Privacy Notice




Penrhyn Surgery is one of many organisations working in the health and care system to improve health care for patients.

Whenever you use a health or care service, such as attending Surgery for a consultation, Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

For more information about this, please view the GP Practice Privacy Notice for General Practice Data for Planning and Research.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases· monitoring safety
  • planning services

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care. To find out more or to register your choice to opt out, please visit On this web page you will:

  • See what is meant by confidential patient information
  • Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care
  • Find out more about the benefits of sharing data
  • Understand more about who uses the data
  • Find out how your data is protected
  • Be able to access the system to view, set or change your opt-out setting
  • Find the contact telephone number if you want to know any more or to set/change your opt-out by phone
  • See the situations where the opt-out will not apply

You can also find out more about how patient information is used on the Health Research Authority website (which covers health and care research); and the Understanding Patient Data website (which covers how and why patient information is used, the safeguards and how decisions are made)

You can select your opt-out on the NHS website

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently’ compliant with the national data opt-out policy.“


COVID-19 Pandemic practice privacy notices as at 25th March 2020:

Coronavirus (COVID-19) pandemic and your information

The ICO recognises the unprecedented challenges the NHS and other health professionals are facing during the Coronavirus (COVID-19) pandemic.

The ICO also recognise that ‘Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.’
The Government have also taken action in respect of this and on 20th March 2020 the Secretary of State for Health and Social Care issued a Notice under Regulation 3(4) of The Health Service (Control of Patient Information) Regulations 2002 requiring organisations such as GP Practices to use your information to help GP Practices and other healthcare organisations to respond to and deal with the COVID-19 pandemic.

In order to look after your healthcare needs during this difficult time, we may urgently need to share your personal information, including medical records, with clinical and non-clinical staff who belong to organisations that are permitted to use your information and need to use it to help deal with the COVID-19 pandemic. This could (amongst other measures) consist of either treating you or a member of your family and enable us and other healthcare organisations to monitor the disease, assess risk and manage the spread of the disease.

Please be assured that we will only share information and health data that is necessary to meet yours and public healthcare needs.

The Secretary of State for Health and Social Care has also stated that these measures are temporary and will expire on 31st March 2021 unless a further extension is required. Any further extension will be will be provided in writing and we will communicate the same to you.
Please also note that the data protection and electronic communication laws do not stop us from sending public health messages to you, either by phone, text or email as these messages are not direct marketing.

It may also be necessary, where the latest technology allows us to do so, to use your information and health data to facilitate digital consultations and diagnoses and we will always do this with your security in mind.

Please note any digital image submitted as part of an online consultation will be stored within your clinical notes.

If you are concerned about how your information is being used, please contact our DPO using the contact details provided in this Privacy Notice.


1. Data Controller contact details

Dr Olukayode Oremakinde
On behalf of the Partners
Penrhyn Surgery 
Walthamstow E17 5DB 

Tel 02085272563


2. Data Protection Officer contact details

Mrs Radha Muthuswamy DPO (PCN)


3. Purpose of the processing

Direct Care is care delivered to the individual alone, most of which is provided in the surgery. After a patient agrees to a referral for direct care elsewhere, such as a referral to a specialist in a hospital, necessary and relevant information about the patient, their circumstances and their problem will need to be shared with the other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care.


4. Lawful basis for processing

The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:

  • Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.
  • Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

Organisations and their employees will also respect and comply with their obligations under the common law duty of confidence.


5. Recipient or categories of recipients of the processed data

The data will be shared with Health and care professionals and support staff in this surgery and at hospitals, diagnostic and treatment centres who contribute to your personal care.

  • Care Homes/Nursing Homes
  • Child and Adolescent Mental Health Service (CAMHS)
  • Child Health
  • Community Professionals (Social Workers/District Nurse/Health Visitors)
  • Continence and Stoma Service
  • Coroner
  • Care Quality Commission
  • Third Party mailing company (name and address only) – (Docmail) for vaccination campaigns
  • GP Practices in the Primary Care Network – Sovereign Health Network
  • Care and Health Information Exchange (Formerly known as Hampshire Health Record)
  • Individual Funding Requests
  • MJOG – Text messaging system for vaccination campaigns and appointment reminders ( Mobile Telephone number only)
  • AccuRX – individual text messaging – system verified consent to use
  • E-Consult (patient explicit consent taken on website)
  • Multi Disciplinary Teams
  • Out of Hours Services
  • Primary Care Services England
  • Referrals to Private Healthcare
  • Safeguarding
  • Secondary Care (Hospitals)
  • Summary Care Record
  • Independent Contractors such as dentists, Opticians, pharmacists
  • Fire and Rescue Services
  • Police and Judicial Services

Data Extraction by the Clinical Commissioning Group

The clinical commissioning group at times extracts information about your care, but the information they extract via our computer systems cannot identify you to them. This information only refers to you by way of a code that only your practice can identify (it is pseudonymised). We will never give the CCG access to any system or information that would enable them to identify you.

The Clinical Commissioning Group requires this pseudonymised information for the following purposes:

  • For management and monitoring of the GP Practice core contract
  • For management and monitoring of the GP Practice enhanced services
  • For assurance of compliance with these contracts
  • For assurance of the effective spending of public funding
  • To conform with delegated responsibilities from NHS England
  • To fulfil the CCGs role in ensuring services commissioned meet patient population need and are being delivered in accordance with commissioning intentions Other “data processors” which you will be informed of

6. Rights to object

You have the right to object to some or all the information being processed under Article 21. Please contact the Data Controller or the practice. You should be aware that this is a right to raise an objection, that is not the same as having an absolute right to have your wishes granted in every circumstance.


7. Right to access and correct

You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law. Please contact the practice.


8. Retention period

The data will be retained in line with the law and national guidance.


9. Right to Complain

You have the right to complain to the Information Commissioner’s Office, or call their helpline Tel: 0303 123 1113 (local rate) or 0162 554 5745 (national rate).