Patient Privacy Notice

  1. Introduction

This privacy notice explains how Priory Medical Centre collects, uses, stores, and protects your personal information when you receive care from our GP practice.

We are committed to protecting your privacy and handling your information lawfully, fairly, and transparently in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The common law duty of confidentiality
  • NHS confidentiality requirements

  1. Who We Are

Data Controller:
Priory Medical Centre
Belmont GroveL6 4EW
Telephone:  0151 260 9119
Email: Priorymedicalcentre@nhs.net

Data Protection Officer (DPO):
Informatics Merseyside

Email: DPO.IM@imerseyside.co.uk

  1. Information We Collect

We may collect and process the following categories of personal information:

Personal Details

  • Name
  • Date of birth
  • Address
  • Telephone number
  • Email address
  • NHS number
  • Next of kin details

Health Information

  • Medical history
  • Consultation notes
  • Test results
  • Prescriptions
  • Allergies
  • Referral information
  • Mental and physical health records

Administrative Information

  • Appointment details
  • Correspondence with healthcare providers
  • Complaints or feedback
  • Insurance or payment information (if applicable)

  1. How We Use Your Information

We use your information to:

  • Provide safe and effective healthcare
  • Arrange appointments and referrals
  • Maintain accurate medical records
  • Communicate with you about your care
  • Prescribe medication
  • Support NHS planning and quality improvement
  • Meet legal and regulatory obligations
  • Prevent fraud and protect public health

  1. Legal Basis for Processing

Under UK GDPR, we process your information because:

  • It is necessary for the provision of healthcare and treatment
  • We are required to comply with legal obligations
  • Processing is necessary for reasons of public interest in the area of public health
  • In some circumstances, we rely on your consent

Special category health data is processed under Article 9(2)(h) and related healthcare provisions of UK GDPR.

  1. Who We Share Information With

We may share relevant information with:

  • NHS hospitals and clinics
  • Community healthcare services
  • Pharmacies
  • NHS England
  • Integrated Care Boards (ICBs)
  • Social care services
  • Laboratories and diagnostic providers
  • Regulators and inspectors where required by law

We only share information that is necessary and appropriate for your care or where we are legally required to do so.

  1. Electronic Patient Records

Your records are stored securely using NHS-approved systems. Access is restricted to authorised staff who need the information to perform their duties.

We use appropriate technical and organisational security measures to protect your information against loss, misuse, or unauthorised access.

  1. How Long We Keep Information

We retain medical records in accordance with NHS Records Management Code of Practice requirements.

In most cases, GP records are retained for:

  • 10 years after death, or
  • 10 years after a patient permanently leaves the UK

Some records may be retained longer if required by law.

  1. Your Rights

Under data protection law, you have rights including:

  • The right to access your information
  • The right to request correction of inaccurate information
  • The right to request restriction of processing in certain circumstances
  • The right to object to certain uses of your information
  • The right to data portability where applicable
  • The right to withdraw consent where consent is used

These rights may be limited where healthcare or legal obligations apply.

  1. Accessing Your Medical Records

You may request access to your medical records by contacting the practice.

We may ask for proof of identity before releasing information.

There is usually no charge for access requests unless requests are excessive or repetitive.

  1. Confidentiality and Safeguarding

All staff are bound by confidentiality obligations.

However, information may be shared without consent where:

  • There is a legal obligation
  • There is a serious risk to your safety or the safety of others
  • Safeguarding concerns arise
  • Public health laws require disclosure

  1. Text Messages, Emails and Telephone Calls

We may contact you by:

  • SMS/text message
  • Telephone
  • Email
  • Letter

This may include appointment reminders, health recalls, or important updates about your care.

Please inform us if your contact details change.

  1. Complaints and Concerns

If you have concerns about how your information is handled, please contact the practice first.

You also have the right to complain to the:

Information Commissioner’s Office 0303 123 1113.

  1. Changes to This Privacy Notice

We may update this privacy notice from time to time to reflect changes in legal requirements or our services.

The latest version will always be available:

  • On our website
  • On request from the practice

Approved by: Brogan Purves
Date Approved: 11/06/2025

Additional Information

Virtual Practice Tour

Patient Participation Group

Self Referrals/Local Services

Community Involvement

Requesting a letter

Statement of Costs – Non-NHS Work

GDPR / Practice Policies