- Our Data Protection Registration Number is 17011-A
- Please contact John Scurr at [email protected] with any questions or request about the personal information we process.
- We are committed to protecting your rights to privacy. They include
- Right to be informed about what we do with your personal data;
- Right to have a copy of all the personal information we process about you;
- Right to rectification of any inaccurate data we process, and to add to the information we hold about you if it is in complete;
- Right to be forgotton and your personal data destroyed
- Right to restrict the processing of your personal data;
- Right to object to the processing we carry out based on our legitimate interest;
The personal data we process, why we process it and where it comes from and the legal basis for doing so.
- We process the personal data of patients who attend our clinic or patients for whom we receive referral letters from General Practitioners and Consultants and also personal data of the General Practitioners and Consultants.
- The Personal Data may include
- Names, contact details and dates of birth
- Financial details and bank details
- Information about race, ethnic origin and sex
- Medical/Health information
- The personal data is generally provided by the patient or by the referring clinician.
- We process data because it is in our legitimate interests as a Medical Practice providing a medical service to do so. We need to see and analyse information in order to be able to treat patients and invoice patients and insurance companies
- In relation to any special category personal data, such as health records or information concerning race, ethnic origin or sex, we rely on the legal claims basis for processing this data, in addition to our legitimate interest.
- In many cases an individual has consented to the transfer of their personal data to us. Where an individual has consented, he or she may easily withdraw it by notifying John Scurr on [email protected].
Other personal data
- We also process personal data pursuant to our legitimate interests in running our business such as;
- Invoices and receipts
- Accounts, VAT and tax returns
- Insurance policies and related documents
- As an employer we process personal data further to contracts of employment with our employees. The information includes;
- Names, addresses and contact details
- Pay and bank details, pay slips, PAYE numbers
- Curriculum Vitae, contracts of employment, references and appraisals
- Health information (in reliance on the occupational health exemption contained in the Data Protection act 2018).
- Finally we run a client relationship management system. Any personal data on the system can be withdrawn at any time by contacting John Scurr.
- Personal data is retained indefinitely unless we receive a request to destroy it
- Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC and the VAT commissioner.
- Personal data relating to employees who have left our employment is also retained for up to six years as necessary. This is the time limit for bringing a breach of contract claim.
Whom do we share personal data with?
- We share personal data internally strictly on a need to know basis.
- We do not share personal data with anyone external to the organisation other than with
- Referring clinicians and GP’s
- Insurance Companies
- Hospitals if we have to arrange admissions and procedures
- HMRC and the VAT Commissioner as they require
- Outsourced services providers such as shredding facilities subject to GDPR compliant written contracts.
- Our accounts
If you have any concerns about the way your personal information has been processed, please contact John Scurr above.