ENFIELD HEALTHCARE COOPERATIVE LTD (EHCL)

PRIVACY NOTICE

We understand how important it is to keep your personal data safe and secure and we take this very seriously. We have taken steps to make sure your personal data is looked after in the best possible way and we review this regularly.

Please read this privacy notice (‘Privacy Notice’) carefully, as it contains important information about who we are and how we collect, store, use and share your personal data. This privacy Notice also explains your rights in respect of your personal data.

 

WHY WE ARE PROVIDING THIS PRIVACY NOTICE

We are required to provide you with this Privacy Notice by Law. It explains how we use any personal data we may collect, store and hold about you. If you are unclear about how we process or use your personal data, or you have any questions about this Privacy Notice or any other issue regarding your personal data then please do contact our NCL CCG DPO Steve Durbin at dpo.ncl@nhs.net, or 020 8142 3936.

THE LAW SAYS:

  • We must let you know why we collect personal data about you;
  • We must let you know how we use any personal data we hold on you;
  • We need to inform you in respect of what we do with it;
  • We need to tell you about who we share it with or pass it on to and why; and
  • We need to let you know how long we can keep it for.

ABOUT US

We are Enfield Healthcare Co-operative Ltd (EHCL), a GP Federation, registered office situated at Unit 4 Sterling Court Yard, Sterling way, Borehamwood, Herts WD6 2RX, Company Number 10892687.

As part of our function as a GP federation we hold contracts and funding awarded to us by the North Central London Integrated Care Board (who are the commissioning body for the Enfield borough) in order to support the delivery of high-quality primary and community care services that are equitably and consistently accessible to patients.

We are the Data Controller of your personal data. This means we are responsible for collecting, storing and handling your personal data.

There may be times where we also process your personal data. That means we use it under instruction from another organisation for a particular purpose and, therefore, on those occasions we are a Data Processors Commonly, this is where we provide services to GPs in the area.

SOME KEY TERMS USED IN THIS PRIVACY NOTICE:

  • We, Us, Our means EHCL
  • Personal data means any information that relates to an identified or identifiable individual
  • Data Protection Lead means Steve Durbin, Data Protection Officer.

PERSONAL DATA WE COLLECT FROM YOU

When you deal with us by telephone or email or when you contact us via our website we may collect information from you which will include:

  • Your name
  • Your Practice name/address
  • Your role/job description
  • Your personal mobile number
  • Your email address

Where we hold contracts and funding awarded to us by NCL ICB, we will enter into arrangements with a sub-contractor whereby they will access collect, store, use, disclose, maintain or process any patient identifiable data on our behalf. In these circumstances, although we will not have access to your personal data we will ensure that we have the right data sharing agreements in place to ensure that your information is secure and protected and only used for the purposes of the contracted services.

In the event that a sub-contractor wishes to appoint another sub-contractor, then it shall not be permitted to do so without our consent. In these circumstances, we will ensure that any further sub- contractor is obliged to meet the same compliance conditions in order to safeguard your information.

WHAT WE USE YOUR PERSONAL DATA FOR

The data we collect about you is added to a contact list held on nhs.net domain (outlook) and we will only use this personal data when we send out email communications about the services (including training and events) we provide to you.

WHO WE SHARE YOUR PERSONAL DATA WITH

Where we use third parties to process or use your personal data (i. e where that third party performs services on our behalf), we will ensure we have a robust agreement in place which makes it clear that the third party must comply with The UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and any other data protection legislation.

Any personal data that a third party may receive about you from us will only be used in a manner that is consistent with the aims of EHCL.

Sometimes, we are required to provide information to the commissioners (NCL ICB or NHSE). This means that although we do not deliver on any commissioned services we may have to audit the services provided on our behalf. We always ensure we have appropriate arrangements and agreements in place to audit and we ensure that we only use the information for the purposes of that audit. Any information we pass to the commissioners is anonymised or pseudo-anonymised.

We do not share your personal data with any other third parties unless we have obtained your consent.

DIRECT MARKETING

We do not conduct any direct marketing.

LEGAL BASIS FOR COLLECTING AND USING YOUR PERSONAL DATA

Under data protection legislation we can only collect and use your personal data if we have a proper reason in law to do so.

We have a legal basis to collect and use your personal data where either:

  • You have given us your consent. You are able to remove your consent at any time by contacting our Data Protection Lead (see contact details). Consent is not used as a basis for healthcare processing, but is used for matters such as cookies, mailing lists, etc.
  • There is a public interest in our delivery of services, specifically health and care on behalf of our member GP practices or the Integrated Care Board. We also use special categories of personal data for this purpose, and this is under the legal basis of delivery of health and care services.
  • We have a legitimate interest to do so, that is to say, where we have an expected business or commercial reason to use your personal data bearing in mind the role we are engaged to perform on your behalf. Irrespective of this, we still make sure we only use your information for the purposes of fulfilling our obligations as your GP Federation as long as this is not overridden by your rights and interests
  • We have a contract with you e.g. you are an employee or contractor.
  • Where the Law obliges us to provide your information to an organisation.

YOUR RIGHTS

You have the following rights, which you can exercise free of charge. To exercise any of these rights, please email our DATA PROTECTION LEAD, Steve Durbin at dpo.ncl@nhs.net.

ACCESS AND SUBJECT ACCESS REQUESTS

You have the right to see what personal data we hold about you and to request a copy of this information.

We will provide this information free of charge however, we may in some limited and exceptional circumstances have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive.

We have one month to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing and it is made clear to us what and how much information you require.

RECTIFICATION

We want to make sure that your personal data is accurate and up to date. You have the right to require us to correct any mistakes in any personal data we hold about you.

ERASURE (OR THE RIGHT TO BE FORGOTTEN)

You have the right to ask us to delete your personal data, in certain situations.

OBJECTION

You have the right to object in certain circumstances to our continued use of your personal data and you have the right to object at any time to your personal data being processed.

RESTRICTION OF PROCESSING

You may ask us to restrict the use of your personal data in certain circumstances such as when you are contesting the accuracy of the personal data we hold about you.

DATA PORTABILITY

You have the right to receive from us the personal data you provided in a structured and commonly used and machine readable format and you usually have the right to ask us to transmit your personal data to a third party.

HOW LONG WE KEEP YOUR PERSONAL DATA FOR

We carefully consider any personal data we store about you, and we will not keep your personal data for longer than is necessary for the purposes as set out in this Privacy Notice. Our use and retention of health information follows the NHS Records Management Code of Practice.

COMPLAINTS

If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal data, then please contact our Data Protection Officer Steve Durbin at dpo.ncl@nhs.net, telephone number, 020 8142 3936.

You also have the right to raise any concern or complaint with the UK information regulator, at the Information Commissioner’s Office: https://ico.org.uk/.

OUR WEBSITE

The only website this Privacy Notice applies to is EHCL’s website. If you use a link to any other website from our website then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.

COOKIES

Our website uses cookies. For more information on which cookies we use and how we use them, please see our Cookies Policy.

SECURITY

We take the security of your personal data very seriously and we do everything we can to ensure that your data is always protected and secure. We regularly update our processes and systems and we also ensure that our staff are properly trained. We also carry out assessments and audits of the information that we hold about you and make sure that if we provide any other services, we carry out proper assessments and security reviews.

We store data both electronically and in paper format. These are stored securely on encrypted computers, cloud services and on site at Evergreen PCC.

CCTV/TELEPHONE RECORDINGS

We do not use telephone recordings or CCTV.

CHANGES TO OUR PRIVACY NOTICE

We regularly review and update our Privacy Notice and when we do, we will inform you on the home page of our website. This Privacy Notice was last updated on 12/12/2023.