Dispensary: 01291 621507 (2pm – 6pm)
Please click the link below to read our full Privacy Notice:
This Privacy Notice will explain how the Town Gate Practice uses your personal data.
What Information do we collect about you?
We will collect information about you and in relation to your health and health care services you have received. This will include personal information such as your NHS number, name, address, contact information, date of birth, and next of kin.
We will also collect sensitive personal information about you (also known as special category data) which includes information relating to your health (appointment visits, treatments information, test results, X-rays, or reports), as well as information relating to your sexual orientation, race or religion.
All the above information we collect and hold about you forms part of your medical record and is primarily held to ensure you receive the best possible care and treatment.
How is your personal data collected?
The information we hold is collected through various routes; these may include:
How do we use your information?
The Information we collect about you is primarily used for your direct care and treatment but may also be used for:
We will not share your information with any third parties for the purposes of direct marketing.
Partners we may share your information with
We may share your information, subject to agreement on how it will be used with the following organisations:
We may also use external third-party companies (data processors) to process your personal information. These companies will be bound by contractual agreements to ensure information is kept confidential and secure. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Our legal basis for processing your personal data
The Practice will only use and share your information where there is a legal basis to do so.
The legal bases for most of our processing relates to your direct care and treatment:
Where we have a specific legal obligation that requires the processing of personal data, the legal basis is:
Where we process special category data, for example data concerning health, racial or ethnic origin, or sexual orientation, we need to meet an additional condition in the GDPR. Where we are processing special category personal data for purposes related to the commissioning and provision of health services the condition is:
The Practice may process your personal data for the purposes of research in such circumstances our legal basis for doing so will be:
Where we process special category personal data for research purposes the legal basis for doing so is:
The Practice may also process personal data for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings), for the purpose of obtaining legal advice, or for the purpose of establishing, exercising or defending legal rights. Where we process personal data for these purposes, the legal basis for doing so is:
Where we process special category of personal data for these purposes, the legal basis for doing so is:
In rare circumstances we may need to share information with law enforcement agencies or to protect the wellbeing of others for example to safeguard children or vulnerable adults. In such circumstances are legal basis for sharing information is:
Where we share special categories of person data for the purposes of safeguarding, the legal basis for doing so is:
Retention of your Personal Information / Storing your Information
We are required by UK law to keep your information and data for a defined period, often referred to as a retention period. The Practice will keep your information in line with the practice records management policy.
How to Contact us
Please contact the practice if you have any questions about our privacy notice or information, we hold about you these should be directed to the practice Manager, Town Gate Practice, Chepstow Community Hospital, Tempest Way, Chepstow, Gwent, NP16 5XP
Contact Details of our Data Protection Officer
The Practice is required to appoint a data protection officer (DPO). This is an essential role in facilitating practice accountability and compliance with UK Data Protection Law.
Our Data Protection Officer is:
Digital Health and Care Wales,
Information Governance, Data Protection Officer Support Service
4th Floor, Tŷ Glan-yr-Afon
21 Cowbridge Road East
Email : DHCWGMPDPO@wales.nhs.uk
The General Data Protection Regulation (GDPR) includes a number of rights. We must generally respond to requests in relation to your rights within one month, although there are some exceptions to this.
The availability of some of these rights depends on the legal basis that applies in relation to the processing of your personal data, and there are some other circumstances in which we may not uphold a request to exercise a right. Your rights and how they apply are described below.
Right to be informed
Your right to be informed is met by the provision of this privacy notice, and similar information when we communicate with you directly – at the point of contact.
Right of Access
You have the right to obtain a copy of personal data that we hold about you and other information specified in the GDPR, although there are exceptions to what we are obliged to disclose.
A situation in which we may not provide all the information is where in the opinion of an appropriate health professional disclosure would be likely to cause serious harm to your, or somebody else’s physical or mental health.
Right to Rectification
You have the right to ask us to rectify any inaccurate data that we hold about you.
Right to Erasure (‘right to be forgotten’)
You have the right to request that we erase personal data about you that we hold. This is not an absolute right, and depending on the legal basis that applies, we may have overriding legitimate grounds to continue to process the data.
Right to Restriction of Processing
You have the right to request that we restrict processing of personal data about you that we hold. You can ask us to do this for example where you contest the accuracy of the data.
Right to Data Portability
This right is only available where the legal basis for processing under the GDPR is consent, or for the purposes of a contract between you and the Practice. For this to apply the data must be held in electronic form. The right is to be provided with the data in a commonly used electronic format.
Right to Object
You have the right to object to processing of personal data about you on grounds relating to your particular situation. The right is not absolute, and we may continue to use the data if we can demonstrate compelling legitimate grounds, unless your object relates to marketing.
Rights in relation to automated individual decision-making including profiling
You have the right to object to being subject to a decision based solely on automated processing, including profiling. Should we perform any automated decision-making, we will record this in our privacy notice, and ensure that you have an opportunity to request that the decision involves personal consideration.
Right to complain to the Information Commissioner
You have the right to complain to the Information Commissioner if you are not happy with any aspect of Practices processing of personal data or believe that we are not meeting our responsibilities as a data controller. The contact details for the Information Commissioner are:
Information Commissioner’s Office
Wilmslow SK9 5AF
Tel: 0303 123 1113
Date published: 18th October, 2014
Date last updated: 25th January, 2024