Privacy & Data Protection Policy

1. Introduction

We are committed to protecting the privacy and security of your personal data. This policy explains what personal information we collect, why we collect it, how we use it, how we store it, with whom we share it, and your rights in relation to your personal data under the UK GDPR and Data Protection Act 2018.

This policy applies to individuals whose data we process as part of providing care, treatment, services, or other interactions with our practice, whether in person, by phone, email or via our website.

2. Who We Are

Fareham Road Surgery is the data controller for the personal information collected and processed in connection with our services.

The individual responsible for ensuring compliance with data protection requirements is our Data Protection Officer (DPO):

Name: Samantha Hannah

3. What Personal Information We Collect

We may collect personal data including, but not limited to:

• Identity information: name, date of birth, gender
• Contact information: address, telephone numbers, email address
• Health information: medical, treatment or care records (if applicable)
• Financial information: payment records, billing information
• Other data: your preferences and communications with us

We only collect data that is necessary and relevant for the purpose for which it was obtained.

4. Why We Use Your Personal Data & Legal Basis

We process your personal data for the following purposes:

• To provide and manage your care, treatment, or services
• To communicate with you, including appointment reminders
• To meet our contractual obligations to you
• To comply with legal and regulatory requirements
• For quality assurance and improvement, including surveys
• With your consent, for marketing or promotional communications

Under UK GDPR, the lawful bases for processing include performance of a contract, legal obligation, vital interests, public task, and your consent where required. For special category health data, we rely on additional legal grounds for processing under UK GDPR and Data Protection Act 2018.

5. How We Use Your Information

We use your information to:

• Provide safe, effective care and services
• Communicate with you about appointments and administrative matters
• Meet legal and financial obligations
• Participate in healthcare networks or authorised data sharing systems
• Improve treatment and service quality via audits or research (with consent if required)

Where we use your contact details for marketing or newsletters, we will only do so with your explicit consent.

6. Sharing Your Information

Your personal data will normally only be accessed by our authorised staff. We may share information with:

• Other healthcare professionals involved in your care
• NHS bodies or statutory health agencies
• Hospitals, clinics, or specialists when necessary
• Payment processors, auditors, insurers
• Legal or regulatory authorities as required by law

We limit the information shared to what is strictly necessary and only on a lawful basis.

7. Storage and Security of Your Data

We take appropriate technical and organisational steps to keep your information secure, including:

• Secure servers, encrypted systems, and backups
• Restricted access for authorised personnel only
• Policies and training to protect data from unlawful access or disclosure

Records are retained only for as long as required for legal, regulatory, or service purposes. You may request deletion of non-essential items where possible.

8. Your Rights

You have the following rights under UK GDPR:

• Right to access copies of your personal data
• Right to correct inaccurate or incomplete data
• Right to erasure (in certain circumstances)
• Right to restrict or object to processing
• Right to withdraw consent where relevant
• Right to data portability where applicable

To exercise any of these rights, please contact our DPO at the details above. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data is being misused.

9. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in law, technology, or organisational practice. The most recent version will always be published here.