We understand how important it is to keep your personal data safe and secure and we take this very seriously. We have taken steps to make sure your personal data is looked after in the best possible way and we review this regularly.
Please read this privacy notice (‘Privacy Notice’) carefully, as it contains important information about who we are and how we collect, store, use and share your personal data. This privacy Notice also explains your rights in respect of your personal data.
We are required to provide you with this Privacy Notice by Law. It explains how we use any personal data we may collect, store and hold about you. If you are unclear about how we process or use your personal data, or you have any questions about this Privacy Notice or any other issue regarding your personal data then please do contact our NCL CCG DPO Steve Durbin at dpo.ncl@nhs.net, or 020 8142 3936.
We are Enfield Healthcare Co-operative Ltd (EHCL), a GP Federation, registered office situated at Unit 4 Sterling Court Yard, Sterling way, Borehamwood, Herts WD6 2RX, Company Number 10892687.
As part of our function as a GP federation we hold contracts and funding awarded to us by the North Central London Integrated Care Board (who are the commissioning body for the Enfield borough) in order to support the delivery of high-quality primary and community care services that are equitably and consistently accessible to patients.
We are the Data Controller of your personal data. This means we are responsible for collecting, storing and handling your personal data.
There may be times where we also process your personal data. That means we use it under instruction from another organisation for a particular purpose and, therefore, on those occasions we are a Data Processors Commonly, this is where we provide services to GPs in the area.
When you deal with us by telephone or email or when you contact us via our website we may collect information from you which will include:
Where we hold contracts and funding awarded to us by NCL ICB, we will enter into arrangements with a sub-contractor whereby they will access collect, store, use, disclose, maintain or process any patient identifiable data on our behalf. In these circumstances, although we will not have access to your personal data we will ensure that we have the right data sharing agreements in place to ensure that your information is secure and protected and only used for the purposes of the contracted services.
In the event that a sub-contractor wishes to appoint another sub-contractor, then it shall not be permitted to do so without our consent. In these circumstances, we will ensure that any further sub- contractor is obliged to meet the same compliance conditions in order to safeguard your information.
The data we collect about you is added to a contact list held on nhs.net domain (outlook) and we will only use this personal data when we send out email communications about the services (including training and events) we provide to you.
Where we use third parties to process or use your personal data (i. e where that third party performs services on our behalf), we will ensure we have a robust agreement in place which makes it clear that the third party must comply with The UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and any other data protection legislation.
Any personal data that a third party may receive about you from us will only be used in a manner that is consistent with the aims of EHCL.
Sometimes, we are required to provide information to the commissioners (NCL ICB or NHSE). This means that although we do not deliver on any commissioned services we may have to audit the services provided on our behalf. We always ensure we have appropriate arrangements and agreements in place to audit and we ensure that we only use the information for the purposes of that audit. Any information we pass to the commissioners is anonymised or pseudo-anonymised.
We do not share your personal data with any other third parties unless we have obtained your consent.
We do not conduct any direct marketing.
Under data protection legislation we can only collect and use your personal data if we have a proper reason in law to do so.
We have a legal basis to collect and use your personal data where either:
You have the following rights, which you can exercise free of charge. To exercise any of these rights, please email our DATA PROTECTION LEAD, Steve Durbin at dpo.ncl@nhs.net.
You have the right to see what personal data we hold about you and to request a copy of this information.
We will provide this information free of charge however, we may in some limited and exceptional circumstances have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive.
We have one month to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing and it is made clear to us what and how much information you require.
We want to make sure that your personal data is accurate and up to date. You have the right to require us to correct any mistakes in any personal data we hold about you.
You have the right to ask us to delete your personal data, in certain situations.
You have the right to object in certain circumstances to our continued use of your personal data and you have the right to object at any time to your personal data being processed.
You may ask us to restrict the use of your personal data in certain circumstances such as when you are contesting the accuracy of the personal data we hold about you.
You have the right to receive from us the personal data you provided in a structured and commonly used and machine readable format and you usually have the right to ask us to transmit your personal data to a third party.
We carefully consider any personal data we store about you, and we will not keep your personal data for longer than is necessary for the purposes as set out in this Privacy Notice. Our use and retention of health information follows the NHS Records Management Code of Practice.
If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal data, then please contact our Data Protection Officer Steve Durbin at dpo.ncl@nhs.net, telephone number, 020 8142 3936.
You also have the right to raise any concern or complaint with the UK information regulator, at the Information Commissioner’s Office: https://ico.org.uk/.
The only website this Privacy Notice applies to is EHCL’s website. If you use a link to any other website from our website then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.
Our website uses cookies. For more information on which cookies we use and how we use them, please see our Cookies Policy.
We take the security of your personal data very seriously and we do everything we can to ensure that your data is always protected and secure. We regularly update our processes and systems and we also ensure that our staff are properly trained. We also carry out assessments and audits of the information that we hold about you and make sure that if we provide any other services, we carry out proper assessments and security reviews.
We store data both electronically and in paper format. These are stored securely on encrypted computers, cloud services and on site at Evergreen PCC.
We do not use telephone recordings or CCTV.
We regularly review and update our Privacy Notice and when we do, we will inform you on the home page of our website. This Privacy Notice was last updated on 12/12/2023.
Copyright © 2019 Enfield GP Federation All rights reserved. | Designed by Logicsofts