GDPR and Privacy

Captain French Surgery Privacy Notice

What is a Privacy Notice?

This is also sometimes called a ‘Fair Processing Notice’ and explains the information we collect about you and how we use it. As part of the new UK General Data Protection Regulations (UK GDPR) Captain French Surgery will be open and provide clear information about how we use your personal data.

Under the UK GDPR we must process personal data in a fair and lawful manner and as an organisation we must:

  • Have lawful and appropriate reasons for the use or collection of personal data
  • Not use data in a way to cause harm to the patient
  • Be open about how the data will be used
  • Handle personal data in line with the appropriate legislation and guidance
  • Not use data inappropriately or unlawfully

Why do we need a Privacy Notice?

Under the UK GDPR, which became law in the UK on 25th May 2018, we are required by law to let patients know how we use, collect and hold their personal and healthcare information. This Notice explains:

  • Who we are and how we use your information
  • What personal and healthcare information we collect and process
  • Who we share your information with and why
  • For how long your personal information is retained by us
  • What to do if your personal information changes
  • What are your rights under the data protection laws

What is the GDPR and how do we communicate our privacy notice:

The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region approach data privacy. The GDPR comes into effect on the 25th May 2018.

At Captain French Surgery the practice privacy notice is displayed in the waiting room, in the Patient Leaflet and on the website where there will be a link for further information. We will:

  • Inform patients how their data will be used and for what purpose
  • Allow patients to opt out of sharing their data should they wish to

Risk Stratification

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions e.g. cancer. Your information is collected by a number of sources, including Captain French Surgery; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.

What information do we collect about you?

We will collect information such as your personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, x-rays etc. and any other relevant information to enable us to deliver effective medical care.

How do we use your information?

Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research, however, we will always gain your consent before sharing your information with medical research databases or other when the law allows. Information will not be disclosed to family, friends or spouses unless we have your prior written consent.

How we keep your records confidential

Everyone working for the NHS has a legal duty to keep information about you confidential.

Captain French Surgery is committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security as well as guidance issued by the Information Commissioner’s Office (ICO).

Accessing your records

You have the right to access the information we hold about you; if you would like to access your information you will need to complete a Subject Access Request (SAR) form, please ask at Reception for further information. Should you identify any inaccuracies, you have the right for this to be corrected.

Who are our partner organisations?

We may share information with the following main partner organisations:

  • NHS Trusts (Hospitals)
  • Ambulance Service
  • NHS England
  • NHS out of hours service
  • NHS Digital

This list is not exhaustive; if you would like to know who we share with please ask at Reception.


You have the right to object to your information being shared, should you wish to opt out of the data collection.

This practice is supporting vital health and care planning and research by sharing your data with NHS Digital. For more information about this see the General Practice Data for Planning and Research: GP Practice Privacy Notice – NHS Digital

If you do not want your GP to share your identifiable patient data for purposes except for your own care, you can opt-out by registering a Type 1 Opt-out (opting out of NHS Digital collecting your data). This prevents your data being shared with NHS Digital.  

If you wish to register a Type 1 Opt-out with us before data sharing starts with NHS Digital on 1st September 2021, this should be done by returning this form . You can send the form by post or drop it into Reception. 

If you have previously registered a Type 1 Opt-out and you would like to withdraw this, you can also use the form to do this. 

You can also register a National Data Opt-out, which will prevent NHS Digital from sharing your identifiable patient data for planning and research purposes. Your individual care will not be affected if you opt-out using either option. You can do this on the NHS website or NHS app. 

Please go to Overview – Choose if data from your health records is shared for research and planning – NHS ( 

Opt-outs (either type) that have been registered in the past will all be fully respected.

See the following link to help you make an informed decision-  Collecting GP data – advice for the public – NHS Digital

What to do if you have any questions

Should you have any questions about our privacy policy or the information we hold about you, you can contact:

The Practice Data Controller:
Captain French Surgery
The Gillinggate Centre

Telephone: 01539 720241

The Data Protection Officer for Captain French Surgery is:

Yvonne Selkeld
Information Governance Officer
Cumbria Partnership NHS Foundation Trust
Maglona House
Kingstown Broadway
Carlisle     CA3 0HA

Telephone: 01228 603961


In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO, for further details visit and select ‘Raising a concern’.

We regularly review our privacy policy and updates will be published on our website and in our waiting room.

For further information on our full privacy policy click the following link

Medical Records – November 2021

Lancashire and South Cumbria has been chosen by NHS England to be a national pilot for the digitisation of Medical Records.  Scanning these paper based records and making them digital will enable better utilisation of space, creating more clinical space, staff areas, multi team space and video hubs, removing the need for some practices to build extensions. In addition it will also make your record more easily and speedily accessible to clinical staff within your practice.

Your complete GP medical record will be digital and stored in a secure cloud based clinical system (only accessible by your GP practice) with the paper based records being securely destroyed following BS EN 15713:2009 Secure destruction of confidential material.  Your GP will still be able to access your records easily within this system. The scanning and destruction of the paper records will follow strict data protection guidelines adhered to by the NHS.  As with paper based records, digital records are stored for the durations specified in the Records Management Codes of Practice for Health and Social Care. For GP patient records, this states that they may be destroyed 10 years after the patient’s death if they are no longer needed.

If you wish to discuss the scheme, please inform the Practice direct either by letter or via e-mail