This privacy notice describes the data, the practice holds about you, why we hold it, where and how we store it, how long for and how we protect it. It also tells you about your rights under the Data Protection Legislation and how the law protects you.
Sites listed below
Plympton health Centre, Glenside medical centre, Chaddelwood surgery, Ivybridge Medical centre, Highlands Health Centre and Wotter surgery.
01752 346634/ 348884/ 341340/ 345317/690777/ 897111/ 839312
Beacon Medical Group is a Data Controller for the data we hold about you. We hold your data in order to provide you with health and social care.
Your personal data is any information that can be connected to you personally. If you can be identified from the data, it is personal data. The types of personal data we use and hold about you are:
We may also hold the following information about you:
When we collect your mobile number, we use it to text you to remind you of appointments, invites for annual reviews or follow up appointments. Notifying you about temporary changes that may affect access to the group and anything that is required to support your care or inform you of any changes, that may affect you. If you no longer wish to receive communication this way, please let a member of staff know who will be able to update your preferences.
When we collect your email address, we use it to Invite you for annual reviews or replying to online consultations and notifying you of any changes that may affect your care or access to our services. If you no longer wish to receive communication this way, please let a member of staff know who will be able to update your preferences.
In order to process your personal data or share your personal data outside of the practice, we need a legal basis to do so. If we process or share special category data, such as health data, we will need an additional legal basis to do so.
We rely upon Article 6(1)(e) (public interest task) and Article 9(2)(h) (health and social care) for most of our processing and sharing, in particular to:
We rely upon Article 6(1)(d) (vital interest) and Article 9(2)(c) (vital interests) to share information about you with another healthcare professional in a medical emergency.
We rely upon Article 6(1)(e) (public interest task) and Article 9(2)(g) (substantial public interest) to support safeguarding for patients who, for instance, may be particularly vulnerable to protect them from harm or other forms of abuse.
We rely upon Article 6(1)(c) (legal obligation) and Article 9(2)(h) to share your information for mandatory disclosures of information (such as NHS Digital, CQC and Public Health England).
We rely upon Article 6(1)(c) (legal obligation) and Article 9(2)(f) (legal claims) to help us investigate legal claims and if a court of law orders us to do so.
We rely upon Article 6(1)(a) (consent) and Article 9(2)(a) (explicit consent), in order to:
We also use anonymised data to plan and improve health care services. Specifically, we use it to:
Healthcare staff will respect and comply with their obligations under the common law duty of confidence.
The practice collects data that you provide when you:
We receive information about you from other providers to ensure that we provide you with effective and comprehensive treatment. These providers may include:
eConsult is provided by a third-party organisation and by using eConsult, you are submitting your information to them. This information is then provided to the practice to be reviewed. Further information on eConsult can be found: https://econsult.net/privacy-policies/
You can also use eConsult via the NHSApp. Further information regarding the role of NHS England and the practice can be found: https://www.nhs.uk/using-the-nhs/nhs-services/the-nhs-app/privacy/online-consultations/
Who do we share your data with?
In order to deliver and coordinate your health and social care, we may sometimes share information with other organisations. We will only ever share information about you if other agencies involved in your care have a genuine need for it. Anyone who receives information from the practice is under a legal duty to keep it confidential and secure.
Please be aware that there may be certain circumstances, such as assisting the police with the investigation of a serious crime, where it may be necessary for the practice to share your personal information with external agencies without your knowledge or consent.
We may share information with the following organisations:
In addition to sharing data with the above services, the practice will also use carefully selected third party service providers that process data on behalf of the practice. When we use a third party service provider, we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating responsibly to ensure the protection of your data. Examples of functions that may be carried out by third parties includes:
Health and social care services in Devon and Cornwall have developed a system to share patient data efficiently and quickly and, ultimately, improve the care you receive.
This shared system is called the Devon and Cornwall Care Record.
It’s important that anyone treating you has access to your shared record so they have all the information they need to care for you. This applies to your routine appointments and also in urgent situations such as going to A&E, calling 111 or going to an out-of-hours appointment.
It’s also quicker for staff to access a shared record than to try to contact other staff by phone or email.
Only authorised health and care staff can access the Devon and Cornwall Care Record and the information they see is carefully checked so that it relates to their job. Also, systems do not share all your data – just data that services have agreed is necessary to include.
For more information about the Devon and Cornwall Care Record, please go to https://www.
We use a number of IT systems and tools to store and process your data, on behalf of the practice. Examples of tools we use include our Core Clinical System TPP, NHSmail, Microsoft 365, IGP, eConsult, AccuRx and MJOG.
We share your record using GP Connect/Interoperability/Enhanced Data Sharing Module to make sure that, whether you are visiting the practice, attending hospital, or being seen in the community or at home by a care professional, everyone knows the care you need and how you want to be treated. Your electronic health record is available to other local providers such as Devon Doctors, Livewell, St Lukes hospice,University Hospitals Plymouth (UHP). via GPConnect/ SystmOne EDSM/ Interopability] who are involved in your care. This includes the sharing of, personal contact details, diagnosis, medications, allergies and test results. Your records will be treated with the strictest confidence and can only be viewed if you use their service.
Please note that if you have previously dissented (opted-out) to sharing your records, this decision will be upheld, and your record will only be accessed by the practice. Should you wish to opt-out of, please speak to any member of the Beacon team who will be able to update your personal preferences. Please note that by opting out of this sharing, other health professionals may not be able to see important medical information, which may impact on the care you receive.
NHS England have implemented the SCR which contains information about you; including your name, address, data of birth, NHS number, medication you are taking and any bad reactions to medication that you have had in the past. This information is automatically extracted from your records and uploaded onto a central system.
Many patients who are seen outside of their GP Practice are understandably not able to provide a full account of their care or may not be in a position to do so. The SCR means patients do not have to repeat their medical history at every care setting and the healthcare professional they are seeing is able to access their SCR. The SCR can only be viewed within the NHS on NHS smartcard-controlled screens or by organisations, such as pharmacies, contracted to the NHS.
As well as this basic record, additional information can be added to include further information. However, any additional data will only be uploaded of you specifically request it and with your consent. You can find out more about the SCR here: https://digital.nhs.uk/services/summary-care-records-scr
The NHS provides national screening programmes so that certain diseases can be detected at early stages. These screening programmes include bowel cancer, breast cancer, cervical cancer, aortic aneurysms and a diabetic eye screening service. More information on the national screening programmes can be found at: https://www.gov.uk/topic/population-screening-programmes
Your medical records will be searched by a computer program so that we can identify patients who might be at high risk from certain diseases such as heart disease or unplanned admissions to hospital. This means we can offer patients additional care or support as early as possible.
This process will involve linking information from your GP record with information from other health or social care services you have used. Information which identifies you will only be seen by this practice. More information can be found at https://www.england.nhs.uk/ig/risk-stratification/ or speak to the practice.
As well as using your data to support the delivery of care to you, your data may be used to help improve the way health and social care is delivered to patients and service users throughout Devon using Population Health Management methods.
We will use a pseudonymised extract (ie. not identifiable information) which will be sent securely to NHS Devon ICB (Integrated Care Board) and in partnership with the Local Authorities. Data will be used to support the Devon Integrated Care System to improve short-term and medium-term health outcomes for local populations. If you would benefit from some additional care or support, your information will be shared back to the practice, or another local provider involved in your care, so that they can offer you direct care.
Further information about Population Health Management can be found here:
Further information about the One Devon Dataset can be found here
We will rely on public interest task as the legal basis for processing your data for this purpose. You have a right to object to your information being used in this way. If you wish to discuss this further, please contact email@example.com
We are a research practice and work with various study groups and companies to deliver research studies and trials. Employees of the practices will access your information in order to determine whether you are suitable to be invited to participate in a study. We will only share your information with the research providers with your explicit consent. Further information regarding the research providers can be ask by contacting the Beacon research group by calling the practice or emailing firstname.lastname@example.org.
The practice, along with several others across Devon works with the National Institute for Health Research South West Peninsula (NIHR SWP) to deliver and offer Clinical Trials and Research Studies to the registered population. In addition to offering Trials and Studies, the Practice works with the NIHR SWP to carry out feasibility reports. This enables the NIHR SWP to report on behalf of the practices, the population across Devon (where practice’s have opted in), to determine whether it is feasible for a study to open, or be considered for the local region (Devon, Cornwall and Somerset).
The feasibility group does not extract or access patient identifiable data and staff who undertake this work are bound by Confidentiality: NHS Code of Practice, General Data Protection Regulations 2018 and Good Clinical Practice (training for the delivery of research). Patients who wish for their data to be excluded from the “top level” feasibility reports should request that the practice records an opt out on their record.
We only hold your data for as long as necessary and are required to hold your data in line with the NHS Records Management Code of Practice for Health and Social Care 2016 Retention Schedule. Further information can be found online at:
Telephone call recordings are stored for 12 months.
What rights do you have?
You have various rights under the UK GDPR and Data Protection Act 2018:
You have the right to request access to view or request copies of the personal data, we hold about you; this is known as a Subject Access Request (SAR). In order to request access, you should see the below link
Please note that you are entitled to a copy of your data that we hold free of charge; however, we are entitled to charge in certain circumstances where the law permits us to do so. We are also entitled to refuse a request, where the law permits us to do so. If we require a fee or are unable to comply with your request, we will notify you within 1 calendar month of your request.
There are certain circumstances in which you can object from your data being shared. Information regarding your rights to opt-out is detailed below:
If the practice is relying on the consent as the basis for processing your data, you have the right to withdraw your consent at any time. Once you have withdrawn your consent, we will stop processing your data for this purpose.
However, this will only apply in circumstances on which we rely on your consent to use your personal data. Please be aware that if you do withdraw your consent, we may not be able to provide certain services to you. If this is the case, we will let you know.
The SCR improves care; however, if you do not want one, you have the right to object to sharing your data or to restrict access to specific elements of your records. This will mean that the information recorded by the practice will not be visible at any other care setting.
If you wish to discuss your options regarding the SCR, please speak to a member of staff at the practice. You can also reinstate your consent at any time by giving your permission to override your previous dissent. More information can be found on the below link.
If you do not wish to receive an invitation to the screening programmes, you can opt out at https://www.gov.uk/government/publications/opting-out-of-the-nhs-population-screening-programmes or speak to the practice.
You have the right to object to your confidential patient data being shared for purposes beyond your direct care by asking the practice to apply a Type 1 opt-out to your medical records. A type 1 opt-out prevents personal data about you, being extracted from your GP record, and uploaded to any other organisations without your explicit consent. If you wish for a Type 1 opt-out to be applied to your record, please use the below link for more information and the form.
Please note that the type 1 opt-out will be changing in the future and therefore you will be unable to object to your data being shared with NHS Digital when it is legally required under the Health and Social Care Act 2012.
NHS Digital is developing a new system to support the national data opt-out which will give patients more control over how identifiable health and care information is used. The system will offer patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes.
You have the right to object to your data being shared under the national data opt-out model. The national data opt-out model provides an easy way for you to opt-out of sharing data that identifies you being used or shared for medical research purposes and quality checking or audit purposes.
To opt-out of your identifiable data being shared for medical research or to find out more about your opt-out choices please ask a member of staff or go to NHS Digital’s website:
The National Cancer Registration and Analysis Service is run by Public Health England and is responsible for cancer registration in England, to support cancer epidemiology, public health, service monitoring and research.
Further information regarding the registry and your right to opt-out can be found at: https://www.gov.uk/guidance/national-cancer-registration-and-analysis-service-ncras
You have the right to have any errors or mistakes corrected within your medical records. This applies to matters of fact, not opinion. If the information is of clinical nature, this will need to be reviewed and investigated by the practice. If you wish to have your records amended, please contact email@example.com
If your personal information changes, such as your contact address or number, you should notify the practice immediately so that we can update the information on our system. We will also ask you from time to time to confirm the information we hold for you, is correct.
The practice is not aware of any circumstances in which you will have the right to delete correct data from your medical record, which the practice is legally bound to retain. Although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the data and contact the practice if you hold a different view.
Please let us know if you wish to discuss how we have used your personal data, raise a concern, make a complaint or compliment. Please use this link for all the information required Feedback and Complaints | Beacon Medical Group
You also have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link: https://ico.org.uk/global/contact-us/ or call the helpline on 0303 123 1113.
We do not send your personal data outside of the EEA. However, if this is required, the practice would only do so, with your explicit consent.
The Data Protection Officer for the practice is Bex Lovewell and she can be contacted via email on firstname.lastname@example.org or by post: Delt Shared Services Limited, BUILDING 2 – Delt, Derriford Business Park, Plymouth, PL6 5QZ.
Some cookies are temporary and disappear when you close your web browser, others may remain on your computer for a set period of time. We do not knowingly collect or intend to collect any personal information about you using cookies. We do not share your personal information with anyone.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/
The practice reviews this privacy notice regularly and may amend the notice from time to time. If you wish to discuss any elements of this privacy notice, please contact email@example.com