Pendleside Medical Practice

Facebook Instagram
Menu

Patient Privacy Notice

Updated: 15 October 2025

1. Introduction

Pendleside Medical Practice has a legal duty to explain how we use any personal information we collect about you as a registered patient. Staff at this practice maintain records about your health and the treatment you receive in both electronic and paper formats.

2. How we use your personal information

Being transparent and providing accessible information to patients about how we will use your personal information is a key element of the UK General Data Protection Regulation (UK GDPR).

This notice explains your rights under data protection law and how your GP Practice will use your information for lawful purposes to deliver your care and manage NHS services effectively. It applies to the use of information for:

– The management of patient records
– Communication concerning your clinical, social and supported care
– Ensuring quality of care and best clinical outcomes through audit and review
– Participation in health and social care research
– The management and clinical planning of services

3. Data Controller

As your registered GP practice, Pendleside Medical Practice is the data controller for any personal data we hold about you. NHS England may also act as a data controller for certain national services, such as the GP Connect system.

4. What information do we collect and use?

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

– UK General Data Protection Regulation (UK GDPR)
– Data Protection Act 2018
– Human Rights Act 1998
– Common Law Duty of Confidentiality
– Health and Social Care Act 2012
– NHS Codes of Confidentiality and Information Security

Personal data means any information relating to an identifiable person. This includes name, date of birth, address, next of kin and NHS Number. Special category data includes information about your medical history, medications, appointments, results, ethnicity and other health information needed to provide care.

5. Why do we collect this information?

Under the NHS Act 2006 and the Health and Social Care Act 2012, GP practices have statutory functions to promote and provide healthcare in England, improve quality, conduct research, and deliver training. To do this, we process your data lawfully in order to:

– Protect your vital interests
– Pursue our legitimate interests as a healthcare provider
– Perform tasks in the public interest
– Deliver preventative medicine and medical diagnosis
– Manage the health and social care system and services

6. How do we use this information?

Your data is collected for the purpose of providing direct patient care. We may disclose this information if required by law, with your consent, or if justified in the public interest. When supporting medical research, we will always seek your explicit consent unless the law allows otherwise.

7. Who will we share your information with?

To deliver and coordinate your health and social care, we may share information with organisations such as:

– NHS Trusts / Foundation Trusts
– GP practices
– Independent contractors (dentists, opticians, pharmacists)
– Private and voluntary sector providers
– Social care services and local authorities
– NHS England and NHS Digital
– Ambulance services, community and mental health teams
– Police, fire and judicial services (where legally required)

We also share data securely through national NHS systems such as GP Connect to support your direct care. Your information will only be shared when appropriate and lawful.

8. How do we maintain the confidentiality of your records?

We are committed to protecting your privacy and comply with the UK GDPR, NHS Codes of Confidentiality and Security, and guidance from the Information Commissioner’s Office (ICO). All staff receive annual data protection training and only have access to your information when necessary for their role.

9. How long do we keep your information?

In accordance with the NHS Records Management Code of Practice 2021, healthcare records are retained for 10 years after a patient’s death or, if a patient emigrates, for 10 years after the date of emigration.

10. Your rights

You have rights under data protection law, including the right to access your information, request corrections, object to processing, and withdraw consent where applicable. To exercise these rights, please contact the practice.

11. Contact information

If you have questions about this notice or how we use your data, please contact:
Practice Manager: Daniel Lord (Deputy: Sue Askew)
Data Protection Officer: Hayley Gidman, Lancashire and South Cumbria ICB
Email: mlcsu.dpo@nhs.net

12. Complaints

If you believe we have not complied with data protection law, you can raise your concern with the Practice Manager. If you remain dissatisfied, you can contact the Information Commissioner’s Office (ICO) at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or online at www.ico.org.uk.

13. Review

This Privacy Notice is reviewed annually or sooner if regulations or practice operations change.

Next review due: October 2026.