Your Data At Our Practice


< Back to policies & procedures

This notice focuses on patient data only; you can find fuller details of our use of data on the website, or ask at reception for an accessible copy. This notice was last updated September 2022.


Data Controller

Bloomsbury Surgery is the data controller for your information. We are contracted by NHS England under a General Medical Service (GMS) contract to provide Primary Healthcare services to local residents & other individuals registered with the Practice.

Data protection Officer’s contact details

Our Data Protection Officer is contactable via:

  • A letter to the data protection officer at this practice
  • By email

Purpose of processing your data

We use your information to provide you with the best possible direct care services.

Your information is also used for indirect care, planning, research, auditing and population health management. A national opt-out from some of these purposes is available.


Lawful basis for processing your data

We process your data in the public interest for purposes focused on delivering healthcare – UK

  • GDPR article 6 1(e). For special category personal data (e.g. health) our lawful basis is UK
  • GDPR article 9 2(h) – processing necessary for medical/social care or management of same.

For some information we process your data to fulfil our legal obligations – UK GDPR Article 6 1(c).


The categories of personal data concerned

We use name, address, date of birth, postcode, NHS number to identify you. We also keep data on your medical/health status which may include other sensitive data where relevant to your health e.g. your racial or ethnic origin, religious or philosophical beliefs, genetic data, sexual life and sexual orientation data.


Potential recipients of your data

We share data with other healthcare providers (e.g. hospitals) for delivery of your care. We also share with organisations for the management of health and care, and for indirect purposes as noted above. NHS England require us to supply data to them under Data Provision Notices, which is used for a variety of purposes including the NHS App.


How long your data will be retained

We only keep your data as long as is required by law. Data is retained following national records management practice, available in the full notice.


Your rights

You have the right to receive information on our uses of your information (this notice is part of that). The right to access, view or request copies of your records; request rectification of inaccuracies in your record, restrict or object to processing of your information. These rights are not absolute and are qualified in certain circumstances. You also have the right to complaint to our Data Protection Officer or the Information Commissioner if you are dissatisfied with out use of data


Safeguards if data is transferred to a country outside the UK.

When we use suppliers outside the UK, we ensure that the suppliers we use had full safeguards for your data and your legal rights are protected. We do not transmit data elsewhere except where legally required to (e.g. if you move to another country and ask us to share your data with local healthcare). When we do so, we insist on secure transmission.