GDPR ( General Data Protection Regulation)

Pen-y-Cae Surgery - Privacy Notice

Pen-y-Cae Surgery is committed to protecting your information. This notice explains how your personal information is processed and for what purposes it is held. Pen-y-Cae Surgery is classed as a Data Controller for the purposes of data protection and our registration number in the Data Protection Public Register is Z9004969.

Why do we collect your information?

Healthcare professionals who provide you with care maintain records about your health and any treatment or care you receive. These records help our staff to provide you with the best possible healthcare.

What information do we hold and where does it come from?

The surgery hold and records information about you including:-

  • Personal identifiers and demographic information consisting of such things as your name, date of birth, title, gender
  • Your family, spouse and partner details
  • Your contact details including postal addresses, email addresses and telephone numbers
  • Any contact the surgery has had with you such as appointments, clinic visits, emergency appointments, etc.
  • Notes and reports about your health
  • Details about your treatment and care, including medication
  • Results of investigations such as laboratory tests, x-rays, etc.
  • Relevant information from other health and social care professionals, relatives or those who care for you

How do we keep your information confidential?

We will hold your information on computers and paper and we use a combination of sound working practices and technology to ensure that your information is kept confidential and secure. We will protect your information by:-

  • Training – staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of information both on our premises and when out in the community.
  • Access Controls – any member of staff using computer systems holding patient information will be given their own user name and password to access your information.
  • Audit trails – we will keep a record of anyone who has accessed your health record or added to your record.
  • Records management – all healthcare records are stored confidentially and in secure locations.
  • Computer controls – We have complex security controls to ensure those not authorised to do so – such as hackers, cannot access our computers.

How do we use your information? 

To ensure you receive the best possible care your records are used to provide staff with details about your health, care and treatment and what is needed for your future progress or health management. We will also use your information to monitor the quality of the service provided and to protect the health of the public (for example, where we can see a measles outbreak). We will also use your information to help us manage the NHS and for statistical purposes, and sometimes your information may be used for research purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.

 We are committed to protecting your privacy and will only use information collected in accordance with the law and standards of work such as :-

  • Data Protection Act
  • General Data Protection regulations
  • Human Rights Act 1998
  • Common Law Duty of Confidentiality
  • Health & Social Care Act 2012
  • NHS Code of Confidentiality, Information Security and Records Management

Every member of staff who works for Pen-y-Cae Surgery has a legal obligation to keep information about you confidential and secure. There are times when it is appropriate to share information about you and your healthcare with others such as GP’s and Social Care. The need to share relevant information is to help us work together for your benefit. When we have a contract in place, it may be necessary to share your information with third parties such as oxygen suppliers and voluntary organisations. There may also be exceptional circumstances where your information is disclosed particularly in life or death situations or where the law requires information to be disclosed.

We will use the information provided to us such as email address, telephone no., postal address, to contact you by, means of letter, email, text message, etc.

Data Retention

We will hold your data in accordance with the law and Pen-y-Cae Surgery refers to a retention schedule detailing the length of time we hold your records. This is available to view on 

Your rights

As part of the Data protection Act, you have a number of rights including:-

  • Being able to request access to view or obtain copies of what information Pen-y-Cae Surgery holds about you. This is known as a Subject Access Request.
  • You also have the right to have information about you amended should it be inaccurate

Should you wish to make a Subject Access Request or have your information amended, please contact the Practice 01495 304076

Should you have any concerns about how your information is managed within Pen-y-Cae Surgery, please contact the Data Protection Officer. If you believe your information is being viewed, used or disclosed inappropriately, please put your concern in writing, or contact the Practice Manager to discuss your concern.


Should you have any queries, please contact the Data Protection Officer on:-

Telephone numbers 01495 765019/01495 765326 or email address:

This person is your point of contact for any concerns regarding the use of your information

If you are still unhappy following a review by the Data Protection Officer, you can then contact the Information Commissioners Office (ICO) via their website (