đź“Ť 1 Hartland Way, Shirley, Croydon, CR0 8RG
Telephone: đź“ž 020 8777 7215
Sorry, we're currently closed. Please call NHS 111
Practice Update following latest NHS developments London Pharmacy opening hours for Summer Bank Holiday 26th August 2024 Practice Newsletter – Summer/Autumn 2024 Household Support Fund (HSF) Newsletter Winter-Spring 2023/24 Newsletter – Summer/Autumn 2023 GetUBetter APP – FREE, easy-to-use tool helping you to self-manage your muscle, bone, and joint (MSK) injuries and conditions. We are a Training Practice! Newsletter – Winter 2022/23 COVID 19 and Flu Vaccines Cervical Screening
Privacy Policy Statement (GDPR Compliant)
The Data Security and Protection Toolkit (DSPT) compliance for the year 2024/25 can be found here:
DSPT Toolkit Compliance 2024/25
Introduction
This Privacy Policy Statement explains what personal or company data we may collect and how we might use your data. It also explains reasons we may need to disclose your personal or company data to others and how we store your data securely.
Our website may contain links to other websites, which are provided for your convenience. We are only responsible for the privacy practices and security of this website and not external websites. You should therefore check any other linked website’s privacy policies.
This policy may be subject to change, so you are advised to check our website regularly for any further changes.
You can access our home page and browse our site without disclosing any personal or company data except for information automatically collected by cookies that we use.
Cookies on this website
We may send a small file to your computer when you visit our website. This will enable us to identify you on future visits and to track your movement within it for ‘user-friendly’ development purposes. We may use cookies to collect and store data and to link information stored by them with the personal or company data you supply to us.
Except for the use of cookies, we only collect information you specifically provide to us. You can set your computer browser to reject cookies, but this may impede your use of certain parts of this website.
Who are we?
We are SurgeryWeb, our core business is providing customised websites for medical centres and doctor’s surgeries, primarily within an NHS framework.
How the Law Protects You
Data protection laws (GDPR) state that we are only able to process personal or company data if we have valid reasons to do so. The basis for processing your personal or company data includes, but is not limited to, your consent, performance of a contract, to enable billing and to contact you for customer service purposes.
How Do We Collect Personal or Company Data From You?
We receive information about you, when you use our website, complete registration forms on our website and if you contact us by phone, email or otherwise in respect of any of our services.
Secure Hosting Facilities
This website is provided by SurgeryWeb and hosted by either TMZVPS within a UK data centre located in Maidstone, Kent, UK or a cloud based server provided by Amazon Web Servers (AWS).
Some of the data centre’s more notable security features are as follows:
Your personal or company data may automatically be collected when you use our website, including but not limited to, your IP address, device-specific information, server logs, device event information and location information.
What Type of Data Might We Collect From You?
The personal or company data that we may collect from you may include your name, address, email address, phone numbers and medical information submitted by online forms.
We may also retain records of your enquiries and correspondence, in the event you contact us.
How Do We Use Your Data?
We may use information about you in the following ways:
Retention Periods
We shall retain your data only for as long as necessary in accordance with applicable laws. Third party information, relating to patients, may be retained for up to 30 days only.
We assure you that your data shall only be used for the purposes stated herein.
Who Has Access to Your Personal or Company Data?
We process your data for administration, billing, support and the provision of services. Management and officers of SurgeryWeb may have access to your data for the process of conducting business related activities only.
Third Parties
We do not sell, rent or share your personal or company data to third parties for marketing, advertising or any other purposes.
We will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal or company data is secure and will not be used for any marketing purposes by any third parties.
We may need to share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal or company data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings.
Similarly, we may share your personal or company data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of SurgeryWeb, or others.
Your Rights
Under data protection legislation (GDPR), you have several rights regarding the use of your personal or company data, as follows:
The Right of Confirmation and Access
You have the right to obtain confirmation from the data controller appointed by SurgeryWeb, as to whether or not personal or company data concerning you is being processed or stored. You also have the right to request a copy of this information. You have the right to be informed of the appropriate safeguards relating to any transfer of your data to any international company.
Right to Rectification and Erasure (Right to be Forgotten)
You have the right to ask us to correct any inaccurate data or to complete any incomplete personal or company data that we may hold. You have the right to request that we erase your personal or company data without delay where one of the statutory grounds applies, so long as the processing is not necessary. If you request us to erase your personal or company data, then this means that our business relationship with you will end as we cannot provide our service without processing your data.
Right of Restriction of Processing/Right to Object
You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal or company data concerning you. You also have the right to restrict the processing of your personal or company data under certain circumstances, including if you have contested its accuracy and while this is being verified by us, or if you have objected to its processing and while we are considering whether we have legitimate grounds to continue to do so.
Right of Data Portability
You have the right for certain data you have given us to be provided to you in a structured and commonly used electronic format (for example, a MS document, XLS file), so that you can move, copy or transfer this data easily to another data controller. You may also request that we transmit this data directly to another organisation where it is practical for us to do so.
Automated Individual Decision-Making, Including Profiling
You have the right not to be subjected to a decision, based solely on automated processing, including profiling. We do not process any personal or company data in this way.
How to Exercise Your Rights
If you wish to contact us in respect of any of your rights as described above, please contact the Practice – We will respond to your request free of charge and usually within 30 days.
How to Complain About the Use of Your Data
If you wish to complain about how we have handled your personal or company data, including any of the rights outlined above, please contact the Practice.
Accessing and Updating Your Data
You must ensure all your details, including but not limited to, name, address, phone number and email address are kept up to date at all times. All changes should be notified to us directly.
Where We Store Your Personal or Company Data
All information you provide to us is stored on our secured, GDPR compliant system, which is protected by firewalls and anti-virus software programs. From time to time, your information may be transferred to and stored on other storage media and kept securely at our business premises. By providing your data to us, you agree to this transfer and storage.
Please note: As the transmission of information via the internet and email is not completely secure, we cannot guarantee the security of your data during transmission, therefore any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
All sensitive data are encrypted and fully protected.
Liability
We agree to take all reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions.
Data Breaches
In the event of a data breach, we shall ensure that our obligations under applicable GDPR data protection and UK Privacy laws are complied with, which may include, and is not limited to, notifying the Relevant Supervisory Authority.
Contact Us
Please contact us with any questions or comments you have about privacy issues.
Data Protection Officer
We have appointed a Data Protection Officer to ensure that we continuously process your personal or company data in an open, accurate and legal manner. If you have any questions about the processing of your personal or company data, please contact our Data Protection Officer at the Practice.
Your Right to Make a Complaint
You have the right to make a complaint about how we process your personal or company data to:Â https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
This notice was last updated on 20/09/2022. Should any information provided within this policy be subject to change then this page will be updated to reflect any changes in the law or our privacy practices. However, we will not use your personal or company data in any new ways without your prior consent.
All requests for information relating to your personal or company data and how we use and process this data will be provided free of charge.