Show Side Menu

Privacy Notice


North House Surgery


Privacy Notice


This Notice has been written to inform our patients about how we collect their personal information and what we do with it. Please be aware that this notice may be subject to change.  


Who are we?


North House Surgery is a ‘Data Controller’ as defined by Article 4 (7) of GDPR. This means that we determine the purposes for which, and the way in which, your personal data is processed. We have a responsibility to you and your personal data and will only collect and use this in ways which are compliant with data protection legislation.



The practice has appointed PCIG Consulting Ltd to be its Data Protection Officer. Their contact details are:

Paul Couldrey 

PCIG Consulting Ltd

NPV Enterprise Centre, 6 David Lane, Nottingham, NG6 0JU // 0115 838 6770



What data do you collect about me?


We will collect general information about you including:


  • Name, address, DOB,

  • Contact details and emergency contacts,

  • Carer or legal representative.


    We will also collect and process certain ‘special category’ data about our patients. This means information which is more sensitive and needs extra protection. Most of what we collect about you is information relating to your physical or mental health such as:


  • Contact you have had with us in relation to appointments, clinic visits, etc,

  • Notes and reports about your health,

  • Information about your treatment and care,

  • Results of tests, x-rays, and investigations,

  • Any other relevant patient information including information provided by others such as health professionals, relatives, carers or other partner organisations who you may be involved with.


    It may also be necessary for us to process other special category information about you for medical purposes including, but not necessarily limited to:


  • Sex life or sexual orientation,

  • Racial or ethnic origin,

  • Religious or philosophical beliefs.


    What do you do with my personal data?

    We use your information in order to:


  • Provide you with healthcare services,

  • Improve service delivery and planning,

  • Investigate any concerns you have raised about the service you have received,

  • Conduct research and produce statistical data.


    We also use your information for the following reasons:


  • Risk stratification

    Risk stratification is a process in which we use personal information to determine if patients may be at high risk of experiencing certain medical conditions. This is done for preventative reasons and we will collect this information from various health care services including NHS Trusts and the information we hold about you within the practice.

  • Medicines Management

    Harrogate and Rural District CCG provide support to Audit and review patients’ medicines and prescriptions and in order to do this they will require access to patient records. This is in place to enhance effective and safe prescribing of medication and to ensure we are operating in a cost effective way. We have a confidentiality agreement in place to govern this process.

  • GP Practice Variation

    Harrogate and Rural District CCG provide support to promote understanding of the variation between GP practices. This work requires access to patient records and is governed by a specific confidentiality agreement with the CCG.


    What is your lawful basis to process my personal data?

    There are a number of reasons we may rely on to process your personal data in line with Article 6 and Article 9 of GDPR. These are:


  • Because we have a legal obligation,


  • Because it is in the public interest or we have official authority,

  • To protect the vital interests of you or another person,

  • For the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services,

  • Reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices,

  • Research or statistical purposes.


    Who has access to my personal data within the practice?

    Employees of North House Surgery may only access your personal data if they require it to perform a task. There are procedures and checks in place to ensure that employees can not use your data for their own personal benefit.


    Who do you share my personal data with?

    The practice will only share personal data with another organisation if it has a lawful basis to do so and will always keep records of when your data has been disclosed to another organisation. Electronic patient records are kept in most places where you receive healthcare.  Our local electronic systems enable information from your electronic medical record to be shared with organisations involved in your direct care.  Organisations who we may share your information with include, but is not limited to:


  • NHS Trusts,

  • Other GPs (if you transfer to another practice),

  • Independent healthcare contractors including dentists, opticians and pharmacists,

  • Voluntary sector providers,

  • Ambulance Trusts,

  • Harrogate and Rural District Clinical Commissioning Group, and subsidiary providers contracted by them

  • Our clinical system supplier Egton Medical Information Services (EMIS)

  • Local Authorities,

  • Children or Adults Social Care,

  • Education Services,

  • Fire and Rescue Services,

  • Regulatory Authorities (such as CQC and NMC).


    We will not share information about you without your permission unless we are required to do so by law. Sometimes we may be required to share your information and will not always be able to tell you. Examples might be for the purposes of detection or prevention of crime, or where we are required to share due to a court order.


    Third party processors

    In order to deliver the best possible service the practice may use third party organisations. These organisations will sometimes require access to your personal data in order to complete their work. If we do use a third party organisation we will always have an agreement in place to ensure that the other organisation keeps your data secure.


    How do you protect my personal data?

    North House Surgery is committed to keeping the personal data that it holds safe from loss, corruption or theft. It has a number of measures in place to do this including:



  • Annual training for all employees on how to handle personal data,

  • Policies and procedures detailing what employees can and can not do with personal data.

  • IT security safeguards such a firewalls, encryption, virus protection software, and password protected accesses

  • On site security safeguards to protect physical files and electronic equipment


    How long do you keep my personal data for?

    North House Surgery will only keep your personal data for as long as it is required to fulfil the purpose it was collected for or for as long as is required by legislation.


    Your electronic medical record remains a part of our clinical system after you are no longer registered with us but will have additional security features to restrict and monitor access.  Access to these records continues to be where there is a lawful basis for doing so under the regulations


    Do you transfer my data outside of the UK?

    Generally the information that the practice holds is all held within the UK. However, if information needs to be held on computer servers which are outside of the UK, we will take all reasonable steps to ensure your data is not processed in a country that is not seen as ‘safe’ by the UK or EU government, and will ensure it has extra protection from loss or unauthorised access.


    What are my Data Protection rights?

    Under data protection legislation you have the following rights in relation to the processing of your personal data:


  • To be informed about how we process your personal data.  This notice fulfils this obligation.

  • To request access to your personal data that we hold, and be provided with a copy of it.  This is known as a Subject Access Request (SAR).  This request may be made in writing, verbally or electronically.  There is no fee for making a SAR, however, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or decline to respond to your request.  Additional guidance applies to SARs, which we will supply to you on request.

  • To request that your personal data is amended if inaccurate or incomplete,

  • To request that your personal data is erased where there is no compelling reason for its continued processing,

  • To request that the processing of your personal data is restricted,

  • To object to your personal data being processed,


    If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO on the address provided above.

    If we cannot resolve your concerns you may also complain to the Information Commissioner’s Office (the Data Protection Regulator) about the way in which we have handled your personal data. You can do so by contacting:

    First Contact Team

    Information Commissioner’s Office

    Wycliffe House

    Water Lane

    Wilmslow Cheshire

    SK9 5AF  // 03031 231113


Your Neighbourhood Professionals. Just a Click Away! Rippon Visionplus Ltd Elderflower Homecare Clock Tower Dental Care
North Street, Ripon, HG4 1HL
  • Telephone (01765) 690666
Website supplied by Oldroyd Publishing Group
Your Neighbourhood Professionals. Just a Click Away! Rippon Visionplus Ltd Elderflower Homecare Clock Tower Dental Care
Back to top