At Lees Medical Practice we want to make sure that we are communicating with you in a way that is easy for you and that you can understand. As a practice, we are currently working towards the Standard and identifying those patients with information and communication needs.

We will do our best to ensure that your needs are met and with your permission record this on your file and share information with other NHS and adult social care providers.

We will ask patients and carers to tell us if they have any communication or information needs relating to a disability, impairment or sensory loss , and if so, what they are.

New Patients will be asked at the point of registration if they have any communication or information needs relating to a disability, impairment or sensory loss, and if so, what they are (there is a section on the new patient questionnaire that covers this question).

Existing patients can be asked opportunistically (e.g.  when making an appointment, with repeat prescriptions, newsletters, posters, email, text message, information screens and website)

We will keep a log of which patients have been asked about their accessible information requirements and review this information every 12mths, to ensure it is kept up to date.

Patients will be asked in the accessible information standard questionnaire to share permission with other NHS and Adult Social Care services.

Where permission has been given, the communication or information needs will be included as a routine part of any letter or referral (or other communication with NHS or Adult Social Care services).

The practice will provide one or more contact methods which are accessible to the patients. The method must allow the patient to contact the practice, and staff must use this method to contact the patient. Method includes email, text message, telephone or letter.

Where information and communication are identified, information (e.g. correspondence) will be provided in one or more accessible formats (e.g. non-standard print) Alternative formats can be provided if available either through auto-generated systems, or through prompting staff to make alternative arrangements. The adjustments made should be reasonable – but this does not mean that the patient must always receive information in their preferred format. What is important is that they can access and understand the information.

Where needed, appropriate professional communication support is arranged by the practice to enable patients and carers to effectively receive NHS care.

Interpreters and other communication professionals (e.g British Sign Language (BSL)interpreters and deafblind manual interpreters)must have appropriate qualifications, Disclosure and Barring service clearance, and be signed up to the relevant professional code of practice.

Appropriately qualified practice staff who are registered as communication professionals may also provide professional communication support, in certain circumstances and where there is patient consent (which should be recorded).

A patient’s family member, friend or carer may also provide necessary support in certain circumstances and where this is the patient ‘s explicit preference(which should be recorded)

The practice will refer to the NHS England guidance for further information on the use of practice staff, family members, friends and carers for further communication support, including safeguarding and consent.

Patient and carers themselves will not be asked to meet the cost of any information or communication needs.

For further information please contact the Practice Manager.

These fact sheets have been written to explain the role of UK health services, the National Health Service (NHS), to newly-arrived individuals seeking asylum. They cover issues such as the role of GPs, their function as gatekeepers to the health services, how to register and how to access emergency services.

Special care has been taken to ensure that information is given in clear language, and the content and style has been tested with user groups.Open the leaflets in one of the following languages 

English	Urdu
Albanian	Hindi
Arabic	Lithuanian
Bulgarian	Polish
Chinese (Cantonese)	Portuguese
Chinese (Mandarin)	Spanish
Russian	French
Turkish	Punjabi
Gujerati	Somali
Croatian	Bengali

Privacy Policy Statement (GDPR Compliant)

Introduction

This Privacy Policy Statement explains what personal or company data we may collect and how we might use your data. It also explains reasons we may need to disclose your personal or company data to others and how we store your data securely.

Our website may contain links to other websites, which are provided for your convenience. We are only responsible for the privacy practices and security of this website and not external websites. You should therefore check any other linked website’s privacy policies.

This policy may be subject to change, so you are advised to check our website regularly for any further changes.

You can access our home page and browse our site without disclosing any personal or company data except for information automatically collected by cookies that we use.

Cookies on this website

We may send a small file to your computer when you visit our website. This will enable us to identify you on future visits and to track your movement within it for ‘user-friendly’ development purposes. We may use cookies to collect and store data and to link information stored by them with the personal or company data you supply to us.

Except for the use of cookies, we only collect information you specifically provide to us. You can set your computer browser to reject cookies, but this may impede your use of certain parts of this website.

Who are we?

We are SurgeryWeb, our core business is providing customised websites for medical centres and doctor’s surgeries, primarily within an NHS framework.

How the Law Protects You

Data protection laws (GDPR) state that we are only able to process personal or company data if we have valid reasons to do so. The basis for processing your personal or company data includes, but is not limited to, your consent, performance of a contract, to enable billing and to contact you for customer service purposes.

How Do We Collect Personal or Company Data From You?

We receive information about you, when you use our website, complete registration forms on our website and if you contact us by phone, email or otherwise in respect of any of our services.

Secure Hosting Facilities

This website is provided by SurgeryWeb and hosted by either TMZVPS within a UK data centre located in Maidstone, Kent, UK or a cloud based server provided by Amazon Web Servers (AWS).

Some of the data centre’s more notable security features are as follows:

• Security: on-site officers, CCTV, key card controls
• Pre-action fire suppression systems
• 24-hour data centre monitoring
• 24-hour Operations Support Centre
• Diesel back-up generators
• Full details of TMZVPS’s data centre can be found here.
• All traffic (including transferral of files) between our website and your browser is encrypted and delivered over HTTPS.

Your personal or company data may automatically be collected when you use our website, including but not limited to, your IP address, device-specific information, server logs, device event information and location information.

What Type of Data Might We Collect From You?

The personal or company data that we may collect from you may include your name, address, email address, phone numbers and medical information submitted by online forms.

• IP address (automatically collected)
• Web browser type and version (automatically collected)
• Operating system (automatically collected)
• A list of URLs starting with a referring Site, your activity on this Site, and the Site you exit to (automatically collected)
• Personal or company data submitted via a contact form or email link is emailed to the Practice and stored in a Content Management System (CMS) database or on the server that this website is hosted upon. This information is only accessible by authorised employees of the Practice or SurgeryWeb developers, and will auto-delete after 30 days.

We may also retain records of your enquiries and correspondence, in the event you contact us.

How Do We Use Your Data?

We may use information about you in the following ways:

• To provide you with access to our services.
• To comply with our contractual obligations we have with you.
• To help us identify you and any accounts you might hold with us.
• To enable us to review, develop and improve our website and services.
• To provide customer care, including responding to your requests if you contact us.
• To notify you about any changes to our website and services.
• To provide you with information about services that you request from us, or where you have consented to be contacted for such purposes.
• To inform you of any new service or price changes.

Retention Periods

We shall retain your data only for as long as necessary in accordance with applicable laws. Third party information, relating to patients, may be retained for up to 30 days only.

We assure you that your data shall only be used for the purposes stated herein.

Who Has Access to Your Personal or Company Data?

We process your data for administration, billing, support and the provision of services. Management and officers of SurgeryWeb may have access to your data for the process of conducting business related activities only.

Third Parties

We do not sell, rent or share your personal or company data to third parties for marketing, advertising or any other purposes.

We will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal or company data is secure and will not be used for any marketing purposes by any third parties.

We may need to share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal or company data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings.

Similarly, we may share your personal or company data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of SurgeryWeb, or others.

Your Rights

Under data protection legislation (GDPR), you have several rights regarding the use of your personal or company data, as follows:

The Right of Confirmation and Access

You have the right to obtain confirmation from the data controller appointed by SurgeryWeb, as to whether or not personal or company data concerning you is being processed or stored. You also have the right to request a copy of this information. You have the right to be informed of the appropriate safeguards relating to any transfer of your data to any international company.

Right to Rectification and Erasure (Right to be Forgotten)

You have the right to ask us to correct any inaccurate data or to complete any incomplete personal or company data that we may hold. You have the right to request that we erase your personal or company data without delay where one of the statutory grounds applies, so long as the processing is not necessary. If you request us to erase your personal or company data, then this means that our business relationship with you will end as we cannot provide our service without processing your data.

Right of Restriction of Processing/Right to Object

You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal or company data concerning you. You also have the right to restrict the processing of your personal or company data under certain circumstances, including if you have contested its accuracy and while this is being verified by us, or if you have objected to its processing and while we are considering whether we have legitimate grounds to continue to do so.

Right of Data Portability

You have the right for certain data you have given us to be provided to you in a structured and commonly used electronic format (for example, a MS document, XLS file), so that you can move, copy or transfer this data easily to another data controller. You may also request that we transmit this data directly to another organisation where it is practical for us to do so.

Automated Individual Decision-Making, Including Profiling

You have the right not to be subjected to a decision, based solely on automated processing, including profiling. We do not process any personal or company data in this way.

How to Exercise Your Rights

If you wish to contact us in respect of any of your rights as described above, please contact the Practice – We will respond to your request free of charge and usually within 30 days.

How to Complain About the Use of Your Data

If you wish to complain about how we have handled your personal or company data, including any of the rights outlined above, please contact the Practice.

Accessing and Updating Your Data

You must ensure all your details, including but not limited to, name, address, phone number and email address are kept up to date at all times. All changes should be notified to us directly.

Where We Store Your Personal or Company Data

All information you provide to us is stored on our secured, GDPR compliant system, which is protected by firewalls and anti-virus software programs. From time to time, your information may be transferred to and stored on other storage media and kept securely at our business premises. By providing your data to us, you agree to this transfer and storage.

Please note: As the transmission of information via the internet and email is not completely secure, we cannot guarantee the security of your data during transmission, therefore any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.

All sensitive data are encrypted and fully protected.

Liability

We agree to take all reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions.

Data Breaches

In the event of a data breach, we shall ensure that our obligations under applicable GDPR data protection and UK Privacy laws are complied with, which may include, and is not limited to, notifying the Relevant Supervisory Authority.

Contact Us

Please contact us with any questions or comments you have about privacy issues.

Data Protection Officer
We have appointed a Data Protection Officer to ensure that we continuously process your personal or company data in an open, accurate and legal manner. If you have any questions about the processing of your personal or company data, please contact our Data Protection Officer at the Practice.

Your Right to Make a Complaint

You have the right to make a complaint about how we process your personal or company data to: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en

This notice was last updated on 20/09/2022. Should any information provided within this policy be subject to change then this page will be updated to reflect any changes in the law or our privacy practices. However, we will not use your personal or company data in any new ways without your prior consent.

All requests for information relating to your personal or company data and how we use and process this data will be provided free of charge.

The practice fully supports the NHS Zero Tolerance Policy. The aim of this policy is to tackle the increasing problem of violence against staff working in the NHS and ensures that doctors and their staff have a right to care for others without fear of being attacked or abused.

We understand that ill patients do not always act in a reasonable manner and will take this into consideration when trying to deal with a misunderstanding or complaint. We ask you to treat your doctors and their staff courteously and act reasonably.

All incidents will be followed up and you will be sent a formal warning after a second incident or removed from the practice list after a third incident if your behaviour has been unreasonable.

However, aggressive behaviour, be it violent or verbal abusive, will not be tolerated and may result in you being removed from the Practice list and, in extreme cases, the Police will be contacted if an incident is taking place and the patient is posing a threat to staff or other patients.

Removal from the Practice List

A good patient-doctor relationship, based on mutual respect and trust, is the cornerstone of good patient care. The removal of patients from our list is an exceptional and rare event and is a last resort in an impaired patient-practice relationship. When trust has irretrievably broken down, it is in the patient’s interest, just as much as that of The Surgery, that they should find a new practice. An exception to this is on immediate removal on the grounds of violence e.g. when the Police are involved.

Removing other members of the household

In rare cases, however, because of the possible need to visit patients at home it may be necessary to terminate responsibility for other members of the family or the entire household. The prospect of visiting patients where a relative who is no longer a patient of the practice by virtue of their unacceptable behaviour resides, or being regularly confronted by the removed patient, may make it too difficult for the practice to continue to look after the whole family. This is particularly likely where the patient has been removed because of violence or threatening behaviour and keeping the other family members could put doctors or their staff at risk.