We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Statutory Disclosure Privacy Notice
Where there is a statutory requirement St James Surgery will share personal data with a range of organisations and agencies.
We are required by law to provide you with the following information about how we handle your information. Our full list of Privacy Notices can be found on our webpage.
Data Controller contact details
St James Surgery
Purpose of the processing
- Safeguarding: to prevent serious abuse or neglect or death of a child or vulnerable adult from taking place
- Regulatory bodies: such as the Care Quality Commission, who undertake audits to ensure the Practice comply with standards and provide safe health care
- Law enforcement: prevention and detection of crime or apprehension and prosecution of offenders
- Medico-legal: where the Practice are defending a legal claim
- Complaint management: sometimes it is necessary to share information with NHS England or the Health Service Ombudsman or Information Commissioners Office
- Planning and Research: information may be shared for securing, planning, and paying for primary care or and specialised NHS Services
- Health Protection: information may be shared with Public Health bodies for the management of certain health condition, epidemics, and infections
A list of Practice processing activities can be provided on request.
Information we collect and use
- Demographics: name, address, date of birth, postcode, and NHS number
- Medical history
Lawful basis for processing
These purposes are supported under the following sections of the UK General Data Protection Regulations:
Article 6(1)(c) … ‘necessary for compliance with a legal obligation to which the controller is subject
Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and
Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”
Article 9(2)(g) processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;’
Article 9(2)(i) ‘processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of domestic law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy’
Article (9)(2)(j) ‘processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) (as supplemented by section 19 of the 2018 Act) based on domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
Schedule 1, Part 1(2) Health and Social Care Purposes, Data Protection Act 2018
Schedule 1, Part1(3) Public Health, Data Protection Act 2018
Schedule 1 Part 2(6) Statutory etc and government purposes, Data Protection Act 2018
Recipient or categories of recipients of the processed data
Where required the Practice will share your information with:
- Care Quality Commission
- Public Health England
- Police
- Courts of Justice
- HM Revenue and Customs
- Kent County Council or Medway Council
- General Medical Council (GMC)
- Royal College of nursing (RNC)
- NHS England/Digital
- Health Service Ombudsman
- Information Commissioners Office
- Clinical Negligence Scheme for General Practice (CNSGP) or Medical Defence Union (MDU) providing medico/legal advice
For details on your rights and who to complain please see the main privacy notice.