Important information about our privacy policy

Penrhyn Surgery fully supports the General Data Protection Regulations (GDPR) that will be enforced as of 25th May 2018. 

We take our responsibility to protect your personal data extremely seriously and are updating our policies to reflect the new GDPR regulations.

You can find further information below.


Processors of personal data

In order to deliver the best possible service, the practice contracts Processors to process personal data, including patient data on our behalf.

When we use a Processor to process personal data we will always have an appropriate legal agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately.

Examples of functions that may be carried out by a Processor include:

  • Companies that provide IT services & support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services and document management services.
  • Delivery services (for example if we were to arrange for delivery of any medicines to you).
  • Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).

Thank you for taking the time to review these changes and we look forward to continuing our work with our patients.


Our Privacy Commandments

  1. Design for privacy and be accountable
  2. Protect communications and sensitive data
  3. Only collect necessary data
  4. Obtain and manage permissions
  5. Be open about data collection and use
  6. Know your data and manage it diligently 
  7. Don't share data without proper controls
  8. Enable access to data, erasure and portability
  9. Protect against unauthorised use
  10. Acquire parental controls