Data Processors
In this category, these are the organisations we share information about you with:
Data Processors |
||||
|
System/database Recipients or categories of recipients of the personal or special categories of personal data |
Purpose of the processing and data retention periods |
|
Lawful basis |
Your Rights |
|
EMIS Health and Egton
|
EMIS Health and Egton are responsible for the provision of a clinical system, software and IT services used by the Practice to securely store and process your medical record. All information about your personal health records are stored in your GP electronic record. This information is then available to practice staff & external bodies as outlined in this document. Data Retention Periods: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care “GP records should be retained until 10 years after the patient's death or after the patient has permanently left the country, unless they remain in the European Union. Electronic patient records must not be destroyed or deleted for the foreseeable future.” |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: DPA Section 10 (1) (c) – processing is necessary for health and social care purposes; |
You have the right to:
Right to object: In line with the GDPR Article 21, you have a general right to raise an objection to the processing of your personal data in some particular circumstances. This right only applies where we cannot demonstrate compelling legitimate grounds for continued processing of your personal data for the purposes of direct provision of care, and compliance with a legal obligation to which we are subject. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered. Right to complain: If you are dissatisfied with the way Otford Medical Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
CPMS |
Responsible for the provision of IT clinical systems that enables safe, difitised patient care across the healthcare facilities. The supplier of CPMS - an Electronic Health Record (EHR) that links system and brings together patient data across the health and care system irrespective of traditional organisational or technological boundaries. This means health and care professionals in Kent and Medway can access subsets of their patients/service users’ medical or social records from a single system in order to provide the best possible care. The source of the information shared in this way is your electronic GP record for the purposes of direct patient care and population health management. Data Retention Periods: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care “GP records should be retained until 10 years after the patient's death or after the patient has permanently left the country, unless they remain in the European Union. Electronic patient records must not be destroyed or deleted for the foreseeable future.” |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: DPA Section 10 (1) (c) – processing is necessary for health and social care purposes;
|
You have the right to:
Right to object: You have a general right to raise an objection to your personal data being in EMIS Web. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered. Right to complain: If you are dissatisfied with the way Otford Medical Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
Docman Limited act as a data processor and provides cloud-based storage software for electronic patient document. This includes letters that we receive, scan and upload to the patient record, as well as letters that we receive in an electronic format. Generally, Docman enables primary health care organisations capture, file, workflow, view and manage primary care documents efficiently. Docmail enables primary health care organisations send letters, invoices and documents directly from computers and other portable devices. The source of the information shared in this way is your electronic GP record for the purposes of direct administrative patient care. Data Retention Period: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care “GP records should be retained until 10 years after the patient's death or after the patient has permanently left the country, unless they remain in the European Union. Electronic patient records must not be destroyed or deleted for the foreseeable future.” |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: DPA Section 10 (1) (c) – processing is necessary for health and social care purposes; |
You have the right to:
Right to object: In line with the GDPR Article 21, you have a general right to raise an objection to the processing of your personal data in some particular circumstances. This right only applies where we cannot demonstrate compelling legitimate grounds for continued processing of your personal data for the purposes of direct provision of care, and compliance with a legal obligation to which we are subject. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered.
Right to complain: If you are dissatisfied with the way Otford Medical Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
|
iPlato is cloud-based text messaging service used by GPs to communicate with their patients. The source of the information shared in this way is your electronic GP record for the purposes of direct administrative patient care. Data Retention Period: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care “GP records should be retained until 10 years after the patient's death or after the patient has permanently left the country, unless they remain in the European Union. Electronic patient records must not be destroyed or deleted for the foreseeable future.” |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: DPA Section 10 (1) (c) – processing is necessary for health and social care purposes; |
You have the right to:
Right to object: In line with the GDPR Article 21, you have a general right to raise an objection to the processing of your personal data in some particular circumstances. This right only applies where we cannot demonstrate compelling legitimate grounds for continued processing of your personal data for the purposes of direct provision of care, and compliance with a legal obligation to which we are subject. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered. Right to complain: If you are dissatisfied with the way Otford Medical Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
|
QMS-UK are commissioned by NHS England to provide secure data processing solutions for two services: Child Health Information Service – information relating to children’s vaccinations is shared with CHIS who run one of 4 Child Health Information Services across Kent and Medway National Diabetic Retinal Screening Service – Diabetic eye screening is carried out in Kent and Medway by Health Intelligence Data Retention Period: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care “GP records should be retained until 10 years after the patient's death or after the patient has permanently left the country, unless they remain in the European Union. |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: DPA Section 10 (1) (c) – processing is necessary for health and social care purposes; |
You have the right to:
Right to object: You have a general right to raise an objection to your personal data being shared in QMS. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered. Right to complain: If you are dissatisfied with the way Otford Medical Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
|
Ardens
|
Otford Medical Practice performs computerised searches of some or all of our records to identify individuals who may be at increased risk of certain conditions or diagnoses i.e. Diabetes, heart disease, risk of falling). Your records may be amongst those searched. This is often called “risk stratification” or “case finding”. These searches are sometimes carried out by Data Processors who link our records to other records that they access, such as hospital attendance records. The results of these searches and assessment may then be shared with other healthcare workers, such as specialist, therapists, technicians etc. The information that is shared is to enable the other healthcare workers to provide the most appropriate advice, investigations, treatments, therapies and or care. Risk stratification can be grouped into two purposes namely: Direct Care – ‘Case Finding’ where carried out by a health professional (e.g. GPs and Provider) involved in an individual’s care or by a data processor acting under contract with such a provider, it is treated as direct care. Indirect Care - understand the local population needs and plan for future requirement. The source of the information shared in this way is your electronic GP record. Data Retention Period: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: DPA Section 10 (1) (c) – processing is necessary for health and social care purposes; Related Legislation: |
You have the right to:
Right to object: You have a general right to raise an objection to your personal data being shared for the purpose of risk stratification. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered. Right to complain: If you are dissatisfied with the way Otford Medical Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
National Institute for Health Research
RCGP Research and Surveillance Centre |
To enable healthcare professionals working for the Otford Medical Practice to provide information, derived from GP records, about individuals to accredited research organisations. This covers research situations where the data controller (Otford Medical Practice) is approached by research organisations, directly, to recruit patients for studies. The source of the information shared in this way is your electronic GP record. Data Retention Period: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care |
|
The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: DPA Section 10 (1) (c) – processing is necessary for health and social care purposes; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: Related Legislation: |
You have the right to:
Right to object: You have a general right to raise an objection to your personal data being shared for the purpose of risk stratification. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered. Right to complain: If you are dissatisfied with the way Otford Medical Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
Shred-It |
To provides solutions for records management, data backup and recovery, document management, secure storage, and accredited data destruction. The source of the information shared in this way is your electronic GP record. Data Retention Period: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: |
You have the right to:
Right to object: You have a general right to raise an objection to your personal data being shared for the purpose of risk stratification. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered. Right to complain: If you are dissatisfied with the way Otford Medical Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
[insert the name of the organisation responsible financial and governance audit]
|
The supplier [insert name] offer a wide range of business assurance services, from internal audit, counter fraud and forensic investigations, risk management and governance. Data Retention Period: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; |
You have the right to:
Right to object: You have a general right to raise an objection to your personal data being shared for the purpose of risk stratification. If you wish to exercise any of your rights please contact the Practice (data controller) or the DPO and your request will be carefully considered. Right to complain: If you are dissatisfied with the way the Practice process your data, you have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
|
Fairway Training |
The Fairway Training provides practices with a software solution to enable the recording of Human Resources related information of its employees’ personal data, in particular for the purposes of the recruitment, obligations performance contract of employment, rights and benefits management planning, health and safety, equality and diversity in the workplace, health and safety at work. The Practice ensures that personal data it collects from employees are used only for employment related purposes or where there is a statutory obligation to share the personal information with to regulatory bodies (e.g. courts, police or NHS England). Data Retention Period: All records held in the Practice EMIS system are kept for the duration specified in the Records Management Codes of Practice for Health and Social Care |
|
The processing of personal data is permitted under the following GDPR and DPA conditions: GDPR Article 6(1) (e) - public interest or in the exercise of official authority; DPA Section 8 (d) - processing is necessary for the exercise of statutory functions; The processing of special categories of personal data concerning health is permitted under the following GDPR and DPA conditions: |
Employees have the right to:
Right to object: Employees have a general right to raise an objection to the sharing personal data. If an employee wishes to exercise his/her rights they can contact the Practice (data controller) or the DPO and their request will be carefully considered. Right to complain: If an employee is dissatisfied with the way Otford Medical Practice process his/her personal data, they have the right to appeal/complain to the Information Commissioner (IC). The IC can be contacted at: |
We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.