Privacy & Cookies Policy
Definitions and interpretation:
Data – collectively all information that you submit to Strensham Road Surgery via the Platform.
Cookies – a small text file on your computer by this Platform when you visit certain parts on the Platform and/or when you use certain features of the Platform. Details of the cookies used by this Platform are set out in the clause below (Cookies);
UK and EU Cookie Law – the Privacy and Electronic Communication (EC Directive) Regulations. Privacy and Electronic Communications (EC Directive) (Amendment) Regulations.
User or you – any third party that accesses the Platform and is not either (i) employed by Strensham Road Surgery and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Strensham Road Surgery and accessing the Platform in connection with the provision of such services; and
Platform – means the website that you are currently using www.strenshamroadsurgery.org.uk / Strensham Road Surgery mobile apps and any sub-domains of this site unless expressly excluded by their own terms and conditions.
The singular includes the plural and vice versa;
A reference to a person includes firms, companies, government entities, trusts and partnerships;
“Including” is understood to mean “including without limitation”;
Reference to any statutory provision includes any modification or amendment of it;
Information we may collect from you
We may collect and process the following data about you:
Information you give us. You may give us information about you by filling in forms on http://www.strenshamroadsurgery.org.uk/ (our site), the mobile app or by corresponding with us by phone, email or otherwise. This includes information you provide us when you register to use our site, participate in discussion boards, fill out online enquiry forms, request a prospectus or any other additional information and when you report a problem with our site. The information you give us may include your name, address, email address and phone number, payment information, personal description and photograph.
Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), your email address if you filled in a form on the site and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. [In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site.] We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Our use of Data
Unless we are obliged or permitted by law to do so, and subject to any third-party disclosures specifically set out in this policy, your Data will not be disclosed to third party.
We take the privacy and security of your personal data very seriously. We ensure we handle your data with the highest level of care by having clear internal policies and procedures, physical security to our premises and IT security technologies to prevent the unauthorised access, damage and loss of your data.
The personal data that we collect from you is only stored inside the European Economic Area (EEA), therefore ensuring we achieve the maximum privacy and security in line with UK Data Protection Laws.
Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Platform.
Information you give to us. We will use this information:
To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us
To ensure that content from our site is presented in the most effective manner for you and for your computer.
To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about.
Information we collect about you. We will use this information:
To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes as part of our efforts to keep our site safe and secure;
To improve our site to ensure that content is presented in the most effective manner for you and for your computer;
To allow you to participate in interactive features of our service, when you choose to do so;
To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
To make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
You agree that we have the right to share your personal data with:
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
Selected third parties including:
Business partners, supplier and sub-contractors for the performance of any contract we enter into with them or you;
With any prospective seller or buyer in the event that we sell or buy any business or assets;
With any purchaser in the event that we are acquired by a third party, in which case personal data will be one of the transferred assets.
Regulatory organisation or other third parties if we are under a duty to disclose or share your personal data in order to comply with legal obligations, or in order to protect the rights, property or safety of us, our customers or others, or when we believe disclosure is necessary or appropriate in connection with an investigation of suspected or actual fraud or other illegal activity.
Subject to applicable law, you have the right to ask us not to process your personal data for marketing purposes. We will usually inform you before collecting your data if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contracting us at firstname.lastname@example.org
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Third party websites and services
Strensham Road Surgery may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Platform. The providers of such services do not have access to certain personal Data provided by Users of this Platform.
Links to other websites
Access to Information
The Act gives you the right to access information held about you. You may request from us a copy of personal data we hold on you.
Data security is of great importance to Strensham Road Surgery and to protect you’re data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via this Platform.
If password access is required for certain parts of the Platform, you are responsible for keeping this password confidential.
We endeavour to do our best to protect your personal Data. However, transmission of information over the Internet is not entirely secure and is done at your own risk. We cannot ensure the security of your Data transmitted to the Platform.
All Cookies used by this Platform are used in accordance with current UK and EU Cookie Law.
Before the Platform places Cookies on your computer, you will be presented with information requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Strensham Road Surgery to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Platform may not function fully or as intended.
You can choose to enable or disable Cookies in your Internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.
You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the Platform more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that you ensure that your internet browser is up-to-date and that consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
Data Sharing Agreement
Strensham Road Surgery:
Our Data Sharing Agreement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Fair Processing Notice – Data Protection Act 1998 Your Information and how we use it
Why we collect information about you.
Your practice is a member of Birmingham SmartCare Federation. The Federation is committed to improving primary and community-based services provided in Central, South and West Birmingham. It offers a wide range of high quality health and social care services delivered from local sites at times and locations that are convenient to you. This includes access to evening and weekend face to face and telephone consultations.
When you see a clinician or have a telephone consultation at one of our hub sites you will be asked to give consent to share your medical records. This is so that the clinician treating you has a full understanding of your medical history, any medications, and previous consultations and investigations. Access to this information will ensure that you receive the correct type of care and that a record of the consultation is added to your shared medical record so that your own GP is fully informed of the consultation and any treatment given. The hub clinicians are only allowed to view your medical records when they have your explicit consent to do so, or there is an over-riding legal reason for them to have the information, for example, safeguarding children or vulnerable adults. To ensure that we comply with our Data Protection responsibilities in keeping your information safe you will be asked to give your consent every time you see a hub clinician.
How we keep your records confidential
Everyone working for the NHS is subject to the Common Law Duty of Confidence. Information provided in confidence will only be used for the purposes stated and where the patient has given their explicit consent, unless there are other circumstances covered by the law.
Information sharing with other NHS and non-NHS organisations
For your benefit, we may also need to share information we hold about you with other organizations involved in your care such as other NHS organizations, Social Services or charitable and voluntary bodies working with us to improve your care. However, we will not disclose any information to third parties without your explicit consent, unless there are exceptional circumstances, such as when the health or safety of yourself or others is at risk or where the law requires it.
If we are asked to share information with a non-NHS organisation that does not directly relate to your care, we will always seek your consent prior to any information being shared. If you choose not to consent to this when asked, then that decision will be recorded and respected.
Your right to object to us sharing your personal information
You have the right to object to the sharing of your personal information. The possible consequences will be fully explained to you so that you are able to make an informed decision.
Your rights under the Data Protection Act
Patients and service users, as data subjects, have a number of rights under the Data Protection Act, including a general right of access to personal data (electronic or paper) held about them.
In addition, Birmingham SmartCare will always obtain explicit consent before viewing your data. You have the right to object to sensitive information such as Fertility treatments/embryology; Sexually Transmitted Infections; Gender realignment; HIV/AIDs diagnosis; termination of pregnancy being shared with Birmingham SmartCare or other NHS or Non-NHS organizations by your own practice. Equally you have the right to object to Birmingham SmartCare sharing sensitive information with your own practice or other agencies following a consultation with one of our clinicians.
Right of access to your Birmingham SmartCare Data
You can make your own application to see the information Birmingham SmartCare holds about you, or you can authorize someone else to make an application for you. A parent or guardian, a patient representative, or a person appointed by the Court may also apply. If you wish to access your personal data, then please contact:
Birmingham SmartCare Federation
Hillmeads Health Centre
97 Hillmeads Road
In order for Birmingham SmartCare to fulfil its responsibilities under the Act, you may be asked to provide proof of your identity, and any further information required to locate the record you have requested.
Withholding information about you
Information may be withheld if the organization believes that releasing the information to you could cause serious harm to your physical or mental health. We do not have to tell you that information has been withheld.
Information may also be withheld if another person (i.e. third party) is identified in the record, and they do not want their information disclosed to you. However, if the other person was acting in their professional capacity in caring for you, in normal circumstances they could not prevent you from having access to that information.
Correcting inaccurate information
NHS organizations have a duty to ensure your information is accurate and up to date to make certain we have the correct contact and treatment details about you.
If your information is not accurate and up-to-date, you can ask us to correct the record. If we agree that the information is inaccurate or incomplete, it will be corrected. If we do not agree that the information is inaccurate, we will ensure that a note is made in the record of the point you have drawn to the organization’s attention.
If you would like to know more about Birmingham SmartCare please go to our www.smartcarebham.org.uk If you would like to know about how we use your information or if (for any reason) you do not wish to have your information used in any of the ways described above, please speak to the health professionals concerned with your care. Alternatively ask to speak to the Practice Manager at your registered practice. Fair Processing Notice – Data Protection Act 1998 Your Information and how we use it
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.
Our Data Protection Officer: Sobia Hussain email@example.com
This policy was reviewed and last updated July 2019