified as COVID related and used only for this purpose until Sep 2020.
2) Primary care staff across each CCG will be able to access your full medical record without consent during the COVID-19 pandemic but will only do so when this is necessary to provide you with care. They will be required to use a smartcard which confirms their identity, and which limits their access and actions to those appropriate for their role. They will all have been trained to understand their professional and legal responsibilities in providing you with care. Access to records by trained clinicians will be made available for example when patients:
Are asked to present to the Respiratory Hubs offering care for COVID related illness
Are directed to other hubs based services for routine face to face, or telephone or video consultation
Require community visiting services
3) The extension to smart card permissions is currently limited to CCG wide sharing, but in the event of the pandemic escalating we have taken measures to implement NWL wide sharing and will notify patients through this Fair Processing Notice, should that need arise.
4) The government have requested reinstatement of the “break glass” facility” previously available in TPP clinical systems so as to allow a declared access to patient records in the event of an emergency.
Disclosure of your personal data
We may disclose your personal data to:
other healthcare providers within the NHS
Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:
we store your personal data on secure servers
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, and compliance.
Information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his or her behalf and has agreed that you can:
give consent on his or her behalf to the processing of his or her personal data;
receive on his or her behalf any data protection notices;
Retention of Your Personal Data
We will not retain your personal data for longer than is reasonably necessary for the purpose for which it was obtained, and unless we have agreed otherwise with you we will at the end of the retention period securely destroy or delete it from our records.
Your Rights in Respect of Personal Data
You have the right to information about what personal data we process, how and on what basis as set out in this policy.
You have the right to access your own personal data by way of a subject access request. We will respond as soon as reasonably practicable and in any event within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by up to a further two months. There is no fee for making a subject access request, but if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
You can correct any inaccuracies in your personal data. To do you should contact the [Data Protection Officer specified above/us via the contact details at the bottom of this policy].
You have the right to request that we erase your personal data if we are not legally entitled to process it without your consent or if it is no longer necessary to process it for the purpose for which it was collected. To do so you should contact the [Data Protection Officer/ us via the contact details at the bottom of this policy].
While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while that application is made. To do so you should contact the [Data Protection Officer/ us via the contact details at the bottom of this policy].
You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop such data processing.
You have the right to object if we process your personal data for the purposes of direct marketing.
You have the right to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
With some exceptions, you have the right not to be subjected to automated decision-making.
You have the right to be notified of a data security breach concerning your personal data.
In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact [the Data Protection Officer/us via the contact details at the bottom of this policy].
You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). That website has further information on your rights and our obligations.
to carry out research and statistical analysis to help improve our content, services and to help us better understand our visitor requirements and interests
to make your online experience more efficient and enjoyable.
How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: or
Our contact details
We welcome your feedback and questions. If you wish to contact us, please send an email to or you can write to us at Carepoint Practice, Northwood Health Centre, Neal Close, Acre Way, HA6 1TQ or call us on 01923 820 866.
Data protection documents:
Page Last Updated:13th June 2019