COVID-19

Please be aware that we may use new providers or suppliers to help us quickly adapt during the outbreak and to continue your care effectively. For example, we may use a new provider for video consultations. We may not be able to add these to our transparency materials right away, and we apologise for this but please be assured that all of our processors are bound by contract to protect your data.

During COVID-19 we may ask you to send a photograph of your bruise or skin condition that you are concerned about whilst we conduct virtual consultations. This photograph will be used by the clinician to determine any medical treatment necessary and will be added to your medical record.

Please note that as this is sent via email, it may not be secure and we therefore ask that you only include your NHS number alongside your photograph in the email. The photograph should only be of the area requested and no other person should be visible in the shot.

Your Information

Magdalen Medical Practice takes privacy seriously and we want to provide you with information about your rights, who we share your information with and how we keep it secure.

Please use the links below to find more information about the practice and data protection.

• Transparency
• CCTV
• Telephone Recording
• Case Finding (ECLIPSE)
• Information Sharing Norfolk and Waveney

How Does Magdalen Medical Practice Collect my Information?

We will collect information about you, either directly – when you make an application for a job with us to, or indirectly – through references, occupational health referrals and during the course of your employment with us.

The information we collect will be stored on computer and electronic systems. The information includes Personal Data;

• basic details about you, such as address, date of birth, and next of kin
  as well as Sensitive Personal Data, where it is relevant to your employment;
• notes and reports about your health and any disabilities
• information about your home life such as marital status
• Information about criminal records checks – generally, we will only retain the reference number

Magdalen Medical Practice are permitted to collect, store, use and share this information, where necessary, under the General Data Protection Regulations Article 6 (1) (b) “for the purposes of a contract” and Article 9 (2) (b) “employment purposes” and Data Protection act 2018 Schedule 9 (2) (a) “performance of a contract” and Schedule 10 (2) “in connection with employment”.

How Does Magdalen Medical Practice Use my Information?

Magdalen Medical Practice will use your information for your recruitment and employment in the following ways;

• To assess your suitability for the role
• To support the process of recruiting and onboarding you as a member of staff
• To pay you and to keep payroll records
• Administration of Expenses and Leave
• To deliver and maintain records on your training and professional development
• To support secondments or promotions
• To manage your performance

To undertake some of these activities, your information will be shared internally across our teams. We will work to ensure that only the right people have your information and that they are only given the information they need.

Who Does Magdalen Medical Practice Share My Information With?

Magdalen Medical Practice works hard to ensure that only the right people have your information and that they are only given the information they need.

• Your information will be shared internally across our teams such as the Partners and Management Team

Personal data will never be made available to organisations not involved in your employment or contracted directly by us without letting you know and giving you a chance to object.

We have contracts in place with these organisations that prevent them from using it in any other way that how we tell them to. These contracts also require them to maintain good standards of security to ensure your confidentiality.

Will Magdalen Medical Practice Share without Asking Me?

Sometimes we will be required by law to share your information and will not always be able to discuss this with you directly.

Examples might be;

• Sharing with the police or tax authorities for the detection or prevention of crime
• Where it is in the wider public interest – to keep the public safe for example
• To safeguard children or vulnerable adults
• Because the court has told us we must share.

What are my Information Rights?

Data protection law provides you with a number of rights that Magdalen Medical Practice is committed to supporting you with;

Right to Access

You have the right to obtain:

• confirmation that your information is being used, stored or shared by Magdalen Medical Practice
• a copy of information held about you
• If you only require a particular part of your record, tell us and this can reduce the time it takes to provide it
• We will respond to your request within one month of receipt or will tell you when it might take longer.
• We are required to validate your identity including the identity of someone making a request on your behalf

Right to Object or Withdraw Consent

We collect, use, store and share your information because we are permitted to by law; in order to deliver your support your employment, but you do have a right to object to us doing this.

When we collect, use, store or share your information based on your consent, you have a right to withdraw that consent at any time.

Our Data Protection Officer will be happy to speak with you about any concerns you have.

Right to Correction

If information about you is incorrect, you are entitled to request that we correct it.

There may be occasions, where we are required by law to maintain the original information – our Data Protection Officer will talk to you about this and you may request that the information is not used during this time.

We will respond to your request within one month of receipt or will tell you when it might take longer.

Right to Portability

You can ask us to send your information to another organisation on your behalf if you wish.

Complaints

You also have the right to make complaints and request investigations into the way your information is used. Please contact our Data Protection Officer or visit the link below for more information.

For more detailed information on your rights visit www.ico.org.uk/for-the-public.

Does Magdalen Medical Practice Use Profiling or Automated Decision Making?

No Magdalen Medical Practice does not undertake automatic profiling or automated decision making in relation to your employment information.

Our Data Protection Officer will be happy to speak to you about this if you have concerns or objections.

How Does Magdalen Medical Practice Protect My Information?

Magdalen Medical Practice are committed to ensuring the security and confidentiality of your information. There are a number of ways we do this;

• Staff receive regular training about protecting and using personal data
• Policies are in place for staff to follow and are regularly reviewed
• We check that only the minimum amount of data is shared or accessed
• We use controlled access to systems, this helps to ensure that the right people are accessing data – people with a ‘need to know’
• We use encrypted emails and storage which would make it difficult for someone to ‘intercept’ your information
• We report and manage incidents to make sure we learn from them and improve
• We put in place contracts that require providers and suppliers to protect your data as well

How Long Does Magdalen Medical Practice Store My Information?

Magdalen Medical Practice will retain / store your CV / Application form for no more than 7 months if you are unsuccessful. We will keep your personnel record for your 6 Years post-employment date as part of our obligations as an employer. Where items of your record can be removed at an earlier time, or be de-identified, this will happen to ensure that Magdalen Medical Practice only hold information that is needed.