In 2018, GDPR is replacing the Data Protection Act 1998 (DPA) in governing how personal data is managed by a controller or processor of your information.
The data “controller” is a person (or business) who determines the purposes a way in which, personal data is processed. A data “processor” is anyone who processes personal data on behalf of the data controller (not including the data controller's own employees).
Under the GDPR, the data protection principles set out the main responsibilities for organisations. It requires that the controller shall be responsible for, and be able to demonstrate, compliance with the following principles.
GDPR requires that personal data shall be:Processed lawfully, fairly and in a transparent manner. Collected for specified, explicit and legitimate purposes. Adequate, relevant and limited to what is necessary. Accurate and, where necessary, kept up to date. Kept in a form which permits identification of data subjects for no longer than is necessary. Processed in a manner that ensures appropriate security of the personal data.
By itself, data has no meaning. For instance, a date is just a series of numbers and characters which could indicate the date of any unspecified event. However, when you attribute that date to a specific event or person, it becomes information, such as a person’s date of birth.
Personal information is data that can be attributed to a living individual who can be identified by this data.
Information about an individual that is likely to be of a private nature and could be used in a discriminatory way, is described as sensitive personal information. This type of information needs to be treated with greater care than other personal information.
Sensitive personal information may include:Racial or ethnic origin Political opinion Religious or other similar beliefs A physical or mental health or condition Sexual Orientation Who is collecting your information?
The Independent General Practice ltd. is the registered business name for the following branches and services:The Independent General Practice (IGP) – Our Private GP Service The Independent Physiotherapy Services (IPS) – Our Physiotherapy Service Ipsum health – Our Occupational Health Service IGP Treatments Clinics (IGPTC) – Our Cosmetic Treatments Services IGP Medico-Legal (IGPML) – Our Medico-Legal Services
Any information collected or produced as part of these services will be managed in accordance with The Independent General Practice’s Data Protection and GDPR policies & procedures. All clinicians undertake a CRB Check on employment and administration staff are bound by The Independent General Practice’s confidentiality policies & procedures.
The Independent General Practice will collect your information: in direct communications (such as website, telephone, letter or video), when a patient completes a consent form, template, questionnaire or registration form, when a clinician completes a clinical record or report as part of a consultation/appointment, when receiving a 3rd party instruction/communication, or as part of financial processing.
The minimum information required to use a service is a patient’s contact information and date of birth. However, as part of an appointment, a clinician may also need to obtain or create sensitive personal information about a patient, which includes information relating to a physical or mental health or condition. With consent, The Independent General Practice may also refer to previous medical opinion (such as medical records).
The amount of information we require will vary depending on what services you require.
The information that we collect will only ever be used in the provision of service. We will require your information to create an appointment, to convey or record medical opinion. The Independent General Practice will not use or pass on your information to market services that are unrelated to those that you have consented.
Administration staff may be required to access your personal information to arrange appointments and to process your records for administration purposes. With consent, we may share your information with 3rd parties for further investigation and/or specialist opinion. Your anonymised information may be made available to Healthcare Inspectorate Wales (HIW) or Care Quality Commission (CQC) as part of a healthcare inspection to ensure that The Independent General Practice meets the requirements set by the government provide private healthcare services.
Patients have the right to withdraw consent or request a copy/transferal/removal of their information at any time by requesting a ‘Consent Removal’ form. Information that cannot be adequately attributable may result in deletion in line with The Independent General Practice’s data retention policy.Consent Removal Form
Suspected breaches in data protection can be reported to The Independent General Practice’s Data Protection officer Kieran Reynolds. Breaches in Data Protections will result in The Independent General Practice producing an incident investigation. Serious breaches will be reported to the Information Commissioner’s Office (ICO). You retain the right to report a breach to the ICO directly.ICO - Report A Breach
A “Cookie” is a small file that is requested by your internet browser (such as Edge, Chrome, Safari or Firefox) and stored on your computer or device. This cookie file contains various information about websites you have visited. This can include information such as your location, the type of device you are using etc. However, in some instances, some personal data can also be stored, such as when you add items to a shopping cart or enter form information. We use analytics programs (Such as Google Analytics), which collects cookie information to provide us with statistical data about visitors to our websites.
This data includes, how many visits we had, which pages were visited, what device was used and details of from where the visitor was directed to our website.
If you would like to stop using Cookies, please follow the appropriate link for your browser:Google Chrome Mozilla Firefox Microsoft Edge Apple Safari
Oaktree House, Oaktree Court
Cardiff Gate Business Park