Use of this website is subject to the following disclaimers:
Coventry & Rugby GP Alliance is committed to the highest standard of quality information and every attempt has been made to ensure up to date and accurate information is provided. However, we cannot guarantee the accuracy or validity of the information on this website. Use of this website is entirely at your own risk and Coventry & Rugby GP Alliance does not accept liability of any kind for any loss, damage or inconvenience caused as a result of relying on information supplied. Within our website you may find links to other sites. Coventry & Rugby GP Alliance has no control over, and shall not be responsible for, the content of such sites nor are we responsible for the protection and privacy of any information you provide whilst visiting such sites and such sites are not governed by this privacy statement.
General Data Protection Register (GDPR)
The EU GDPR came into force on 25th May 2018, replacing the Data Protection Act 1998 (DPA); the extant Data Protection Bill published in September 2017 is to be read in conjunction with the GDPR. The GDPR applies to all EU member states and Coventry & Rugby GP Alliance must be able to demonstrate compliance at all times. Understanding the requirements of the GDPR will ensure that personal data of both staff and patients is protected accordingly. As a result, we have published a CRGPA Privacy Information Leaflet V02 to make it easier for you to find out how we use and protect your information. We will not be changing the way we use your personal information but the new notice will provide you with additional details such as:
- Your increased rights in relation to the information we hold about you
- How we keep your personal information secure
- The types of personal information we collect about you and how we collect and use it
- The legal grounds for how we use your information
Common Law Duty of Confidentiality
Common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges and is also referred to as ‘judge-made’ or case law. The law is applied by reference to previous cases and is said to be ‘based on precedent’.
The general position is that, if information is given in circumstances where it is expected that a duty of confidence applies, that information cannot normally be disclosed without the information provider’s consent. In practice this means that all patient/service user information, whether held on paper, computer, visually, by audio recording or held in the memory of the professional, must not normally be disclosed without the consent of the patient/ service user.
It should be noted that the duty:
- Applies regardless of the patient/ service user’s age
- Applies regardless of the patient/ service user’s mental or physical health or condition
- Continues when staff are no longer employees of the organisation.
We respect your privacy and we promise to do the following:
- Use your personal information only to provide you with the information you have requested or have agreed to receive
- Keep your data safe and secure and process it in a manner that follows your wishes
- Assist you to change your mind at any time about the communications you have signed up to receive
- Our complete Access to Medical Records policy can be found here
The GDPR has a lawful basis for processing health data when it is for the provision of direct care that does not require explicit consent. GPs can also continue to reply on implied consent to share confidential data for the provision of direct patient care.
If you need any help accessing this information, please use the Browsealoud function on the website which will allow you to translate any part of this information (or any part of the website) into any language or even read aloud using the audio function. Remember you can also download any extracts.
Collection of Information
You can browse some of our site without telling us who you are or revealing any personal information to us. In some areas you may be required to register and/or supply personal details such as:
- Name and company name
- Contact information including email address
Without limitation, any of the following Data may be collected:
- Name and title
- Contact information including email address and telephone number
- IP address (automatically collected)
- Web browser type and version (automatically collected)
- Operating system (automatically collected)
What we do with the information we gather
- We require your information to understand your needs, provide you with a thorough response and to continue to improve our services.
In particular we are likely to use it to:
- Respond to your query
- Keep internal records up to date
- Improve our services
- We may periodically send promotional emails about information which we think you may find interesting using the email address you have provided.
We are the sole owners of the information collected on this site. We only have access to the information you voluntarily give us. We will use your information to respond to you, regarding the reason you contacted us. We will not sell or rent this information to anyone. If we do not hear otherwise from you, we will assume that the information you provide to us is accurate and up-to-date and we will continue to use the information to send you any communications you have requested.
- This website is hosted by S1lver Innovation
- This website does not accept or host any advertising
- This is a non-commercial website and receives no external source of funding from any organisation
- This website does not collect or process personal data
- This website uses Google Analytics
- All links from this website are provided for information and convenience only
Sharing Information with Others
No personal information you give us will be passed on, or sold, to third parties for commercial purposes. Our policy is that all information will be shared among Coventry & Rugby GP Alliance member practices on a need basis, and according to legal regulations.
If we have to confirm or share information with other organisations, this will be in-line with a legal requirement to do so. We are committed to ensuring your information is secure and only kept as long as is required by law. In order to prevent unauthorised access, disclosure, change, damage or loss, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
You have the right to:
- have access to the personal information we hold about you;
- have rectified any incomplete, inaccurate out-of-date personal information that we hold about you;
- have personal information we hold about you erased from our systems;
- have the processing of your personal information restricted; and
- receive the personal information we hold about you transmitted to another party.
Please note that these rights may only apply in certain circumstances. If you contact us to exercise any of these rights we may ask you to verify your identity and to provide other details to help us to respond to your request. We will only use this information in order to verify your identity.
You have the right to access the personal information we hold about you at any time. You also have the right to ask us to update or correct any incomplete, inaccurate or out-of-date personal information that we hold about you free of charge.
Before we are able to provide you with, or to correct, any personal information we hold about you, we may ask you to verify your identity and to provide other details to help us to respond to your request. We will only use this information in order to verify your identity.
If you wish to exercise any of your rights please contact our Data Protection Officer.
If you believe that our processing of your personal information is contrary to applicable law please contact our Data Protection Officer as the address detailed below, however you are also entitled to lodge a complaint with the UK’s Information Commissioner’s Office.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
The Data Controller
The data controller of this website is: Coventry & Rugby GP Alliance.
Our registration number for the UK Data Protection Act 1998 is ZA129377
Operating office is:
1 The Boiler House, Electric Wharf, Sandy Lane, Coventry, CV1 4JU
Senior Information Risk Officer (SIRO)
Data Protection Officer (DPO)
Kerry J Crutchlow,
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 13 February 2019.
Contains public sector information licensed under the Open Government Licence v3.0.
If you have any concerns about about our information rights practices you may contact the Information Commissioner (ICO).
Information Commissioner’s Office
The details are publicly available from the Information Commissioner:
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number