Privacy Statement


How we use your information at Herne Hill Group Practice

We’re committed to protecting and respecting your privacy. This policy explains when and why we collect personal information about people who visit our website, how we use it, and the conditions under which we may disclose it to others and how we keep it secure.

Any questions relating to this relating to this policy and our privacy practices should be sent to:

Herne Hill Group Practice, 74 Herne Hill, London SE24 9QP.

Telephone: 020 7274 3314


Our Commitment to Data Privacy

We are committed to protecting your privacy and will only process personal confidential data in accordance with the General Data Protection Act (GDPR).

Herne Hill Group Practice is the Data Controller under the terms of the General Data Protection Act. We are therefore legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you, is done in compliance with the GDPR.

Everyone working for the NHS has a legal duty to keep information about you confidential. All of our staff receive appropriate training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.


Our Legal Basis for Processing

We will only use and process your personal data for:

  • Performing a contract or service between us
  • If it is necessary for our legitimate interests and only if your interests and rights do not override ours

We will not use your personal data for an unrelated purpose without informing you and the legal basis that we intend to rely on for processing it.


Information we hold about you

Information you give us:

You may provide us with personal information through your use of this website. This may include:

  • ‘Identifiable’ personal data that can be used to directly or indirectly identify the person. This can include but is not limited to name, address and email address.
  • Special categories’ personal data (sensitive personal data) relating to racial or ethnic origin, religious or philosophical beliefs and data concerning health or medical conditions.

Information we collect about you

We may automatically collect the following information about your visit. This information will not identify you, it relates to:


How will your information be used

Your information will only be used for the purpose of which it was originally given by the individual.  For example any information you provide via an online request through the website will only be processed for that request and will not be used for any other reason.

Your information will never be used for marketing or profiling with your explicit consent.


Your Rights

You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any personal confidential data we hold about you.

  • Right to be informed: You have the right to be informed about the collection and use of your data. You also have the right to be notified of a data security breach concerning your personal data.
  • Right of access: You have the right to access any of your personal data that is being processed together with supplementary information. If we do hold information about you, we will:
    • give you a description of it
    • tell you why we are holding it
    • tell you who it could be disclosed to
    • let you have a copy of the information in a plain readable format
  • Right to be forgotten: You have the right to have your personal data erased. This right is not guaranteed and applies only in certain circumstances.
  • Right to restrict: You have the right to request the restriction of your personal data from being processed. This will restrict any ongoing processing but not erase any data we hold.
  • Right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete.
  • Right to object: You have the right to object to data processing of the information we hold about you, where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
  • Rights in relation to automated decision making and profiling: The website does not make any automated decisions or profiling with your personal data.

How to make a request

Requests must be made in writing to Herne Hill Group Practice, 74 Herne Hill, London SE24 9QP

The information we will require when you make a request is your name, address, contact telephone number and date of birth and a description of the request. We will respond within a reasonable period and no later than one calendar month.


Data Retention

Personal data processed for any purpose via this website shall not be kept for longer than is necessary for that purpose.


Third Parties

We do not share or sell your personal information to any third parties outside of the NHS. We would not share information that identifies you unless we have a fair and lawful basis such as:

  • you have given us permission
  • to protect children and vulnerable adults
  • when a formal court order has been served upon us


  • when we are lawfully required to report certain information to the appropriate authorities e.g. to prevent fraud or a serious crime
  • emergency planning reasons such as protecting the health and safety of others
  • when permission is given by the Secretary of State or the Health Research Authority on the advice of the Confidentiality Advisory Group to process confidential information without the explicit consent of individuals

Processing outside the UK

Your personal information will not be processed outside the United Kingdom.


Other organisations that support the website

The practice uses the services of the additional data processors, who will provide additional expertise to support the work of the Practice.

We have entered into contracts with other organisations to provide some services for us or on our behalf.

These organisations are known as “data processors”.

These organisations are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.

Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.



We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.

To make a complaint or bring concerns to our attention, please contact us in writing:

Herne Hill Group Practice, 74 Herne Hill, London SE24 9QP

The information we will require when you make a complaint will be:

  • Your name, address and contact telephone number, and those of the person you may be complaining for;  including their date of birth and NHS number.
  • A summary of what has happened, giving dates where possible.
  • A list of things that you are complaining about.
  • What you would like to happen as a result of your complaint.


If you have any questions about this policy or how we handle your data please do not hesitate to contact us at:

Herne Hill Group Practice, 74 Herne Hill, London SE24 9QP

Tel: 020 7274 3314


Monitoring and Review

We regularly review and, where necessary, update this notice at least annually.

If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.