Keeping your data safe

This website privacy policy describes how The Roxton Practice obtains, stores and makes use of the information you provide when using or interacting with our website, www.roxtonportal.co.uk If you are asked to provide information when using this website, it will only be used in the ways described in this privacy policy. This policy is updated from time to time. The latest version is published on this page. This website privacy policy was updated on: 20.03.2020

If you have any questions about this policy write to: The Roxton Practice, Pilgrim Primary Care Centre, Pelham Road, Immingham, N.E Lincolnshire, DN40 1JW

Introduction

We gather and use certain information about individuals in order to provide healthcare services and to enable certain functions on this website.

We also collect information to better understand how visitors use this website and to present timely, relevant information to them.

Data collection

We collect different types of information for various purposes to provide and improve our service to you.

Personal Data

While using our website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Cookies and Usage Data

We do not store any personal medical data on this website. All of the information that you enter on the form is sent by email to a secure NHS mail account. Only your surgery has access to this email account. The data is then transferred to your medical notes and stored there. All data that you enter onto a form on our website is immediately deleted as soon as it is sent to your practice’s NHS mail account.

 

Usage Data

We may also collect information how the website is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

This site may use cookies or browser tracking technologies to provide a better overall user experience. This information allows us to continue modifying the site to meet end user browser types, operating systems, and frequency of visits. Personal information cannot be collected by these methods unless expressly provided by the end user. Aggregate cookie and tracking information may be shared with third parties.

A “cookie” is a small text file that’s stored on your computer, tablet or phone when you visit a website.

Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.

We use cookies (and sometimes other similar technologies) to:

  • Monitor your use on our website and gather analytics to help us improve your browsing experience
  • Remember your preferences to personalise your visit
  • Identify whether you are signed in to our website
  • Personalise our website and display information relevant to you
  • Help us improve the usability of our website

Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.

Cookies on this website
Cookie Provider Description Expiration
First-party cookies
cookiesAcknowledged The Roxton Practice Remembers choice to hide cookie policy notification, only set when notification has been acknowledged. 6 months.
Third-party cookies
_ga Google Used to distinguish users. 2 years from set/update.
_gat Google Used to throttle request rate. 10 minutes from set/update.
_dc_gtm Google Used to help identify the visitors by either age, gender, or interests. 10 minutes from set/update.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

How we use this data

Direct Care and Administrative Purposes

All   health and adult social care providers are subject to the statutory duty to process information about a patient for their direct care. This would also include

•  Preventive or occupational medicine,
•  Medical diagnosis,
•  The provision of health care or treatment,
•  The provision of social care, or
•  The management of health care systems or services
•  Waiting list management
•  Performance against national targets
•  Local clinical audit
•  Patient feedback and service improvement

The lawful basis for processing personal information is: 6(1)(e)   ‘…for the performance of a task carried out in the public interest or in the exercise of official authority…’

The lawful basis for processing personal data is: 9(2)(h)   ‘…medical diagnosis, the provision of health or social care or treatment or   the management of health or social care systems…’

Safeguarding

Some members of society are recognised as needing protection, for example children and vulnerable adults. If a person is identified as being at risk from harm we are expected as professionals to do what we can to protect them. In addition we are bound by certain specific laws that exist to protect individuals. This is called “Safeguarding”.

Where there is a suspected or actual safeguarding issue we will share information that we hold with other relevant agencies whether or not the individual or their representative agrees. The purpose of the processing is to protect the child or vulnerable adult.

The lawful basis for processing personal information is:  6(1)(c) ‘…necessary for compliance with a legal obligation…

The lawful basis for processing personal data is: 9(2)(b) ‘…is necessary for the purposes of carrying out the obligations and exercising the specific rights of the controller or of the data subject in the field of …social protection law in so far as it is authorised by Union or Member State law..’

Other information:

  • This sharing is a legal and professional requirement and therefore there is no right to object.
  • The data will be shared with local safeguarding services

Controlling your data

When you fill in a form or provide your details on our website, you will see one or more tick boxes allowing you to:

  • Opt-in to receive  communications from us by email, telephone, text message or post
  • Opt-in to receive communications from our third-party partners by email, telephone, text message or post

If you have agreed that we can use your information to signpost you to other NHS services  you can change your mind easily, via one of these methods:

  • Send an email to nel.b81039@nhs.net 
  • Write to us at: The Roxton Practice, Pilgrim Primary Care Centre, Pelham Road, Immingham, N.E Lincolnmailto:nelccg.roxtonpractice@nhs.netshire, DN40 1JW

We will not sell, distribute or lease your personal information to third parties unless we have your permission.
However, there are special situations in which we may need to share access to your Personal Information without your explicit consent. For example;

  • To comply with a legal obligation
  • To prevent or investigate possible wrongdoing in connection with the website
  • To protect the personal safety of users of the website or the public
  • To protect against legal liability

You may request details of personal information which we hold about you under the Data Protection Act 2018.  If you would like a copy of the information held on you please write to: The Roxton Practice, Pilgrim Primary Care Centre, Pelham Road, Immingham, N.E Lincolnshire, DN40 1JW

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible at the above address. We will promptly correct any information found to be incorrect.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 2018.

We protect your information in the following ways:

Training

Staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of patient information both on our premises and when out in the community. Staff must undertake annual mandatory training in information governance and data security awareness.

DSP Toolkit

All NHS providers are required to complete an annual assessment of compliance with Data Protection and Security. Details of the assessments can be found here. https://www.dsptoolkit.nhs.uk/organisationsearch

Access controls

Any member of staff being given access to national systems holding patient information will need a special access card called a smartcard, along with a username and password. Many of our local systems also require smartcard access.

Audit trails

We keep a record in the newer electronic record systems of anyone who has accessed a health record or added notes to it. Some of the older computer systems only record who has amended a record.

Investigation

If you believe your information is being viewed inappropriately we will investigate and report our findings to you. If we find that someone has deliberately accessed records about you without permission or good reason, we will tell you and take action. This can include disciplinary action, or bringing criminal charges.

Records Management

All healthcare records are stored confidentially in a secure location.

Caldicott Guardian

Within each NHS organisation there is a designated person named the ‘Caldicott Guardian’ whose responsibility it is to ensure that these laws are upheld.

 

Links from our site

Our website may contain links to other websites.

Please note that we have no control of websites outside the roxtonportal.co.uk domain. If you provide information to a website to which we link, we are not responsible for its protection and privacy.

Always be wary when submitting data to websites. Read the site’s data protection and privacy policies fully.