How we use your information
At Cheam GP Centre we're committed to protecting and respecting your privacy.
This policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
Any questions relating to this policy and our privacy practices should be sent to:
020 8644 0224
Our Commitment to Data Privacy
We are committed to protecting your privacy and will only process personal confidential data in accordance with the General Data Protection Act (GDPR).
Cheam GP Centre is the Data Controller under the terms of the General Data Protection Act. We are therefore legally responsible for ensuring that all personal information that we process i.e. hold, obtain, record, use or share about you, is done in compliance with the GDPR.
Everyone working for the NHS has a legal duty to keep information about you confidential. All of our staff receive appropriate training to ensure they are aware of their personal responsibilities and have contractual obligations to uphold confidentiality, enforceable through disciplinary procedures.
Our Legal Basis for Processing
We will only use and process your personal data for:
We will not use your personal data for an unrelated purpose without informing you and the legal basis that we intend to rely on for processing it.
Information we hold about you
Information you give us
You may provide us with personal information through your use of this website. This may include:
‘Identifiable’ personal data that can be used to directly or indirectly identify the person. This can include but is not limited to name, address and email address.
‘Special categories’ personal data (sensitive personal data) relating to racial or ethnic origin, religious or philosophical beliefs and data concerning health or medical conditions.
Information we collect about you.
We may automatically collect the following information about your visit. This information will not identify you, it relates to:
‘Google Analytics’ collects technical information, including your browser type and version, time zone setting, operating system and platform and the pages you visits.
How will your information be used
Your personal information will only be used for the purpose of which it was originally given by the individual. For example any information you provide via an online request through the website will only be processed for that request and will not be used for any other reason.
Your information will never be used for marketing or profiling without your explicit consent.
You have certain legal rights, including a right to have your information processed fairly and lawfully and a right to access any personal confidential data we hold about you.
Right to be informed
You have the right to be informed about the collection and use of your data.
You also have the right to be notified of a data security breach concerning your personal data.
Right of access
You have the right to access any of your personal data that is being processed together with supplementary information. If we do hold information about you we will:
Right to be forgotten
You have the right to have your personal data erased. This right is not guaranteed and applies only in certain circumstances.
Right to restrict
You have the right to request the restriction of your personal data from being processed. This will restrict any ongoing processing but not erase any data we hold.
Right to rectification
You have the right to have inaccurate personal data rectified or completed if it is incomplete.
Right to object
You have the right to object to data processing of the information we hold about you, where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
Rights in relation to automated decision making and profiling
The website does not make any automated decisions or profiling with your personal data.
How to make a request
Requests must be made in writing to Cheam GP
The information we will require when you make a request is your name, address, contact telephone number and date of birth and a description of the request.
We will respond within a reasonable period and no later than one calendar month.
Personal data processed for any purpose via this website shall not be kept for longer than is necessary for that purpose.
We do not share or sell your personal information to any third parties outside the NHS.
We would not share information that identifies you unless we have a fair and lawful basis such as:
Processing outside the UK
Your personal information will not be sent outside the United Kingdom.
The practice uses the services of the additional data processors, who will provide additional expertise to support the work of the Practice.
We have entered into contracts with other organisations to provide some services for us or on our behalf.
These organisations are known as “data processors”.
These organisations are subject to the same legal rules and conditions for keeping personal confidential data and secure and are underpinned by a contract with us.
Before awarding any contract, we ensure that organisations will look after your information to the same high standards that we do. Those organisations can only use your information for the service we have contracted them for and cannot use it for any other purpose.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
To make a complaint or bring concerns to our attention, please contact us in writing:
The information we will require when you make a complaint will be:
If you have any questions about this policy or how we handle your data please do not hesitate to contact us at:
0208 644 0224
Monitoring and Review
We regularly review and, where necessary, update this notice at least annually.
If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.