We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
This notice focuses on patient data only or ask at reception for an accessible copy. This notice was last updated March 2026.
Data Controller
Bloomsbury Surgery is the data controller for your information. We are contracted by NHS England under a General Medical Service (GMS) contract to provide Primary Healthcare services to local residents & other individuals registered with the Practice.
Data protection Officer’s contact details
Our Data Protection Officer is contactable via:
- A letter to the data protection officer at this practice
- Steve Durbin, By email at nclicb.dpo.ncl@nhs.net
Purpose of processing your data
We use your information to provide you with the best possible direct care services.
Your information is also used for indirect care, planning, research, auditing and population health management. You can opt out of this by registering a National Data Opt-Out via the NHS website or the NHS App.
Lawful basis for processing your data
We process your data in the public interest for purposes focused on delivering healthcare – UK GDPR article 6 1(e). For special category personal data (e.g. health) our lawful basis is UK GDPR article 9 2(h) – processing necessary for medical/social care or management of same. For some information we process your data to fulfil our legal obligations – UK GDPR Article 6 1(c).
The categories of personal data concerned
We use name, address, date of birth, postcode, NHS number to identify you. We also keep data on your medical/health status which may include other sensitive data where relevant to your health e.g. your racial or ethnic origin, religious or philosophical beliefs, genetic data, sexual life and sexual orientation data.
Potential recipients of your data
We share data with other healthcare providers (e.g. hospitals) for delivery of your care. We also share with organisations for the management of health and care, and for indirect purposes as noted above. NHS England require us to supply data to them under Data Provision Notices, which is used for a variety of purposes including the NHS App.
How long your data will be retained
We only keep your data as long as is required by law. Data is retained following national records management practice, available in the full notice.
Your rights
You have the right to receive information on our uses of your information (this notice is part of that). The right to access, view or request copies of your records; request rectification of inaccuracies in your record, restrict or object to processing of your information. These rights are not absolute and are qualified in certain circumstances. You also have the right to complain to our Data Protection Officer or the Information Commissioner (via their website or 0303 123 1113) if you are dissatisfied with our use of data.
Safeguards if data is transferred to a country outside the UK.
When we use suppliers outside the UK, we ensure that the suppliers we use had full safeguards for your data and your legal rights are protected. We do not transmit data elsewhere except where legally required to (e.g. if you move to another country and ask us to share your data with local healthcare). When we do so, we insist on secure transmission.