General Data Protection Regulation (GDPR) – Privacy Notice
Who we are
South Coast Fatigue is an independent healthcare provider and our registered address is Lancaster Court, 8 Barnes Wallis Road, Fareham, Hampshire PO15 5TU. We are approved by the NHS to provide Chronic Fatigue Syndrome/ME services to NHS clients. We also provide interventions to private clients.
The purpose of this notice
South Coast Fatigue has a legal duty to explain how we use any personal information we collect about you, as a client at the practice.
What information do we collect about you?
We will collect information such as personal details, including name, address, next of kin, records of appointments, visits, e-mails, telephone calls, your health records, treatment and medications, test results, etc. and any other relevant information to enable us to deliver effective healthcare.
How we will use your information
Your personal data is collected on the basis of legitimate interest, for the purpose of providing direct care to you.
For your benefit, we may need to share information from your records with other organisations such as your GP, Social Services, the Department of Work and Pensions, your employer (where requested by you) or other healthcare organisations. However, we will not disclose any health information to third parties without your explicit consent (“Consent to Share”), unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires the disclosure of information.
To comply with its contractual obligations, this practice may share anonymised data with the Clinical Commissioning Group. This may include demographic data, such as date of birth, and information about treatment outcomes.
South Coast Fatigue will not share or use your data for marketing purposes.
Processing your information in this way and obtaining your consent where appropriate ensures that we comply with Articles 6(1)(e), Articles 6(1)(f) and 9(2)(h) of the GDPR 2018.
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR) 2018, the Data Protection Act 2008, the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO) and our professional bodies.
Information is retained in secure electronic and paper records and access is restricted to only those who need to know. All staff are required to undertake annual training in data protection, confidentiality, IT/cyber security and good practice on the keeping of healthcare records.
Your information will not be sent outside of the European Economic Area (EEA) where the laws do not protect your privacy to the same extent as the law in the UK.
In accordance with the NHS Codes of Practice for Records Management, your healthcare records will be retained for 8 years after you are discharged from the practice.
You have a right to access the information we hold about you. If you would like to access this information, you will need to complete a Subject Access Request (SAR). Please contact us and we will give you further information or visit https://ico.org.uk/for-the-public/personal-information/ for instructions on how to make an SAR. Should you identify any inaccuracies, you have a right to have certain inaccurate data corrected. You also have a right to object to your information being shared; please contact a member of staff who will be able to explain how this may affect your care.
What to do if you have any questions
1. Contact the practice’s data controller via email at firstname.lastname@example.org.
2. Write to the data controller at the practice address.
3. Telephone the practice and ask to speak to the Managing Director Fran Hill or the Business Manager Liz Toy. Telephone: 01489 668109. Complaints
In the first instance we would ask that you contact us directly to discuss your concerns but in the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO. For further details, visit ico.org.uk and select ‘Raising a concern’.