We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Herne Hill Group Practice
Privacy Statement
How we use your information at Herne Hill Group Practice
We’re committed to protecting and respecting your privacy. This policy explains when and why we collect personal information about people who visit our website, how we use it, and the conditions under which we may disclose it to others and how we keep it secure.
Any questions relating to this relating to this policy and our privacy practices should be sent to:
Herne Hill Group Practice, 74 Herne Hill, London SE24 9QP.
Telephone: 020 7274 3314
Our Commitment to Data Privacy
We are committed to protecting your privacy and will only process personal confidential data in accordance with the General Data Protection Act (GDPR).
Herne Hill Group Practice is the Data Controller under the terms of the General Data Protection Act. We are therefore legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you, is done in compliance with the GDPR.
Everyone working for the NHS has a legal duty to keep information about you confidential. All of our staff receive appropriate training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.
Our Legal Basis for Processing
We will only use and process your personal data for:
- Performing a contract or service between us
- If it is necessary for our legitimate interests and only if your interests and rights do not override ours
We will not use your personal data for an unrelated purpose without informing you and the legal basis that we intend to rely on for processing it.
Information we hold about you
Information you give us:
You may provide us with personal information through your use of this website. This may include:
- ‘Identifiable’ personal data that can be used to directly or indirectly identify the person. This can include but is not limited to name, address and email address.
- ‘Special categories’ personal data (sensitive personal data) relating to racial or ethnic origin, religious or philosophical beliefs and data concerning health or medical conditions.
Information we collect about you
We may automatically collect the following information about your visit. This information will not identify you, it relates to:
- ‘Google Analytics’ collects technical information, including your browser type and version, time zone setting, operating system and platform and the pages you visit.
- ‘Cookies’ are stored while you are using this site. We use cookies to recognise your computer when you visit our website to improve the website’s usability. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them please visit the All About Cookies website
How will your information be used
Your information will only be used for the purpose of which it was originally given by the individual. For example any information you provide via an online request through the website will only be processed for that request and will not be used for any other reason.
Your information will never be used for marketing or profiling with your explicit consent.
Your Rights
You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any personal confidential data we hold about you.
- Right to be informed: You have the right to be informed about the collection and use of your data. You also have the right to be notified of a data security breach concerning your personal data.
- Right of access: You have the right to access any of your personal data that is being processed together with supplementary information. If we do hold information about you, we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information in a plain readable format
- Right to be forgotten: You have the right to have your personal data erased. This right is not guaranteed and applies only in certain circumstances.
- Right to restrict: You have the right to request the restriction of your personal data from being processed. This will restrict any ongoing processing but not erase any data we hold.
- Right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete.
- Right to object: You have the right to object to data processing of the information we hold about you, where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
- Rights in relation to automated decision making and profiling: The website does not make any automated decisions or profiling with your personal data.
How to make a request
Requests must be made in writing to Herne Hill Group Practice, 74 Herne Hill, London SE24 9QP
The information we will require when you make a request is your name, address, contact telephone number and date of birth and a description of the request. We will respond within a reasonable period and no later than one calendar month.
Data Retention
Personal data processed for any purpose via this website shall not be kept for longer than is necessary for that purpose.
ACR project for patients with diabetes (and/or other conditions)
The data is being processed for the purpose of delivery of a programme, sponsored by NHS Digital, to monitor urine for indications of chronic kidney disease (CKD) which is recommended to be undertaken annually for patients at risk of chronic kidney disease e.g., patients living with diabetes. The programme enables patients to test their kidney function from home.
We will share your contact details with Healthy.io to enable them to contact you and send you a test kit. This will help identify patients at risk of kidney disease and help us agree any early interventions that can be put in place for the benefit of your care.
Healthy.io will only use your data for the purposes of delivering their service to you. If you do not wish to receive a home test kit from Healthy.io we will continue to manage your care within the Practice. Healthy.io are required to hold data we send them in line with retention periods outlined in the Records Management code of Practice for Health and Social Care.
Further information about this is available on their website.
Third Parties
We do not share or sell your personal information to any third parties outside of the NHS. We would not share information that identifies you unless we have a fair and lawful basis such as:
- you have given us permission
- to protect children and vulnerable adults
- when a formal court order has been served upon us
and/or
- when we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
- emergency planning reasons such as protecting the health and safety of others
- when permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals
Processing outside the UK
Your personal information will not be processed outside the United Kingdom.
Other organisations that support the website
The practice uses the services of the additional data processors, who will provide additional expertise to support the work of the Practice.
We have entered into contracts with other organisations to provide some services for us or on our behalf.
These organisations are known as “data processors”.
These organisations are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.
Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.
Complaints
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
To make a complaint or bring concerns to our attention, please contact us in writing:
Herne Hill Group Practice, 74 Herne Hill, London SE24 9QP
The information we will require when you make a complaint will be:
- Your name, address and contact telephone number, and those of the person you may be complaining for; including their date of birth and NHS number.
- A summary of what has happened, giving dates where possible.
- A list of things that you are complaining about.
- What you would like to happen as a result of your complaint.
Contact
If you have any questions about this policy or how we handle your data please do not hesitate to contact us at:
Herne Hill Group Practice, 74 Herne Hill, London SE24 9QP
Tel: 020 7274 3314
Monitoring and Review
We regularly review and, where necessary, update this notice at least annually.
If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.