Privacy notices

IGPR

We use a processor, iGPR Technologies Limited (“iGPR”), to assist us with responding to report requests relating to your patient data, such as subject access requests that you submit to us (or that someone acting on your behalf submits to us) and report requests that insurers submit to us under the Access to Medical Records Act 1988 in relation to a life insurance policy that you hold or that you are applying for. iGPR manages the reporting process for us by reviewing and responding to requests in accordance with our instructions and all applicable laws, including UK data protection laws. The instructions we issue to iGPR include general instructions on responding to requests and specific instructions on issues that will require further consultation with the GP responsible for your care. To guarantee GDPR compliance, we have a data processing agreement explicitly stating that the processor processes information solely in accordance with our instructions and does not retain any data.

eConsult

The Practice has engaged a specialised online consultation supplier – approved to NHS England technical standards – which has gone through stringent scrutiny, achieving all necessary requirements to provide online consultations. NHS England, on your GP’s behalf, contracts with the supplier and acts as a joint system controller with your GP. However, NHS England will not receive any personal information, so your GP remains responsible for this data, ensuring that any provided data to use this service is for online consultation purposes only.

The UK GDPR and The Data Protection Act 2018 (the data protection laws) protect individuals with regard to the processing of personal data. The organisation providing this service is eConsult Health Ltd. (eConsult), who will act as a personal data processor under the data protection laws.

When accessing the service, NHS England is a controller jointly with GPs and eConsult is a processor for GPs, managed through the joint controller relationship that NHS England established with GPs and continues to maintain.

Please note that if you access our service using your NHS login details the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. To see NHS login’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.

Diabetes related data

The Practice shares your diabetes related data with the Diabetic Eye Screening Programme operated by Health Intelligence (commissioned by NHS England). This supports your invitation for eye screening (where you are eligible and referred by the Practice) and ongoing care by the screening programme. This data may be shared with any Hospital Eye Services you are under the care of to support further treatment and with other healthcare professionals involved in your care, for example your Diabetologist.

For further information, take a look at Health Intelligence’s Privacy Notice on the diabetic eye screening website: www.desphiow.co.uk