HOW WE USE YOUR INFORMATION AND THE LAW
Bolton GP Federation is known as the ‘Controller’ of the personal data you provide to us. We collect basic personal data about you which does not include any special types of information or location-based information. This does however include name, address, contact details such as email and mobile number etc.
We will also collect sensitive confidential data known as “special category personal data”, in the form of health information, religious beliefs (if required in a healthcare setting) ethnicity, and sex, during the services we provide to you and or linked to your healthcare through other health providers or third parties.
Why do we need your information?
We need to know your personal, sensitive and confidential data to provide you with Healthcare services as a General Practice, under the General Data Protection Regulation we will be lawfully using your information in accordance with:
Article 6, e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;”
Article 9, (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems.
Where do we store your data electronically?
All the personal data we process is processed by our staff in the UK however for the purposes of IT hosting and maintenance this information may be located on servers within the European Union.
No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place. We have a Data Protection regime in place to oversee the effective and secure processing of your personal and or special category (sensitive, confidential) data.
How long will we store your information?
We are required under UK law to keep your information and data for the full retention periods as specified by the NHS Records management code of practice for health and social care and national archives requirements.
More information on records retention can be found online.
What are your rights?
If at any point you believe the information we process on you is incorrect you can request to see this information and even have it corrected or deleted. You can still request a copy of your medical records — from May 2018 this will be free of charge.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).