1. Lawful Reason to Use Your Personal Data

Medicana Winchester uses your personal data lawfully under GDPR Article 6(1)(e) and Article 9(2)(h) for direct care purposes such as medical diagnosis, healthcare provision, and system management.

• In specific cases, we require explicit consent under GDPR Article 6(1)(a). Withdrawal of consent may affect our ability to provide care.

2. National Data Opt-Out

Patients in England can control the use of their data for research and planning through the NHS service at www.nhs.uk/your-nhs-data-matters or by calling 0300 303 5678.

3. How We Use Your Personal Information

We maintain health records in electronic, paper, or hybrid formats to:

• Inform your care and treatment decisions.
• Conduct audits for quality assurance.
• Protect public health and improve service planning.

Your Records May Include:

• Personal details (address, emergency contacts).
• Contact history, treatment notes, test results, and reports.
• Communication logs (calls, appointments).

Some anonymized data may be used for statistical purposes or service evaluations.

4. Maintaining Confidentiality

We adhere to:

• GDPR 2018 and Data Protection Act 2018
• NHS Codes of Confidentiality and Security
• Human Rights Act 1998
• Caldicott Review principles (balancing information sharing and confidentiality).

5. Accessing Your Records

Access to your medical records is strictly limited to authorized personnel involved in your care. All record access is logged and audited to ensure compliance.

• We only share your data with third parties if legally required or with your explicit consent, except in emergencies.

6. Research and Planning

Anonymized or pseudonymized data may be used for research and planning purposes. Identifiable data is only used with your explicit consent.

7. Subject Access Request

You have the right to access your personal data. Complete a Subject Access Request (SAR) form available on our website. We will verify your identity and respond within 30 days.

8. Verifying Your Identity

We require specific details (name, address, NHS number) and may request photo ID to verify your identity when handling your personal information.

9. Correcting Your Records

You can request corrections to inaccurate data. While clinical opinions are not altered, additional information may be added.

10. Partner Organizations

Your data may be shared securely with:

• NHS Trusts and General Practitioners
• Private healthcare providers
• Clinical commissioning groups
  Data sharing outside of direct care requires explicit consent.

11. Communication Methods

We may contact you via phone, SMS, email, or post. Voicemail messages will be discreet. Inform us if your preferences change.

12. Retention of Personal Information

Medical records are retained for a minimum of 8 years post-care. Longer retention applies if part of a GP record.

13. Marketing Policy

We will never use your data for promotional purposes without your consent. Report unsolicited contact to our Data Protection Officer.

14. CCTV Policy

CCTV is used to ensure safety and security at our premises.

• Images are collected for monitoring building access, staff safety, and security incidents.
• Cameras are positioned to avoid unnecessary individual identification.

15. Complaints and Objections

If you have concerns about data use, contact:

• Service Manager or Data Protection Officer at [email protected]
  Unresolved issues can be escalated to the Information Commissioner’s Office (ICO).

16. Your Rights Under GDPR

• Access Data: Request records and corrections.
• Object to Processing: Inform us if you object to any data usage.
• File a Complaint: Contact ICO at www.ico.org.uk or 0303 123 1113.