Patient Privacy Notice

This Privacy Notice explains what information we collect about you, how we store this information, how long we retain it and with whom and for which legal purpose we may share it.

Bollington Medical Centre holds a number of policies covering Information Governance and Data Protection, links to which can be found at the bottom of this page.


Who we are?

Bollington Medical Centre employs more than 40 staff who are involved in the provision of care for its patients in the Bollington, Kerridge, Rainow, Adlington, Tytherington and Prestbury area.

Our Practice is registered with the Information Commissioner’s Office (ICO) to process   personal and special categories of information under the Data Protection Act   2018 (subject to parliamentary approval) and our registration number is Z6323778.

Further information about our organisation can be found on other pages of this website.

Why we collect personal information   about you? The staff caring for you need to collect and  maintain information about your health, treatment and care, so that you can   be given the best possible care. This   personal information can be held in a variety of formats, including paper records,   electronically on computer systems, in video and audio files.

What is our legal basis for   processing personal information about you?

Any personal information we hold about you is   processed for the purposes of ‘provision   of health or social care or treatment or the management of health of social   care systems and services under chapter 2, section 9 of the Data   Protection Act 2018 (subject to parliamentary approval).

For further   information on this legislation please visit:

What   personal information do we need to collect about you and how do we obtain it?

Personal information about you is collected in a number of ways. This can be from referral   details from our staff, other 3rd parties or hospitals, directly from you or your authorised representative.

We will likely hold the following basic personal   information about you: your name, address (including correspondence),  telephone numbers, date of birth, next of kin contacts, etc. We might also hold your email address, marital status, occupation, overseas status, place of birth and preferred   name or maiden name.

In addition to the above, we may hold sensitive personal information about you  which could include:

  • Notes  and reports about your health, treatment and care, including:

-       your medical conditions

-       results of investigations, such as x-rays and laboratory tests

-        future care you may need

-        personal information from people who care for and know you, such as relatives     and health or social care professionals

-      other personal information such as smoking status and any learning disabilities

  • Your religion and ethnic origin
  • Whether or not you are subject to any protection orders regarding your health,        wellbeing and human rights (safeguarding status).

It is important for us to have a complete picture of   you as this will assist staff to deliver appropriate treatment and care plans   in accordance with your needs.

What do we   do with your personal information?

What we   may do with your personal information.

Your records are used to directly, manage and deliver healthcare to you to ensure that:

  • The staff involved in your care have accurate and up to date information to assess and advice on the most appropriate care for you.
  • Staff have the information they need to be able to assess and improve the quality and type of care you receive.
  • Appropriate information is available if you see another healthcare professional, or are referred to a specialist or another part of the NHS, social care or health provider.

The  personal information we collect about you may also be used to:

  • Remind you about your appointments and send you relevant correspondence.
  • review the care we provide to ensure it is of the highest standard and quality, e.g. through audit or service improvement;
  • support the funding of your care, e.g. with commissioning organisations;
  • prepare statistics on NHS performance to meet the needs of the population or for the Department of Health and other regulatory bodies;
  • help to train and educate healthcare professionals;
  • report and investigate complaints, claims and untoward incidents;
  • report events to the appropriate authorities when we are required to do so by law;
  • review your suitability for research study or clinical trial
  • contact you with regards to patient satisfaction surveys relating to services you have used within our hospital so as to further improve our services to patients

Where  possible, we will always look to anonymise/ pseudonymise your personal   information so as to protect patient confidentiality, unless there is a legal   basis that permits us to use it and we will only use/ share the minimum   information necessary.

Who do we share your information with and   why?

We may need to share relevant personal information with other NHS organisations.   For example, we may share your information for healthcare purposes with   health authorities such as NHS England, Public Health England, NHS trusts,  other general practitioners (GPs), ambulance services, primary care agencies, etc. We will also share information with other parts of the   NHS and those contracted to provide services to the NHS in order to support   your healthcare needs.

We may need to share information from your health records with other non-NHS organisations from which you are also receiving   care, such as Social Services or private care homes. However, we will not   disclose any health information to third parties without your explicit   consent unless there are circumstances, such as when the health or safety of   others is at risk or where current legislation permits or requires it.

There   are occasions where the Practice is required by law to share information provided   to us with other bodies responsible for auditing or administering public   funds, in order to prevent and detect fraud.

There may also be situations where we are under a duty to share your information, due to a legal requirement. This includes, but is   not limited to, disclosure under a court order, sharing with the Care Quality   Commission for inspection purposes, the police for the prevention or   detection of crime or where there is an overriding public interest to prevent   abuse or serious harm to others and other public bodies (e.g. HMRC for the   misuse of public funds in order to prevent and detect fraud).

For any request to transfer your data internationally   outside the UK/EU, we will make sure that an adequate level of protection is   satisfied before the transfer.

The   Practice is required to protect your personal information, inform you of how  your personal information will be used, and allow you to decide if and how   your personal information can be shared. Personal information you provide to   the Practice in confidence will only be used for the purposes explained to   you and to which you have consented. Unless, there are exceptional   circumstances, such as when the health or safety of others is at risk, where   the law requires it or there is an overriding public interest to do so. Where there is cause to do this, the   Practice will always do its best to notify you of this sharing.

How we maintain your records

Your   personal information is held in both paper and electronic forms for specified   periods of time as set out in the NHS Records Management Code of Practice for Health and Social Care and National Archives Requirements.

We   hold and process your information in accordance with the Data Protection Act 2018 (subject to Parliamentary   approval) as amended by the GDPR 2016, as explained above. In addition, everyone working for the NHS   must comply with the Common Law Duty of Confidentiality and various national   and professional standards and requirements.  

We have a duty to:

  • maintain full and accurate records of the care we provide to you;
  • keep records about you confidential and secure;
  • provide information in a format that is accessible to you.

Use of Email - Some services in the Practice  provide the option to communicate with patients via email. Please be aware that the Practice cannot   guarantee the security of this information whilst in transit, and by   requesting this service you are accepting this risk.

What are your rights?

If we need to use your personal information for any   reasons beyond those stated above, we will discuss this with you and ask for   your explicit consent. The Data   Protection Act 2018 (subject to parliamentary approval) gives you certain  rights, including the right to:

  • Request access to the personal data we hold about you, e.g. in health records. The way in which you can access your own health records is further explained in our ‘Subject Access Request Policy.
  • Request the  correction of inaccurate or incomplete information recorded in our health records, subject to certain safeguards. This is also explained in our ‘Subject Access Request Policy’.
  • Refuse/withdraw consent to the sharing of your health records: Under the Data Protection Act 2018 (subject to parliamentary approval), we are authorised to process, i.e. share, your health records ‘for the management of healthcare systems and services’. Your consent will only be required if we intend to share your health records beyond these purposes, as explained above (e.g. research). Any consent form you will be asked to        sign will give you the option to ‘refuse’ consent and will explain how you can ‘withdraw’ any given consent at a later time. The consent form will also warn you about the possible consequences of such refusal/withdrawal.
  • Request your personal information to be transferred to other providers on certain occasions.
  • Object to the use of  your personal information: In certain circumstances you may also have  the right to ‘object’ to the processing (i.e. sharing) of your information where the sharing would be for a purpose beyond your care  and treatment (e.g. as part of a local/regional data sharing        initiative). This so called ‘‘Data Opt-out’ initiative, developed by Dame Caldicott, is set to commence in March 2018 and conclude in March 2020. Further information can be found on the following website:
  • We will always try to keep your information confidential and only share information when absolutely necessary.

If you wish to raise a complaint on how we have handled   your personal data, you can contact our Data Protection Officer who will investigate the matter.

Practice Information Governance Lead

Practice Data Protection Officer



Please contact Laura Beresford Clinical Quality & Research Manager at This email address is being protected from spambots. You need JavaScript enabled to view it.


NAME: Mr Craig Walker

ROLE: Head of Information Governance and Quality Assurance – Data Protection Officer

ADDRESS: St Helens & Knowsley Teaching Hospital Trust, Health Informatics Services, Alexandra Business
Park, Prescot Road, St Helens, WA10 3TP

CONTACT TEL: 0151 676 5698

EMAIL: This email address is being protected from spambots. You need JavaScript enabled to view it.


Information Commissioner’s Office

The   Information Commissioner’s Office (ICO) is the body   that regulates the Practice under Data Protection and Freedom of Information   legislation. If   you are not satisfied with our response or believe we are processing your   personal data not in accordance with the law you can complain to the ICO at:

Information Commissioner's Office

Wycliffe House

Water Lane




Tel:   0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national   rate number

Fax:   01625 524 510

Email:   This email address is being protected from spambots. You need JavaScript enabled to view it.

 Information Governance Policy