All Polices

Privacy Notice

This privacy notice tells you what to expect us to do with your personal information when you contact us or use our services.

Our contact details

Name: St Mary Cray Practice
Address: 322 High Street, St Mary Cray, Orpington, BR5 4AR
General phone number: 01689820523
General inquiries email address: selicb.reception-smcpractice@nhs.net
Website: St Mary Cray Practice – 322 High Street, Orpington, Kent, BR5 4AR | Tel: 01689 820523

We are the controller for your information. A controller decides on why and how information is used and shared.

Data Protection Officer contact details

Our Data Protection Officer is John Eni-Uwubame  (SEL DPO) and is responsible for monitoring our compliance with data protection requirements. You can contact them with queries or concerns relating to the use of your personal data at john.eni-uwubame@selondonics.nhs.uk.

How do we get information and why do we have it?

The personal information we collect is provided directly from you for one of the following reasons:

  • you have provided information to seek care – this is used directly for your care, and also to manage the services we provide, to clinically audit our services, investigate complaints, or to be used as evidence as part of an investigation into care
  • you have sought funding for continuing health care or personal health budget support
  • Completing reports for benefits applications, insurance reports or reports for DVLA/HMRC
  • you have applied for a job with us or work for us
  • you have signed up to our newsletter/patient participation group
  • you have made a complaint

We also receive personal information about you indirectly from others, in the following scenarios:

  • from other health and care organisations involved in your care so that we can provide you with care
  • from family members/friends/neighbours or carers to support your care

What information do we collect?

Personal information

We currently collect and use the following personal information:

  • personal identifiers and contacts (for example, name, address and contact details, details of next of kin)
  • photographic identity (photo ID), proof of address

More sensitive information

We process the following more sensitive data (including special category data):

  • data concerning physical or mental health (for example, details about your appointments or diagnosis)
  • data revealing racial or ethnic origin
  • data concerning a person’s sex life
  • data concerning a person’s sexual orientation
  • genetic data (for example, details about a DNA sample taken from you as part of a genetic clinical service)
  • data revealing religious or philosophical beliefs if declared by yourself
  • data relating to criminal or suspected criminal offences in some instances

Who do we share information with?

We may share information with the following types of organisations:

  • third party data processors (such as IT systems suppliers)
  • planners of health and care services (such as Integrated Care Boards)
  • Secondary Care Providers (hospital services for referrals or attendances)
  • Community care providers such as Bromley Healthcare
  • Social Services when appropriate
  • Third Sector voluntary services when appropriate

In some circumstances we are legally obliged to share information. This includes:

  • when required by NHS England to develop national IT and data services
  • when registering births and deaths
  • when reporting some infectious diseases
  • when a court orders us to do so
  • where a public inquiry requires the information

We will also share information if the public good outweighs your right to confidentiality. This could include:

  • where a serious crime has been committed
  • where there are serious risks to the public or staff
  • to protect children or vulnerable adults

We may also process your information in order to de-identify it, so that it can be used for purposes beyond your individual care whilst maintaining your confidentiality.  These purposes will include to comply with the law and for public interest reasons.

What is our lawful basis for using information?

Personal information

Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for using personal information is:

(a) We have your consent – this must be freely given, specific, informed and unambiguous.

(b) We have a contractual obligation – between a person and a service, such as a service user and privately funded care home.

(c) We have a legal obligation – the law requires us to do this, for example where NHS England or the courts use their powers to require the data. See this list for the most likely laws that apply when using and sharing information in health and care.

(e) We need it to perform a public task – a public body, such as an NHS organisation or Care Quality Commission (CQC) registered social care organisation, is required to undertake particular activities by law. See this list for the most likely laws that apply when using and sharing information in health and care.

(f) We have a legitimate interest – for example, a private care provider making attempts to resolve an outstanding debt for one of its service users.

More sensitive data

(h) Health or social care (with a basis in law)

(i)  Public health (with a basis in law)

Under UK GDPR, the lawful basis we rely on for using information that is more sensitive (special category):

(b) We need it for employment, social security and social protection reasons (if authorised by law). See this list for the most likely laws that apply when using and sharing information in health and care.

(f) We need for a legal claim or the courts require it.

(g) There is a substantial public interest (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(h) To provide and manage health or social care (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(i) To manage public health (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

(j) For Archiving, research and statistics (with a basis in law). See this list for the most likely laws that apply when using and sharing information in health and care.

Common law duty of confidentiality

In our use of health and care information, we satisfy the common law duty of confidentiality because:

  • you have provided us with your consent (we have taken it as implied to provide you with care, or you have given it explicitly for other uses)
  • we have support from the Secretary of State for Health and Care following an application to the Confidentiality Advisory Group (CAG) who are satisfied that it isn’t possible or practical to seek consent
  • we have a legal requirement to collect, share and use the data
  • for specific individual cases, we have assessed that the public interest to share the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime). This will always be considered on a case by case basis, with careful assessment of whether it is appropriate to share the particular information, balanced against the public interest in maintaining a confidential health service

How do we store your personal information?

Your information is securely stored for the time periods specified in the Records Management Code of Practice.

  • securely dispose of your information by shredding paper records, or wiping hard drives to legal standards of destruction

What are your data protection rights?

Under data protection law, you have rights including:

  • Your right of access
    You have the right to ask us for copies of your personal information (known as a subject access request).
  • Your right to rectification
    You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure
    You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing
    You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing
    You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability
    You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at selicb.reception-smcpractice@nhs.net if you wish to make a request.

Automated decision making

We may use your information to make automated decisions without human involvement, which could have substantial impact on a person, for example in staff recruitment or staff rostering. We may also use profiling, which refers to the use of personal data to predict things such as an individual’s health.

We use the following automated decision making and profiling:

National data opt-out

  • we are applying the national data opt-out because we are using confidential patient information for planning or research purposes

The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety
  • planning services

This may only take place when there is a clear lawful basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential health and care information is only used like this when allowed by law.

Whenever possible data used for research and planning is anonymised, so that you cannot be identified and your confidential information is not accessed.

You have a choice about whether you want your confidential information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

How do I complain?

If you have any concerns about our use of your personal information, you can make a complaint to us at selicb.reception-smcpractice@nhs.net.

Following this, if you are still unhappy with how we have used your data, you can then complain to the ICO.

The ICO’s address is:

Information Commissioner’s Office
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

Date of last review: 25.06.2025

Accessing someone else’s information

Accessing someone else’s information

As a parent, family member or carer, you may be able to access services for someone else. We call this having proxy access. We can set this up for you if you are both registered with us.

To requests proxy access:

  • collect a proxy access form from reception from 10am to 6pm

Linked profiles in your NHS account

Once proxy access is set up, you can access the other person’s profile in your NHS account, using the NHS App or website.

The NHS website has information about using linked profiles to access services for someone else.

Privacy Notice – Accurx

As part of the Digital First National programme of work, GP Practices are required to provide a tool for patients to access primary care services.

The aim of the Accurx platform is to improve communications between healthcare staff and patients resulting in improved outcomes and productivity. The platform facilitates digital communications between the practice and our patients.
Using the Accurx platform will require the processing of special category data by Accurx, their sub-processors and by default the GP Practice as a Controller. This will include; exchanging and storing messages in relation to patients and medical staff, performing video consultations (these will not be recorded or stored) between healthcare staff and their patients This will allow you to respond to the Practice in multiple ways such as; free text, questionnaires and submitting images/documents.

If you have a non-urgent healthcare concern or need to contact the Practice for any medical or admin reason, click on the online via our website or via NHS app or via NHS website. Fill out the online form, which will then be reviewed and processed by our healthcare professionals to decide the right care for you. We will respond to online requests within 2 working days for medical queries and 5 working days for admin queries.

Accurx is approved by NHS England to be used by GP practices and the other systems involved in patient care. NHS England has a lengthy assurance process to make sure they meet the highest standards of safety and security. Your data is safe and is shared only with your GP Practice for the purposes of your direct care. Your data is stored and sent securely using industry best practices, and Accurx only collect the data that is necessary to allow your GP Practice to provide you with care.

The Practice uses the following Accurx features:

·         Online consultations

·         Video consultations

·         AccuMail

·         SMS

·         Friends and Family test

·        Record Views

The Accurx privacy notice can be found on their website here: Accurx | Privacy Policy.
1) Controller

contact details

 

 

 St Mary Cray Practice

 
2) Data Protection Officer contact details GP Data Protection Officer

gpdpo@selondonics.nhs.uk
3) Purpose of the processing The aim of the Accurx platform is to improve communications between healthcare staff and patients resulting in improved outcomes and productivity. The platform facilitates digital communications between the practice and our patients.
4) Lawful basis for processing Under UK GDPR and DPA 2018 –

6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.

9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’
5) Recipient or categories of recipients of the shared data Data may be shared with Accurx, and their sub-processors such as cloud services used for Accurx’ own storage, communications, security, engineering, and similar purposes.
6) Rights to object You have the right under Article 21 of the UK GDPR to object to your personal information being processed. Please contact the Practice if you wish to object to the processing of your data. You should be aware that this is a right to raise an objection which is not the same as having an absolute right to have your wishes granted in every circumstance.
7) Right to access and correct You have the right to access copies of the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law.
8) Retention period The data will be retained for active use during the processing and thereafter according to NHS Policies and the law.
9)  Right to Complain. You have the right to complain to us about the way your data is handled or processed. To so, please contact the Practice using the following details:

 

St Mary Cray Practice

322 High Street, St Mary Cray, Orpington, Kent BR5 4AR

 

If you remain unsatisfied with our response, you have a right to complain to the Information Commissioner’s Office. To do so, you can use this link https://ico.org.uk/make-a-complaint/data-protection-complaints/ or call their helpline

Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

There are National Offices for Scotland, Northern Ireland and Wales, (see ICO website).

 

 

How We Use Your Information

To Provide You with Treatment

Doctors need to make notes about any diagnosis, test results, treatments including drugs prescriptions, and other information that you may provide, that seems relevant to the treatment of your condition. We need to keep this information in order to provide proper care for you (for later treatment, or if you should be seen by another doctor) and to allow others to check the treatment that you have received.

Nurses and other health professionals also need access to these records, and will add their own notes, as part of the overall healthcare provision. Secretaries, receptionists, and other clerical staff need access to some of your records in order to do administrative tasks, such as: booking appointments and communicating with you and other parts of the NHS.

Your doctor may also need to provide information under certain Acts of Parliament (e.g. the Communicable Diseases Act 1978, which is necessary to prevent the outbreak of certain highly contagious diseases) to protect you and others.

The Health Service

In order to manage the NHS, some restricted information concerning treatments, drugs prescribed, numbers of patients seen etc. is needed, and hospitals and general practices must provide this information in returns to various central bodies. This information has personal details such as your name and address removed wherever possible. It is necessary from time to time to check these returns to prevent fraud as part of the NHS’s statutory obligations. This may result in your being contacted by an NHS Fraud Office to see if you will consent to your records being checked. Only if you provide your consent will the auditors be allowed to access your records.

Teaching Clinicians

Some medical files are needed to teach student clinicians. Without such materials, new doctors and nurses would be not be properly prepared to treat you.

Planning

We need to be able to plan ahead about treatments, patient numbers, etc., but this uses summary information, not personal information.

Medical Research

Some medical research will require your direct involvement (especially if taking part in clinical trials) in which case the circumstances will be fully explained to you, and your express consent required. If you do not consent, then you will not be included in the trial.

Other researchers only require access to medical statistics, and can greatly improve our understanding of health, and how to treat patients more effectively. Generally, researchers only need information about groups of people, so that no individual information is apparent. In some cases, they need individual records, but wherever we can we will provide these in an anonymous form (so individuals cannot be identified). Sometimes, researchers need access to individual medical files. We will contact you first for your consent (and before this the researchers must present their case before an Ethics Committee to check that their research is appropriate and worthwhile). Rarely, it may not be practicable (or even possible) to contact individuals for their consent, in which case the researchers must make their case before a Confidentiality Committee to show that there is enough benefit to the public at large to justify this.

How do we manage your information?

We need to be able to move electronic information from system to system, extracting the data and modifying it for the next system. Occasionally, tests will need to be made on the data to check that it has been transferred correctly. This will only be done under carefully controlled conditions and all employees and contractors will be under strict contractual obligations to protect your confidentiality.

General Data Protection Regulation

GP surgeries in Bromley work hard to provide the public and patients with clear and accurate information relating to how their personal information is used. Privacy Notices are put in place on the Bromley Clinical Commissioning Group website to inform service users of these uses of data by your GP surgery.

Please find further information regarding privacy notices here.

GP Earnings

All GP practices are required to declare the mean earnings (e.g. average pay) for GPs working to deliver NHS services to patients at each practice.

The average pay for GPs working at the practice in the last financial year was £51346 before tax and National Insurance. 

Please note:
NHS England require that the net earnings of doctors engaged in the practice is publicised, and the required disclosure is shown above.  However it should be noted that the prescribed method for calculating earnings is potentially misleading because it takes no account of how much time doctors spend working in the practice, and should not be used to form any judgement about GP earnings, nor to make any comparison with any other practice.

Chaperones

The Surgery prides itself in maintaining professional standards. For certain examinations during consultations an impartial observer (a “Chaperone”) will be required.

This impartial observer will be a practice Nurse, Health Care Assistant or a member of our reception team who is familiar with the procedure and be available to reassure and raise any concerns on your behalf. If a nurse in unavailable at the time of your consultation then your examination may be re-scheduled for another time.

You are free to decline any examination or chose an alternative examiner or chaperone. You may also request a chaperone for any examination or consultation if one is not offered to you. The GP may not undertake an examination if a chaperone is declined.

The role of a Chaperone:

• Maintains professional boundaries during intimate examinations.

• Acknowledges a patient’s vulnerability.

• Provides emotional comfort and reassurance.

• Assists in the examination.

• Assists with undressing patients, if required.

Confidentiality

What do we record?

Information about you, your medical treatment, and family background may be recorded, either on paper or in computer files, as part of providing you with health services. This information is vital to the proper operation of the NHS, and is needed to give you and others the best possible healthcare.

What you can do?

Please read the rest of this notice in order to better understand how we use medical information about you. For further details please see information leaflet entitled “Your Information” displayed in the Practice or ask receptionist for details.

Other Agencies

The NHS is not the only government service to provide you with care, and it will be necessary for us to provide other agencies with appropriate information, but only with your consent (or that of your relatives if you are too ill).

How do we protect your information?

The sensitivity of patient information is well understood within the NHS. All staff and contractors are trained to respect their duty of confidentiality to you. We keep paper and electronic records securely to prevent unauthorised access or misuse. Wherever practicable, we also remove references to personal details such as your name and address, and often restrict it further to reduce the chances of anyone identifying a record as relating to you.

Other questions?

You can have a say in how the NHS uses information about you. If you want to find out more or have any concerns you can phone NHS Direct on 0845 4647 and request a booklet giving more details; go online at www.nhs.uk\confidentiality; or you can contact the Patient Liaison Team at the following address: Bromley PCT, Bassetts House, Broadwater Gardens, Orpington, Kent BR6 7UA. Tel. No. 01689 853339

Freedom of Information

The ICO has published a new Model Publication Scheme that all public authorities are required to adopt by 1st January 2009.

Model Publication Scheme – further information

How information about you helps us to provide better care.

Confidential information from your medical records can be used by the NHS to improve the services offered so we can provide the best possible care for everyone. This information along with your postcode and NHS number  but not your name, are sent to a secure system where it can be linked with other health information. This allows those planning NHS services or carrying out medical research to use information from different parts of the NHS in a way which does not identify you. You have a choice. If you are happy for your information to be used in this way you do not have to do anything. If you have any concerns or wish to prevent this from happening, please see the leaflet “How information about you helps us to provide better care” in the waiting Room.

Useful Websites

Disability Access

Disability Access

If you have any special needs please let our staff know so that we can help and ensure you get the same support in the future.

Wheelchair access

Our premises have easy access, wide corridors, no steps, and a toilet for the disabled.

If you have any difficulty in using our facility do please ask a member of staff who will be pleased to assist you.

Disabled Parking – Blue Badge Scheme

The Blue Badge scheme is for people with severe mobility problems. It allows Blue Badge holders to park close to where they need to go.

Loop System

We have a loop induction system please ask reception for more details. For more information on the loop hearing system visit Hearing Link website.

• British Deaf Association

• The Deaf Health Charity – SignHealth

• Action Hearing Loss

• Royal Association for Deaf People

• National Deaf Children’s Society

Blind/Partially Sighted

If you or family members are blind or partially sighted we will try our best to provide them for you. If we cannot provide such leaflets we will be very happy to explain and research information that you require. Just ask at reception and staff will either help directly or pass your request on to the Practice Manager.

For more advice and support for blind people please see the following websites:

• Royal National Institute of Blind People (RIND)

• Action for Blind People

• Blind.org.uk

• British Blind Sport

Guide Dogs

Guide dogs are welcome at the surgery with a bowl of water available upon request.

Other Disability Websites

• BID Services

• Disability Go

• Disabled People, your Rights, Benefits, Carers and the Equality Act

• Disability Rights UK

• Living with a Disability NHS Choice

• Disability Action

• Mencap

Freedom of Information

The Freedom of Information Act creates a right of access to recorded information and obliges a public authority to:

• Have a publication scheme in place

• Allow public access to information held by public authorities.

The Act covers any recorded organisational information such as reports, policies or strategies, that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland, however it does not cover personal information such as patient records which are covered by the Data Protection Act.

Public authorities include government departments, local authorities, the NHS, state schools and police forces.

The Act is enforced by the Information Commissioner who regulates both the Freedom of Information Act and the Data Protection Act.

The Surgery publication scheme

A publication scheme requires an authority to make information available to the public as part of its normal business activities. The scheme lists information under seven broad classes, which are:

• who we are and what we do

• what we spend and how we spend it

• what our priorities are and how we are doing it

• how we make decisions

• our policies and procedures

• lists and registers

• the services we offer

You can request our publication scheme leaflet at the surgery.

Who can request information?

Under the Act, any individual, anywhere in the world, is able to make a request to a practice for information. An applicant is entitled to be informed in writing, by the practice, whether the practice holds information of the description specified in the request and if that is the case, have the information communicated to him. An individual can request information, regardless of whether he/she is the subject of the information or affected by its use.

How should requests be made?

Requests must:

• be made in writing (this can be electronically e.g. email/fax)

• state the name of the applicant and an address for correspondence

• describe the information requested.

What cannot be requested?

Personal data about staff and patients covered under Data Protection Act.

For more information see these websites:

• Legislation GOV.UK

• Information Commissioners Office