Noticeboard

------------------------------ Appointment Attendance

In the month of February 245 patients did not attend their appointment at the surgery. This many missed appointments amounts to over 40 hours of wasted time. Please remember to cancel your appointment if you cannot make it to the surgery, this allows the reception staff to re-book your appointment so somebody else can be seen.

--------------------------------- Cervical Screening

Ladies please check with reception if your smear is due. Every year in the UK, over 3000 women will be diagnosed with cervical  cancer and almost 1000 women will die from the disease.

-------------------------------- Shingles Vaccine

If you are aged 70, 78 or 79 please make an appointment with the practice nurse for your shingles vaccine. vaccination6

 

----------------------------------- Going to university?

If you are between the age of 18 - 24 please check with reception that you have had two doses of MMR before going to university.

-------------------------------- Watch out measles about!

Measles is a highly infectious viral illness. It can be very unpleasant and possibly lead to serious complications, including blindness and even death. We recommend that everyone over 12 months of age has the MMR vaccine. it is never too late to receive it. If you are not sure whether you or your children need the MMR vaccine please talk to your doctor, nurse or health visitor.  

 

Privacy

DENTON PARK MEDICAL GROUP

EMPLOYEE DATA PROTECTION AND PRIVACY POLICY

 

Introduction

 

This policy sets out information in relation to the processing of employee data and how employee privacy of data is protected.  This policy does not confer any contractual rights.

 

The Company is a “data controller” and needs to collect and hold data about you to enable us to administer day to day tasks related to your ongoing employment (e.g. we need to know your bank detail in order that we can pay you). 

 

The Company is permitted to hold and process data about you because you are an employee/worker and there is a contract between us (the main legal basis for processing your information).

 

The Company’s obligations in relation to the processing of personal data

 

The Company is required to ensure that it complies with the following obligations when processing any of your personal data: 

 

  • that your data is used lawfully, fairly and in a transparent way
  • that your data is collected only for valid purposes which have been clearly explained to you
  • that the data collected is relevant to the purposes the Company has told you about and limited only to those purposes
  • that the data is accurate and up to date
  • that your data is kept in a format which allows for you to be identified for only as long as necessary
  • that your data is kept securely

 

The Company will only use your personal data for the stated purposes, unless there is a need to use it for another reason and that reason is compatible with the original purpose.  If the Company consider that it is necessary to use your personal data for a different and unrelated purpose, this will be notified to you in writing with an explanation of the legal basis for doing so.   There may be exceptional circumstances where the Company has to process your personal data without your knowledge or consent where this is required by law.

 

The Company will only ask you to provide data which is necessary for the performance of the contractual employment relationship or any associated legal obligations.  If you do not provide this data, the Company may not be able to meet its contractual or legal obligations to you.

 

For the Company to meet the obligations of performing your contract or to meet legal obligations connected with your employment relationship it is necessary to share your personal information with certain third parties (e.g. payroll provider, pension provider, legal or professional advisers).  The Company may also share your personal data with other third parties (e.g. where a possible sale or restructuring of the business may be being considered.  The Company does not transfer personal data outside the EEA.

 

Individual rights and obligations

 

Current data protection legislation provides the following rights for individuals:

 

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

 

In order that we can ensure that the personal data we hold in relation to you is accurate, it is important that you keep us informed of any changes to your data.

 

How personal data is collected

 

The Company collects your personal data by a variety of means.  At the recruitment stage the Company will already have collected data through the application process either directly from you or via any employment agency used, and references from current or former employers.

 

Where any additional personal data is required, the Company will ask you for this in writing, setting out the purpose for which is it required.

 

The type of data the company may process

 

The data processed includes, but is not limited to:

 

Type of data

Why we wish to hold it

How long it will be kept for

Recruitment data

Previous employers, types of job held previously, skills and qualifications, CV

This will allow us to make a decision on your suitability for employment/

engagement. 

Data obtained during recruitment will be kept for 6 months after an application has been declined, or if appointed, until successful completion of probation period.                                          

Right to work

Copy of passport (or other right to work documents –e.g.  Biometric visa)

 

This data will be kept for the duration of your employment and for 2 years afterwards.

 

Induction data

Key personal data about you: e.g. name address, date of birth, next of kin, bank details, etc.

This will allow us to send you correspondence, contact next of kin in an emergency, pay wages into your bank, enrol you into benefits schemes etc.

This data will be kept for the duration of your employment and for 9 months afterwards.

 

Payroll data

Salary and salary history, benefits, tax, NI and NI number, tax status, pension contributions, other deductions, student loans, CCJ’s etc.

To allow us to pay you accurately and to fulfil out tax and reporting obligations with the HMRC.

The HMRC requires us to hold this information for 6 years after we have used it.

Time and attendance data

Timesheets, shift rotas, holiday forms etc.

To allow us to ensure you are working the correct hours and that obligations under the Working Time Regulations are met.

This data will be kept for the duration of your employment and for 9 months afterwards.

 

Health and medical data

Data about your health, medical conditions, self-certificates, GP sick notes

Your consent may also be sought to gain a report from your GP, consultant or occupational health specialist.

We may need to understand details about  health/ medical conditions in relation to your work and ability to undertake your role, or alternative roles.  We would only seek this information from you with your specific consent.

This data will be kept for the duration of your employment and for 9 months afterwards.

If it relates to an accident at work, we would keep the data for 4 years after your employment has ended. (Note that this timescale may need to be extended if for example your business undertakes work from which occupational disease has the potential to arise e.g. asbestos, lead etc. - the HSE recommend keeping such records for 40 years).

Ethnic monitoring data

Data relating to your racial origin, religion, gender, sexual orientation, etc that are classed as protected characteristics under the Equality Act 2010.

We use this data to understand the ethnic make- up of our workforce and it allows us to rebalance our workforce if we believe we do not have the correct diversity.

This data will be kept for the duration of your employment and for 9 months afterwards.

 

Disciplinary and grievance records

 

 

These will be kept on file as a reference for comparison purposes to ensure any requirements to improve your conduct or capability can be referenced.

This data will be kept for the duration of your employment and for 9 months afterwards. The warnings will be ‘live’ for the duration specified in them.

 

Other data

Start date, location of workplace, flexible working requests, driving licence details, training records,

professional memberships, job performance details, appraisals, CCTV, photographs, use of IT/

communication

systems etc.

We might need to calculate entitlements to benefits or rights arising from length of service, understand details about work performance, training needs, policy compliance etc., or making decisions about promotion or continued employment.

This data will be kept for the duration of your employment and for 9 months afterwards.

(Note that this timescale may need to be extended if for example your business undertakes warranty work on products and there is a requirement to be able to trace when the product was provided, who produced/ installed it and that they were qualified to do so)

 

3rd parties who deal with our company benefits

Pension, payroll providers etc.

If you enrol in a company benefit, we will need to share certain data with a 3rd party to allow them to process your benefits.

This data will be kept for the duration of your employment and for 9 months afterwards.

The 3rd party may keep this data longer (e.g. pension provider holding your information).

Future reference data (after you have left the Company) Key data items:  name, address, start and leave dates job history, last job title and summary of duties, salary details, training courses attended etc.

We would keep a small amount of basic data about you (after you had left) that would allow us to give a prospective employer a reference.

 

This data will be kept for the duration of your employment/engagement and for up to 5 years afterwards.

 

 

 

When the Company will use your personal data

 

Generally, the Company will use your personal data for one of the following lawful reasons:

 

  • to perform the contract we have entered into with you
  • to comply with a legal obligation
  • where it is necessary for legitimate interests (or those of a third party)

 

There are other rare occasions where your personal data or special category data will be used:

 

  • where we need to protect your interests (or someone else’s interests)
  • where it is needed in the public interest, or where it has already been made public
  • where the Company has to process this data for legal claims

 

Special category data

 

Any personal data which identifies ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic, biometric or health data, sex life and sexual orientation is classed as special category data.  The Company will only use this data:

 

  • to comply with employment and other laws when processing and managing situations connected with absences arising in relation to your sickness or family/ dependant related leave etc.
  • to ensure health and safety compliance
  • to assess your capability to perform your role, monitor and manage your sickness absence, provide appropriate workplace adjustments etc.
  • Where it is needed in the public interest, for example for equal opportunity monitoring and reporting

 

In limited circumstances, the Company may request your written consent to allow us to process special category data (e.g. for the purpose of gaining a medical report).

 

The Company does/ does not envisage that it will hold data about criminal convictions.   The Company will only collect data about criminal convictions if it is appropriate to role and duties you will perform.

 

Automated decision making

 

The Company does not envisage that any decisions about your employment will be taken using automated means.  If this position changes you will be notified in writing.

 

Subject Access Requests

 

You are entitled to make a subject access request (SAR).  Any request should be made in writing to the Practice manager.  If you make an SAR, the Company we may request specific If you make an SAR, the Company we may request specific information to confirm your identity to ensure that the data is released to the correct person.

 

The information will be provided in a commonly-used electronic form, unless otherwise requested by the individual.

 

The Company will respond to an SAR within 30 calendar days, with a possibility to extend this period for particularly complex requests. The Company may withhold personal data if disclosing it would ‘adversely affect the rights and freedoms of others'.

 

The Company will only charge you a fee for an SAR if your request is ‘manifestly unfounded or excessive’, or if further copies of data are requested.

 

Data breaches

 

Where any personal data is lost, destroyed, corrupted or disclosed etc. this will amount to a data breach.

 

In the event of a data breach, staff must immediately inform their line manager.

 

In the rare event that a data breach occurs the Company will investigate the cause of any breach, determine any remedial action that can be taken and consider how the effect of the breach can be mitigated.

 

Initial priorities for the Company are to:

 

  • contain the breach
  • assess the potential adverse consequences for the individual(s), based on how substantial these are

 

Where personal data has been sent to someone who is not authorised to have access to it, the Company will:

 

  • inform the unauthorised recipient not to distribute it in any way or discuss it with anyone else
  • inform the unauthorised recipient to destroy or delete the data
  • require the unauthorised recipient to confirm in writing that they have destroyed/ deleted the data
  • advise the unauthorised recipient of the implications if they disclose the data
  • where relevant, inform the data subject(s) so that they can take any necessary action

 

When a personal data breach has occurred, the Company needs to establish the likelihood and severity of the risk to individual(s) rights. If there is a risk, then the Company will notify the ICO.  In the event that a risk is unlikely the there is no requirement for the Company to report it to the ICO.

 

Notifiable breaches must be reported to the ICO no later than 72 hours after the Company became aware of it.

 



 
Call 111 when you need medical help fast but it’s not a 999 emergencyNHS ChoicesThis site is brought to you by My Surgery Website