GDPR and Privacy

GDPR & Privacy

Privacy Notice

Bancroft Medical Centre is committed to protecting your privacy and keeping your personal information secure.

We use your information to provide safe and effective healthcare, manage appointments, communicate with you about your care, and meet our legal and NHS obligations.

We process personal information in accordance with:

  • UK GDPR
  • Data Protection Act 2018
  • NHS confidentiality requirements
  • NHS Records Management Code of Practice

Who We Are

Bancroft Medical Centre is the Data Controller for the personal information we process.

If you have questions about how your information is used, please contact the Practice.

Website: https://bancroft-consult.uk.rapidhealth.co.uk/admin-request

The Practice also has access to a Data Protection Officer (DPO) for advice and oversight regarding information governance and data protection matters.

What Information We Hold

We may collect and process:

  • personal details such as your name, address, date of birth and NHS number
  • contact details
  • medical records and consultation notes
  • test results and referrals
  • appointment and communication records
  • information received from hospitals and other healthcare providers
  • prescription information
  • safeguarding information where relevant
  • CCTV footage where applicable
  • website and online service information

How We Use Your Information

Your information may be used for:

  • providing direct patient care
  • managing appointments and recalls
  • referrals to hospitals and community services
  • prescriptions and pharmacy services
  • safeguarding and public health requirements
  • NHS service planning and quality improvement
  • responding to complaints or legal obligations
  • approved audit and research purposes where permitted

The Practice uses a clinical system called SystmOne to maintain patient records securely. Other NHS healthcare organisations involved in your care may be able to access relevant parts of your record where appropriate and permitted.

Healthcare professionals involved in emergency or urgent care may access relevant information through systems such as the Summary Care Record where appropriate for your care and safety.

The Practice may also participate in approved NHS data analytics and research programmes, including the NHS OpenSAFELY Data Analytics Service, which uses pseudonymised GP data within secure NHS environments for health and care research purposes.

Online Services and Communication Systems

The Practice uses digital systems including:

  • Rapid Health
  • NHS App
  • Accurx
  • Anima
  • Docmail

These services support patient communication, online requests, appointment management, care navigation and access to healthcare services.

Patients may submit medical or administrative requests electronically. Information submitted may include personal and special category health data and may form part of the patient medical record where appropriate.

Some providers maintain their own privacy notices regarding how they process information on behalf of the Practice.

NHS App and NHS Login

Patients may access certain services using NHS login and the NHS App.

If you use NHS login:

  • identity verification is managed by NHS England
  • some information may be shared with the Practice to support access to services
  • information is only used for the purposes of providing NHS services

Further information is available through NHS England regarding NHS login and NHS App privacy information.

Telephone Calls and Call Recording

The Practice uses Surgery Connect telephony systems to support patient communication and access to services.

Telephone calls to and from the Practice may be recorded for purposes including:

  • staff training
  • patient safety
  • quality monitoring
  • complaint investigation
  • safeguarding
  • service improvement

Call recordings are stored securely and access is restricted to authorised staff only.

Recordings are retained in accordance with the NHS Records Management Code of Practice and the Practice’s information governance procedures.

 

 

Who We Share Information With

We may share information where appropriate with:

  • NHS hospitals and community providers
  • pharmacies
  • NHS England
  • Integrated Care Boards (ICB)
  • social care services
  • approved healthcare professionals involved in your care
  • organisations providing services on behalf of the Practice

The Practice also uses approved service providers including secure document, communication and records management providers to support healthcare delivery and administration.

Information is only shared where there is a lawful basis to do so.

Records Management and Storage

Records are retained in accordance with the NHS Records Management Code of Practice for Health and Social Care.

The Practice uses secure storage arrangements for both electronic and paper medical records, including secure off-site storage providers where appropriate.

Data Security

We take information security seriously and use:

  • secure NHS clinical systems
  • role-based access controls
  • encrypted communications
  • staff confidentiality agreements
  • cybersecurity protections
  • secure storage arrangements

All staff receive confidentiality and information governance training and are required to maintain patient confidentiality at all times.

The Practice may use approved digital and artificial intelligence (AI) supported technologies to assist with administrative tasks, workflow management, clinical documentation or service improvement. Any use of AI is subject to appropriate governance, confidentiality, cybersecurity and data protection controls.

Your Rights

Under UK GDPR you have the right to:

  • request access to your records
  • request correction of inaccurate information
  • request restriction of processing in certain circumstances
  • object to some processing activities
  • raise a concern or complaint

Requests will be considered in accordance with UK GDPR and NHS requirements.

Your Choices and Opt-Outs

Patients may have the right to object to certain types of information sharing or secondary use of data.

This may include:

  • National Data Opt-Out
  • Type 1 Opt-Out requests
  • local shared care record objections

https://www.nhs.uk/using-the-nhs/about-the-nhs/opt-out-of-sharing-your-health-records/

 

Please contact the Practice for further information.

Cookies and Website Information

Our website may use cookies and website analytics to improve services and user experience. Website usage information does not identify individual patients unless information is voluntarily submitted through online forms or services.

Contact Us

If you have any questions regarding how your information is used, please contact the Practice.

Bancroft Medical Centre
Website: https://bancroft-consult.uk.rapidhealth.co.uk/admin-request

Information Commissioner’s Office (ICO)

If you remain dissatisfied with how your information has been handled, you may contact the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: Information Commissioner’s Office (ICO)

Last reviewed: May 2026
Next review: May 2027

 

Privacy
Page last reviewed: 15 May 2026
Page created: 01 March 2023