Privacy Notice

Spring Hill Practice - General Practice Privacy Notice

Reviewed: June 2025 by AP
Next review due: June 2026

Background

This practice’s primary purpose is to provide the best care possible for you. To do this, we need to collect, store, and share information about you. This privacy notice is designed to explain what happens to any personal data that you give us or any information concerning you that is collected by other organisations, for instance, if you attend an Accident and Emergency department. This includes how your data is held and/or processed by us.

This notice includes:

  • Who we are and how we use your information
  • The kinds of information we hold and how we process it
  • The legal grounds for processing your data, including when it is shared with others
  • What to do if your personal information changes
  • The length of time that your information is stored and retained by us
  • Information about your rights under the 2018 Data Protection Act, incorporating the UK GDPR
  • Information about what to do if you have a query or problem

Under the 2018 Data Protection Act, incorporating the UK GDPR, the practice is known as the Data Controller. As such, we are responsible for keeping your data up to date and accurate, as well as storing it safely and sharing it securely. If you have a problem or a question, you should contact the Practice Manager in the first instance. The Act also stipulates that public sector organisations should provide access to an independent Data Protection Officer, and their contact details are provided in the summary below.

The information we hold on you

Our practice keeps data on you relating to:

  • Who you are
  • Where you live
  • Your contact details
  • Your family
  • Details of your occupation and possibly your employer
  • Your habits
  • Your health problems and diagnoses
  • The reasons you seek help
  • Your appointments
  • Whether you have a carer
  • Where and when you are seen and by whom
  • Referrals to specialists and other health and social care providers
  • Tests, investigations, scans, treatments, and outcomes
  • Treatment history
  • Observations and opinions of other healthcare workers
  • Comments and aide memoires reasonably made by healthcare professionals

All health-related data is seen as a special category or sensitive data under the 2018 Data Protection Act, which means that it is shared and processed with particular care.

When registering for NHS care, all eligible patients receive a unique NHS Number stored in a national NHS Digital database.

Why do we hold and process your data?

We hold and process your data in order to provide you with direct care. Anonymised and pseudonymised data may also be used to:

  • Improve the quality and standard of care
  • Research and develop new treatments
  • Develop preventative treatments
  • Monitor patient safety
  • Plan future services

You have a choice regarding the use of identifiable confidential data for these purposes. If you wish to opt out, see the section titled “Data Opt-Outs and Your Right to Object.”

Who do we share information with?

Information may be shared, where necessary, with:

  • Clinicians within the practice
  • Pharmacies
  • Hospitals and specialists
  • Primary Care Networks
  • Social prescribing organisations
  • Other healthcare organisations involved in your care

The majority of patient data processing happens via our EMIS and EMIS HUB clinical systems.

We also share anonymised data with PCNs, City and Hackney Integrated Primary Care, and NHS England.

This practice does NOT share your data with insurance companies except by your specific instruction or consent.
Your data is NOT sold or used for marketing.

Communication with Patients

The practice will use your contact details to communicate with you about your care. Email and text messaging are preferred for speed and security. If you do not want to receive communication via these methods, please let us know.

We may use social media for communication with specific groups of patients. Patients can opt out at any time.

Safeguarding and the Caldicott Guardian

Information may be shared to safeguard children and vulnerable adults. The Caldicott Guardian oversees these decisions, which are final.

Medical Audits and Medicines Management

The practice conducts audit and medicines reviews internally or with external NHS bodies to provide the most appropriate and cost-effective treatment.

Risk Stratification

Electronic tools are used to assess risks and plan preventative care. You may opt out of automated processing where legally permitted.

Research and Planning

The practice uses anonymised or pseudonymised data for research and planning. Identifiable data is only used with your explicit consent unless required for COVID-19 public health purposes.

Data Opt-Outs and Your Right to Object

You cannot opt out of data sharing for direct care. You can opt out of:

  • NHS Digital collecting your pseudonymised data
  • Some processing of identifiable data for research or planning

Visit: www.nhs.uk/your-nhs-data-matters to view or change your preferences.

You may also submit a Type 1 opt-out to the practice.

To exercise the right to object:
Email: Itservicedesk.nelicb@nhs.net

How is your information stored?

Your medical record is stored via EMIS, a contracted NHS data processor.

How long is the information retained?

Your medical record is retained for your lifetime. When you move practice, it is transferred through PCSE.

Summary

Data Controller

Spring Hill Practice

Data Protection Officer

NHS North East London ICB
4th Floor, Unex Tower, 5 Station Rd, London E15 1DA
Tel: 0800 917 8607
Email: Itservicedesk.nelicb@nhs.net

Purpose of Processing

To deliver direct care and share relevant clinical information for treatment.

Lawful Basis

  • Article 6(1)(c) – Legal obligation
  • Article 6(1)(e) – Public task
  • Article 9(2)(h) – Health and social care

Recipients of Your Personal Data

Your data may be shared with:

  • GPs
  • Hospitals
  • Primary Care Network
  • Local GP provider organisations
  • NHS Commissioning Support Units
  • Social Care Services
  • HSCIC
  • Community Pharmacists
  • District Nurses
  • Dentists, opticians, pharmacists
  • Private and voluntary sector providers
  • Ambulance Trusts
  • Clinical Commissioning Groups
  • Local Authorities
  • Education Services
  • Fire and Rescue Services
  • Police & Judicial Services
  • Child Health Information Service
  • Substance misuse remote workers
  • London Coroner’s Service
  • Social Prescribers

Your Rights

Right to Object

Email: Itservicedesk.nelicb@nhs.net

Right to Access and Correction

You may request access to or corrections of your records.

Complaints

Email the Practice Manager: nelondonicb.springhillpractice@nhs.net
Or contact the ICO: ICO Contact

Data Processor Update

The full list of data processors, including INR Star, Anima, Accurx, Isla, CardioView, and Valida, remains unchanged and applies exactly as provided.

Spring Hill Practice

GP Surgery

Legal

Newsletter

  • General Practice Award 2023
Facebook X-twitter Instagram

© 2025 Spring Hill Practice. All rights reserved.

Scroll to Top