Mr Nicholas Glover  - Consultant Cataract & Vitreoretinal Surgeon
PATIENT PRIVACY NOTICE
N Glover Ltd is committed to protecting your privacy and meeting the requirements of the current data protection legislation. This privacy notice explains:
·       What personal data we collect about you
·       Why we collect that personal data
·       Who we share your personal data with
·       Why we might contact you and how you can change that
·       How long we retain your personal data
·       How we keep your personal data secure
·       What rights you have in relation to your personal data
When we talk about "personal data" in this notice, we mean any information that could be used to identify you, either directly or indirectly when combined with any other information we may hold about you.
In this privacy notice, when we refer to “me”, ”I“, "we", "us" or "our", we mean N Glover Ltd (Director Mr Nicholas Glover), registered address with Company House, 290 Banbury Road, Oxford, OX2 7DY.
Mr Nicholas Glover is the primary Director and is the registered Data Controller under the Information Commissioner’s Office registration number ZA045828. 
If you need to contact us about this privacy notice or further details on how we use your personal information please contact Mr Nicholas Glover by post at the above address or by emailing nicholasmglover@msn.com
 
Personal data collected by N Glover Ltd 
Following your appointments, we will keep records regarding your health and any treatment and care you receive from us. These records help to ensure that you receive the best possible care.  Appointments and treatment may take place at BMI The Priory Hospital, The Westbourne Centre, Optegra Birmingham and in some instances at Queen Elizabeth Hospital. They will also be acting as joint Data Controllers and will have their own Privacy Notice available to you.
The records may be kept as written notes or held on computer.  This recorded data is classed as Special Category personal information (sensitive) and may include:
• Basic details about you such as name, address, date of birth, next of kin, etc.
• Contact we have had with you such as appointments, clinic visits or surgery
• Notes and reports about your health, treatment and care
• Results of x-rays, scans and laboratory tests
• Relevant information from people who care for you and know you well such as health      professionals and relatives
It is essential that the details which we hold for you are accurate and up to date. Please always check that your personal details are correct when you have a new appointment and inform us of any changes as soon as possible.  We will then update your records accordingly. 
From 25 May 2018, the current Data Protection Act will be replaced by the EU General Data Protection Regulation (GDPR) and a new Data Protection Act.  All your data will be handled in accordance with this legislation.
 
Reasons for collecting your personal data 
Your records are used (‘processed’) to direct, manage and deliver the care you receive to ensure that:
• We have accurate and up to date information to assess your health and decide on the most appropriate care for you
• We have the information needed to be able to assess and improve the quality and type of care you receive
• Your concerns can be properly investigated if a complaint or any concerns are raised
• Appropriate information is available if you are referred to another sub-specialist or another part of the healthcare system to ensure you receive continuity of care
 
Your information will also be used to help us manage and protect the health of the public by being used to:
• Review the care we provide to ensure it is of the highest standard and quality
• Ensure our services can meet patient needs in the future
• Investigate patient queries, complaints and legal claims
• Ensure that we receive payment for the care you receive
• Prepare statistics on our performance
• Audit our accounts and services
 
We have a number of lawful bases for using this information under data protection legislation:
·       In some cases it will be necessary for us to use information in order to enter into and fulfil our contract with you to provide you with healthcare services, such as using your health data for the purposes of diagnosis, assessment and treatment.
·       Where you have provided your consent to my use of your personal data.
·       In exceptional circumstances, we may be required to use your information in order to protect your vital interests or those of another person.
·       We may also need to use your information for the purposes of establishing, exercising or defending our legal rights, for example in the event of a complaint.
·       Where we do not have a contractual or legal obligation to handle your data in a particular way or your explicit consent to use your information for a specific purpose, we have a legitimate interest to conduct general business processes and improve our services. When relying on our legitimate interests we ensure that this use of your data is fair, proportionate and in no way detrimental.
 
Who we share your personal data with
Everyone working within healthcare has a legal duty to keep information about you safe and confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.  Both myself, as the Data Controller and my medical secretaries as Processors are bound by this legal duty and act in accordance with current guidance and legislation.
We may share information with the following main partner organisations:
• NHS Trusts and hospitals that are involved in your care
• Private insurers that are involved in your care
• Clinical Commissioning Groups, NHS Commissioning Support Units, NHS England Local Area Teams and other NHS bodies
• Your General Practitioner (GP)
• PHIN (Private Healthcare Information Network) who are the government’s recognised body for processing private patient’s data
You may be receiving care from other people as well as us, for example Social Care Services or District Nursing Services. We may need to share some information about you with them so we can all work together for your benefit if they have a genuine need for it or we have your permission. Therefore, we may also share your information, subject to strict agreement about how it will be used, with:
• Social Care Services
• Education Services
• Local Authorities
• Voluntary and private sector providers working with us
We will not disclose your information to any other third parties without your permission unless there are exceptional circumstances, such as if the health and safety of others is at risk or if the law requires us to pass on information.
 
 
You have the right to restrict how and with whom we share the personal information in your records that identifies you. This must be noted explicitly within your records in order that all healthcare professionals and staff treating and involved with you are aware of your decision. By choosing this option, you should be mindful that it may make the provision of treatment or care more difficult or unavailable. You can also change your mind at any time about a disclosure decision.
  
Retention of personal data
We retain personal data for no longer than required and in line with medical retention requirements. This is based on statutory requirements and legal obligations, as well as our business requirements.
 
Security of personal data
We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper. In the unlikely event that we need to transfer data outside of the European Economic Area (EEA) we will do so with appropriate safeguards in place.
 
Personal data and your rights
Data protection legislation gives you the right to:
·       Correct any data we hold about you that is not correct
·       Request that we delete your personal data
·       Block or suppress the further processing of your personal data in certain circumstances
·       Request access to personal data that we hold about you (Subject Access)
·       In some circumstances, receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format and have this transmitted to another data controller (Data Portability)
·       Withdraw consent where this is the legal basis for us processing your information
·       Object to processing where N Glover Ltd is relying on its legitimate interests as the legal ground for processing
 
Please contact the Mr Nicholas Glover using the details above if you wish to exercise your rights in relation to personal data. Our policy is to verify the authenticity of all requests made and we may require further validation from the enquirer.
If you have any concerns about the way we have handled your personal data please contact Mr Nicholas Glover in the first instance: nicholasmglover@msn.com. If you remain unsatisfied you can contact the Information Commissioner’s Office (ICO) on 0303 123 1113, by emailing casework@ico.org.uk or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
 
This Privacy Notice may be updated from time to time.  In the event that any of these changes result in differences in the manner in which your data is processed then you will be provided with an updated copy of the policy.
 
This policy was last revised on 23 May 2018