West Kent Health Ltd is a GP federation representing many practices in Kent. Together with our GP members, we deliver improved health care in the community to many residents. We are registered in England and Wales under registration number 09377676.
West Kent Health Ltd is registered with the Information Commissioner’s Office for data protection purposes (registration number ZA527958).
The majority of West Kent Health Ltd clinical services are delivered on behalf of practices within the Kent area. Where this is the case, further information on use of this information can be found in the relevant Practice’s Privacy Notices.
In addition, all West Kent Health Ltd potential or existing staff will be provided with an Employee Privacy Notice.
We collect and use different types of information for different purposes. These include:
- Information that you provide to use when using our services, or that is generated in the course of the use of these services e.g. if you use one of our clinical services or a service provided by us through your GP practice (out of hours doctors services, sexual health services etc.). Information collected may include your personal contact details and any health information needed to deliver the service to you)
- Information that you may provide to us through our recruitment processes or as a West Kent Health Ltd member of staff
- Information contained in or relating to any communications that you send to us or send through our website (including the communication content and meta data associated with the communication)
- Any other personal information that you choose to provide to us
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
We collect personal information from a number of different sources, including:
- directly from you. For example, when you access healthcare services, submit a query to us including via our website, by email or post
- from other healthcare organisations, such as your GP, or an NHS body.
We may use your information for a number of different purposes. For each purpose we must have a “legal ground” to use your personal information in such a way. When the information that we process is classed as sensitive personal information/ special categories of personal information, we must have a specific, additional “legal ground” to process such information.
Generally, we will rely on the following “legal grounds”, as appropriate:
- We have a legal or regulatory obligation to use such personal information. For example, where our regulators require us to hold certain records of our dealings with you.
- We need to use your personal information in order to protect your vital interests or those of a third party. For example, in order to ensure your safety or the safety of others.
- We need to use your personal information for the performance of a task carried out in the public interest or in the exercise or our official authority. For example, in order to provide healthcare services.
- We need to use your personal information for purposes of medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems. For example, in order to provide healthcare services and treatment to you.
- We need to use such personal information to establish, exercise or defend our legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
- We need to use your personal information to manage employment practices as part of our recruitment and staffing processes
- You have consented to the use of your personal information
Uses of your information which rely on some of the legal grounds detailed above include:
- Providing healthcare and related services
- Administration and management of healthcare services (such as maintaining records, receiving professional advice)
- Service improvement, evaluation and audit (in order to improve the healthcare we provide, and to protect and improve the health of the public)
- Communicating with you and resolving any queries or complaints that you might have
- Complying with our legal and regulatory requirements
- Safeguarding purposes (for example, in order to ensure the health and safety of an individual)
- Preventing and investigating fraud. This might include sharing your personal information with third parties such as the police or fraud prevention agencies, for example, NHS Counter Fraud Authority or Audit One
- Managing staff employment and recruitment
- Delivering the West Kent Health Ltd website
- Responding to enquiries or complaints received
The processing of personal data in the delivery of direct care and for providers’ administrative purposes in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR:
- Article 6(1)(c) – legal obligation, for example where the NHS Digital COPI Notice applies
- Article 6(1)(d) – vital interests, for example where it is necessary to protect your or other patients’ vital interests
- Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’
- Article 6(1)(f) – legitimate interests, for example where we are sharing information with a research organisation to carry out vital coronavirus research
- Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
- Article 9(2)(i) – public health purposes
- Article 9(2)(j) – scientific research or statistical purposes.
Cookies are small text files that are placed on your computer by websites that you visit to distinguish you from other users of the site. At the current time, West Kent Health Ltd do not use any cookies in running its website. If these are used in the future, you will clearly be made aware of this and will have the opportunity to consent to the use of these cookies when you first access the site.
At the current time, we do not use your information to actively profile you or to make decisions based on characteristics of our service users, neither do we carry out any automated processing of your personal information that would lead to significant decisions being made about you.
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as is reasonably necessary for the purposes set out in this policy. We will also share information with your GP for the purpose of providing appropriate ongoing medical care.
We may disclose your personal information:
- to the extent that we are required to do by law
- in connection with any ongoing or prospective legal proceedings
- in order to establish, exercise or defend our legal rights (including providing information to others for the purpose of fraud prevention and reducing credit risk)
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such or authority would be reasonably likely to order disclosure of that personal information
Except as provided in this policy, we will not provide your personal information to third parties or share or process any of your personal information outside the EU.
Personal information that we process for any purpose shall not be kept for longer than is necessary for that purpose. Notwithstanding the other provisions of this section, we will retain your personal information:
- to the extent that we are required to do so by law
- if we believe that the information may be relevant to any ongoing or prospective legal proceedings
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
- to support the ongoing business purposes of West Kent Health Ltd as specified above (with due consideration for the rights and freedoms of individuals privacy)
If you would like further details of how personal information is retained by our organisation, please contact us directly.
You have a number of rights under Data Protection law including:
- The right to be informed about the collection and use of your personal information e.g. via this privacy notice
- The right to access your personal information
- The right to have any inaccurate personal information rectified, or completed if it is incomplete
- The right to have your personal information erased in certain circumstances (please note that information which is clinically relevant cannot be deleted from medical records, although notes relating to accuracy etc can be added and access appropriately restricted as necessary)
- The right to request the restriction or suppression of their personal information in certain circumstances
- The right to data portability – to obtain and reuse your personal information for your own purposes across different services
- The right to object to our use of your information in certain circumstances e.g. for marketing or profiling purposes
If you would like to access your own personal information or exercise any of the rights detailed above, please contact us by email@example.com
In the majority of cases, we will respond to your request within one month of receiving the necessary information required to deal with your request.
We may ask you to supply appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport plus an original copy of a utility bill showing your current address) and any additional information to help us to deal with your request effectively.
There may be some exemptions to dealing with your rights as specified in Data Protection law, but we will ensure you are fully informed of this within a month of receiving your request.
Full information on your rights under the Data Protection Act can be found from the following link: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you have a concern that cannot be resolved through discussion with us, these can also be raised with the Information Commissioner’s Office. More information can be found from the following link https://ico.org.uk/concerns/
The Data Controller: West Kent Health Ltd
Our Data Protection Officer: (Your-DPO) can be contacted via West Kent Health Ltd