GDPR & Privacy Policy
This policy explains how Grove Road Surgery collects, stores, uses, and protects your personal information, in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
What We Collect
- Personal identifiers: name, date of birth, NHS number, address, phone, email
- Health information: medical history, test results, medication, allergies, referrals
- Administrative data: appointments, billing, communications
Legal Basis for Processing
We process your information because:
- It is necessary for providing healthcare (Article 6(1)(c) & 9(2)(h) UK GDPR)
- We have your consent where required (Article 6(1)(a))
- We must comply with legal obligations (Article 6(1)(c))
How We Use Your Information
- Deliver healthcare services and treatment
- Manage appointments, referrals, and follow-ups
- Notify you of health campaigns, reminders, or test results
- Conduct audits, research, or reporting for NHS England (in anonymised form where possible)
Data Sharing
- With NHS trusts, hospitals, and other health professionals involved in your care
- With authorised third parties for operational reasons (e.g., IT services, auditors)
- With public health authorities if required by law
See our data sharing policy for further information.
Retention & Security
- Records are kept securely according to NHS guidelines (paper and electronic)
- Only authorised staff have access, using secure systems
- Data is kept for the legally required period, then securely destroyed
Your Rights
- Access: request a copy of your records
- Rectification: ask us to correct inaccuracies
- Restriction: limit how we use your data in certain circumstances
- Erasure: request deletion, where legally allowed
- Objection: object to processing for direct marketing or research
- Data portability: request your information in a usable format
Contact
Data Protection Officer, Grove Road Surgery, 1 Grove Road, Tottenham, London N15 5HJ
Tel: 020 8800 9781
