© 2020 Carepoint Practice 

Privacy and Cookie Policy

This website is brought to you by Carepoint Practice. We take the security and privacy of our website users very seriously. We ask that you read this Privacy Policy (‘the Policy’) carefully as it contains important information about how we will use your personal data.


For the purposes of the Data Protection Act 2018 (‘DPA’) and the EU General Data Protection Regulation (‘GDPR’), Carepoint Practice (‘we’ or ‘us’) is the ‘data controller’, which means that we are responsible for, and control the processing of, your personal data).


We have appointed a Data Protection Officer who is responsible for ensuring that we comply with our legal obligations in relation to data protection. Our Data Protection Officer is:


Name of Data Protection Officer:             Dr Manish Patel

Address:                                                   Carepoint Practice, Northwood Health Centre

Telephone number:                                  01923 820 866

Email:                                                        hillccg.carepoint@nhs.net


Personal data we may collect about you


We will obtain personal data about you (such as your name, address, health data) whenever you complete an online form by which you consent to us holding that personal data for the purpose specified on that form.


For example, we will obtain your personal data when you send us feedback or contact us for any reason.


We may monitor your use of this website through the use of cookies and similar tracking devices. For example, we may monitor [how many times you visit, which pages you go to, traffic data, location data and the originating domain name of your internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see further the section on ‘Use of cookies’ below.


Occasionally we may receive personal data about you from other sources which we will add to the information which we already hold about you. We will do this in order to help us provide services, to improve and personalise our service to you. If we receive such personal data we will notify you as soon as reasonably practicable (and in any event within one month) that we have received that personal data. We will notify you if we intend to disclose that personal data to anyone else.

Your Data Matters to the NHS 

Fair Process Notification 

For more information about how we use your personal data including our privacy notice, please click here for our Fair Process Notification


How we use your personal data

We will use your personal data for the purposes described in the data protection notice that was given to you at the time your data were obtained. These purposes include:


  • to help us identify you and any accounts you hold with us

  • administration

  • research, statistical analysis and behavioural analysis

  • customer profiling and analysing your purchasing preferences

  • marketing—see ‘Marketing and opting out’ below

  • fraud prevention and detection

  • billing and order fulfilment

  • improving our services


Lawful Basis for the Processing of Your Personal Data


We will use the personal data that we hold or the purposes of:


  • performing any contractual or other obligations that we may have to you,

  • complying with our legal obligations, and

  • protecting our legitimate interests or those of others but only if it is necessary to do so and those interest are not overridden by your own interests or rights. You have the right to challenge those interests and to request that we stop processing your personal data on this basis. For further information see ‘Your rights’ below.


We can process your personal data for those purposes without your knowledge or consent, but we will not use your personal data held on that basis for any other purpose without telling you that we will do so and our legal basis for processing it.


We may also process your personal data for any purpose to which you have expressly consented. You can withdraw that consent at any time. For further information see ‘Your rights’ below.


You should be aware that if you do not provide or withdraw consent to our processing certain personal data it may not be possible for us to continue to act as your health providers.


Special Categories of Personal Data


Special categories of personal data are types of personal data consisting of information as to:

  • your racial or ethnic origin;

  • your political opinions;

  • your religious or philosophical beliefs;

  • your trade union membership;

  • your genetic or biometric data;

  • your health;

  • your sex life and sexual orientation; and

  • any criminal convictions and offences.


We will only hold and process special categories of your personal data in certain situations in accordance with the law. For example, we can do so if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request. You do not need to consent and can withdraw consent later if you choose by contacting the Data Protection Officer.


We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:


  • where it is necessary for carrying out legal rights and obligations;

  • where it is necessary to protect your vital interests or those of another person where you or they are physically or legally incapable of giving consent;

  • where you have made the data public;

  • where processing is necessary for the establishment, exercise or defence of legal claims;

  • where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.

We may process your race, ethnic origin, religion, sexual orientation, disabilities, medical condition or gender to monitor and to prevent possible discrimination.


Where Your Personal Data Will be Processed


We will not hold or send your personal data outside the European Economic Area.




We will contact you by email, phone, SMS when we need to inform you of any health related activity.  If you have changed your mind and would prefer us not to contact you, then you can opt out at any time. For further information see ‘Your rights’ below.


Disclosure of your personal data


We may disclose your personal data to:

  • other healthcare providers within the NHS


Keeping your data secure


We will use technical and organisational measures to safeguard your personal data, for example:

  • we store your personal data on secure servers


Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.




We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, and compliance.


Information about other individuals


If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his or her behalf and has agreed that you can:


  • give consent on his or her behalf to the processing of his or her personal data;

  • receive on his or her behalf any data protection notices;


Retention of Your Personal Data


We will not retain your personal data for longer than is reasonably necessary for the purpose for which it was obtained, and unless we have agreed otherwise with you we will at the end of the retention period securely destroy or delete it from our records.


Your Rights in Respect of Personal Data


You have the right to information about what personal data we process, how and on what basis as set out in this policy.


You have the right to access your own personal data by way of a subject access request. We will respond as soon as reasonably practicable and in any event within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by up to a further two months. There is no fee for making a subject access request, but if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.


You can correct any inaccuracies in your personal data. To do you should contact the [Data Protection Officer specified above/us via the contact details at the bottom of this policy].


You have the right to request that we erase your personal data if we are not legally entitled to process it without your consent or if it is no longer necessary to process it for the purpose for which it was collected. To do so you should contact the [Data Protection Officer/ us via the contact details at the bottom of this policy].


While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while that application is made. To do so you should contact the [Data Protection Officer/ us via the contact details at the bottom of this policy].


You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop such data processing.


You have the right to object if we process your personal data for the purposes of direct marketing.


You have the right to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.


With some exceptions, you have the right not to be subjected to automated decision-making.


You have the right to be notified of a data security breach concerning your personal data.


In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact [the Data Protection Officer/us via the contact details at the bottom of this policy].


You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). That website has further information on your rights and our obligations.


Use of cookies


A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. We use cookies on this website to:

  • to carry out research and statistical analysis to help improve our content, services and to help us better understand our visitor requirements and interests

  • to make your online experience more efficient and enjoyable.


The information that we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer [or other electronic device] such as your IP address, your browser and/or other internet log information, this will not usually identify you personally.] [In certain circumstances we may collect personal information about you – but only where you voluntarily provide it (e.g. by completing an online form).


We will need your consent in order to use cookies on this website unless the cookie is necessary for us to provide you with a service you have requested.




If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies [and other similar technologies] as described in this Privacy Policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to disable cookies.


How to turn off cookies


If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org


Our contact details


We welcome your feedback and questions. If you wish to contact us, please send an email to hillccg.carepoint@nhs.net or you can write to us at Carepoint Practice, Northwood Health Centre, Neal Close, Acre Way, HA6 1TQ or call us on 01923 820 866.


We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access this website.

Data protection documents:

Page Last Updated:13th June 2019