We use cookies to make this site work. We'd also like to set optional cookies so we can understand how the site is used and improve it. We will not set optional cookies unless you accept them. You can change your choice at any time from the Cookie settings link in the footer.
Strictly necessary cookies
These cookies are required for the site to work. They store your cookie preferences and keep your session secure. They are exempt from consent under PECR Regulation 6(4) because they are essential to deliver the service you have requested.
Optional cookies
Optional cookies help us understand how the site is used and provide additional features such as analytics, accessibility tools and translation. We will only set them if you accept.
This notice focuses on patient data only or ask at reception for an accessible copy. This notice was last updated March 2026.
Data Controller
Bloomsbury Surgery is the data controller for your information. We are contracted by NHS England under a General Medical Service (GMS) contract to provide Primary Healthcare services to local residents & other individuals registered with the Practice.
Data protection Officer’s contact details
Our Data Protection Officer is contactable via:
- A letter to the data protection officer at this practice
- Steve Durbin, By email at nclicb.dpo.ncl@nhs.net
Purpose of processing your data
We use your information to provide you with the best possible direct care services.
Your information is also used for indirect care, planning, research, auditing and population health management. You can opt out of this by registering a National Data Opt-Out via the NHS website or the NHS App.
Lawful basis for processing your data
We process your data in the public interest for purposes focused on delivering healthcare – UK GDPR article 6 1(e). For special category personal data (e.g. health) our lawful basis is UK GDPR article 9 2(h) – processing necessary for medical/social care or management of same. For some information we process your data to fulfil our legal obligations – UK GDPR Article 6 1(c).
The categories of personal data concerned
We use name, address, date of birth, postcode, NHS number to identify you. We also keep data on your medical/health status which may include other sensitive data where relevant to your health e.g. your racial or ethnic origin, religious or philosophical beliefs, genetic data, sexual life and sexual orientation data.
Potential recipients of your data
We share data with other healthcare providers (e.g. hospitals) for delivery of your care. We also share with organisations for the management of health and care, and for indirect purposes as noted above. NHS England require us to supply data to them under Data Provision Notices, which is used for a variety of purposes including the NHS App.
How long your data will be retained
We only keep your data as long as is required by law. Data is retained following national records management practice, available in the full notice.
Your rights
You have the right to receive information on our uses of your information (this notice is part of that). The right to access, view or request copies of your records; request rectification of inaccuracies in your record, restrict or object to processing of your information. These rights are not absolute and are qualified in certain circumstances. You also have the right to complain to our Data Protection Officer or the Information Commissioner (via their website or 0303 123 1113) if you are dissatisfied with our use of data.
Safeguards if data is transferred to a country outside the UK.
When we use suppliers outside the UK, we ensure that the suppliers we use had full safeguards for your data and your legal rights are protected. We do not transmit data elsewhere except where legally required to (e.g. if you move to another country and ask us to share your data with local healthcare). When we do so, we insist on secure transmission.