1. WHY WE ARE PROVIDING THIS PRIVACY NOTICE
We are required to provide you with this Privacy Notice by Law. It explains how we use the information we collect, store and hold about you. If you are unclear about how we process or use your information, or you have any questions about this Privacy Notice or any other issue regarding your information, then please contact our LMC Compliance Lead (see below).
The Law says:
- We must let you know why we collect information about you.
- We must let you know how we use any information we hold on you.
- We need to inform you in respect of what we do with it.
- We need to tell you about who we share it with or pass it on to and why.
- We need to let you know how long we keep it for.
2. ABOUT US
We are Wessex Local Medical Committees Ltd, (‘the LMC’) registered office situated at Wessex Local Medical Committees Ltd, Churchill House, 122-124 Hursley Road, Chandler’s Ford, Eastleigh, Hampshire, SO53 1JB, company number 05970383.
Wessex Local Medical Committees is the statutory representative body for GPs and their Practices, operating across the counties of Dorset, Hampshire, the Isle of Wight, Bath and North East Somerset, and Wiltshire. We also provide services to the Islands of Jersey and Guernsey. We exist solely to represent, advise, and support GPs and their Practices.
We are the Data Controller of your information.
There may be times where we also process your information.
This means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors.
The purposes for which we use your information are set out in this Privacy Notice.
3. LMC COMPLIANCE LEAD
The LMC Compliance lead is Lisa Harding, Director of Primary Care.
Email: firstname.lastname@example.org .
Telephone Number: 023 8025 3874.
Contact the LMC Compliance Lead if:
- You have any questions about how your information is being held.
- If you require access to your information or if you wish to make a change to your information.
- If you wish to make a complaint about anything to do with the information we hold about you.
- Or any other query relating to this Privacy Notice and your rights.
4. WHAT INFORMATION WE COLLECT ABOUT YOU
We record your name, role, contact details (including, emails, addresses, practice address, telephone number), GMC number (if you are a GP), date of birth (if you are a GP), gender/sex, contacts with the LMC office. This may include email correspondence, letters, details of event bookings and summaries of telephone conversations. This may relate to mailings sent by the LMC, individual advice /support, and pastoral support. This information is held securely and confidentially.
If you are Committee or Secretariat member we will, in addition to the above information, collect your national insurance number, your financial details including your bank account and your sort code for the purpose of paying you.
5. WHY WE USE YOUR INFORMATION
To communicate with you as constituent GPs, Committee and Secretariat members, practice managers and other members of the wider practice team in order to gather and disseminate knowledge, advice and bespoke information. This is part of your membership offering by the LMC.
All information collected will only be used for the legitimate purpose of fulfilling the LMCs’ function. This shall include sending you information such as bulletins, newsletters, mailings, elections on behalf of the LMC / CCGs / Federations/PCNs/the BMA (GPC), pastoral care, events/training, bespoke information and guidance be it on a locality, practice or individual level, surveys, DBS checks, levy collections.
Our Values Reporting
We offer a dedicated email address for the confidential reporting of unacceptable behaviours under our ‘Our Values’ Charter. This is managed by Lisa Harding, Director of Primary Care, who is responsible for convening a small group to consider any matters submitted. The membership of the group is determined by the named person (Lisa Harding) as those most appropriate to discuss the matter confidentially and the group will be chaired by the Chair of the Secretariat or a Committee Chair/Vice-Chair, as appropriate. No minutes will be taken of the meeting and confidentiality will be maintained. The named person will update the Secretariat with a spreadsheet to include the date the issue was raised, how the issue was raised, when it was discussed by the group, the outcome, when the outcome was fedback to the reporter and any learning or changes made as a result.
An anonymous report of unacceptable behaviour under the ‘Our Values’ charter may also be made via an online form, hosted on Sharepoint and available to the whole LMC family. The named person will check for reports weekly and will follow the same process as set out for the dedicated email address reports, however, it will not be possible to feedback to the reporter as the form takes no personal details, such as name or contact.
Teams and Zoom
We record events/webinars and meetings for the purposes of uploading events/webinars to our website and ensuring that meeting invitees can listen to meetings if they have not been able to attend them live or to ensure that minutes of meetings are recorded accurately. You will be informed if a recording is to be made and your consent for the recording to be made will be sought. All recordings will be deleted in line with our Retention and Disposal Policy.
From time to time, we will utilise the Committee WhatsApp group to be used by the office team and Committee members as a means of communication. We will always ask for consent to add members to the group and you may opt to leave the group at any time by notifying the Business Manager. Anyone leaving the organisation or standing down from a Committee will be automatically deleted from all WhatsApp groups.
6. LEGAL BASIS FOR USING YOUR INFORMATION
The law states that we must collect your information in accordance with a legal basis.
We will only use any information that you provide in accordance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”), the Data Protection Act 2018 and any other relevant legislation, regulation, code of practice or guidance.
The legal basis for using your information is as follows;
- Under UK GDPR Article 6(1) (a) ‘the data subject has given consent to the processing of his or her personal data for one or more specific purposes’
- Under UK GDPR Article 6(1) (c) ‘processing is necessary to comply with a legal obligation to which the controller is subject’
- Under UK GDPR Article 6(1) (e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’
- Under UK GDPR Article 6(1) (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child’
Where you have given your consent for us to use your information you have the right to withdraw your consent at any time.
Committee and Secretariat members
If you are a Committee or Secretariat member the legal basis for processing your information is:
a) Under UK GDPR Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’
b) Under UK GDPR Article 6(1) (c) ‘processing is necessary for compliance with a legal obligation to which the controller is subject’
c) Under UK GDPR Article 6(1) (e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’
Where we process any special category/sensitive information the legal basis is as below.
Suppliers and/or Contractors
Where we use your services pursuant to a contract we have with you, the legal basis for processing your information is:
Under UK GDPR Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’
Special category/sensitive information
The Law provides special protection for certain kinds of information that is particularly sensitive.
This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, and trade union membership.
In addition to establishing a legal basis for processing your information under Article 6 of the UK GDPR as set out above, where we process special category data belonging to you, we must also identify a separate condition for processing under Article 9 of the UK GDPR. These special category conditions are:
a) Under UK GDPR Article 9(2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by domestic law or a collective agreement pursuant to domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’
b) Under UK GDPR Article 9(2) (d) ‘processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects’
Where you have provided us with your explicit consent the special category condition is:
c) Under UK Article 9(2) (a) ‘the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where domestic law provides that the prohibition referred to in paragraph 1 may not be lifted by the data subject’
7. HOW LONG WE RETAIN YOUR INFORMATION
Your information will be retained in line with current law, national guidance and our current Information Retention and Disposal Policy. However, we do not keep your information any longer than we consider reasonably necessary.
8. WHO WILL YOUR INFORMATION BE SHARED WITH
Where we do ask for your information this is to ensure we provide you with information that we believe is important to your membership of the LMC.
We may pass on your information if we have a legal obligation to do so, otherwise, we will not share your information with other organisations for market research or commercial purposes and we will not pass on your details to other websites.
There may also be occasions where we may provide information about you in an anonymised form. If we do so, then none of the information we provide to any other party will identify you as an individual and cannot be traced back to you.
Your information may be shared with third parties (for example CCGs, Federations) for the following purposes:-
Elections: The use of email addresses held on the LMC system may be used for locality / CCG / Federation / PCN and BMA (GPC) election purposes or for internal committee elections.
DBS Checks: The use of application details and proof of ID are shared between the practice and the LMC office in order to complete and forward DBS checks for processing by the Disclosure and Barring Service Government Agency.
Levy Collections: Practice name and patient population details will be shared between the LMC and CCGs in order to process levy collections be them statutory or voluntary. Where voluntary, relevant mandates are held by the LMC and shared with the CCG.
Training/Events: Delegate details will be provided to trainers in order to verify their attendance at an event the delegate has booked on to.
Sponsorship: Delegate lists (excluding personal information) will be shared with event sponsors.
General Support: Where we have your explicit consent, on a case by case basis, your details may be shared with GP Supporters, PM Supporters, PM Caretakers and Pastoral Support Agencies.
Honoraria: If you are a Committee or Secretariat member, your information will be processed via the Quickbooks payroll system in order to pay honoraria and will be provided to HMRC for tax purposes.
We will not share your information for marketing purposes unless we have your consent.
Education / Training
As part of the ongoing service the LMC provides to practices, training and education mailings will be disseminated to relevant contacts on our database from time to time.
9. YOUR DATA PROTECTION RIGHTS
You have the right to:
- to be informed if your information is being used.
- request access to the information that we have collected about you. We are obliged to provide this to you free of charge within one month of receipt of your request (unless your request is complex, or you have made numerous requests in which case it may take us longer). If your request is unfounded, excessive, or repetitive we may charge a reasonable administrative fee.
- request the correction of any information held about you that is inaccurate or incomplete. We encourage you to inform us of any changes to your information so that we can ensure that the data we hold on you is accurate and up to date.
- request the deletion or removal of your information where your information is no longer necessary for the purpose for which it was collected/processed, where there is no appropriate reason for us to continue processing it or where we have processed your information unlawfully. However, your request for deletion/removal may not always be met for legal reasons. You will be informed of these reasons when you make your request.
- object to the processing of your information for a particular purpose or purposes. If we agree with your objection, we will stop using your information. If we feel there are strong and legitimate reasons to continue using your information despite your objections, we will continue to do so, and we will inform you of the reasons. You also have a right to object to us using your information for direct marketing. This means we must stop using your information if you object.
- restrict the processing of your information for example when you challenge the accuracy of the data, we hold on you and we are verifying that data.
- request portability of your information. This means you have a right to receive the information you provided to us in a way that is accessible and machine-readable. You also have the right to ask us to transfer your information to another organisation if this is technically feasible.
- not to be subject to automated individual decision-making and profiling (known as automated processing) if the decision affects your legal rights or has an important effect on you in some other way.
- withdraw your consent at any time where we process your information on the basis of your consent. Please note that if you withdraw your consent, we may not be able to continue to provide you with our services. We will inform you of this at the time you withdraw your consent.
For further information on your rights please go to: https://ico.org.uk/your-data-matters/
10. RIGHT TO OBJECT AND COMPLAIN
You have the right to object to your information being used in some or all of the ways as described in this Privacy Notice. Please contact our LMC Compliance Lead should you have any questions or issues with the use of your information as described here.
You have the right to complain about the management of your information. In the first instance please refer your complaint to the LMC Compliance Lead as detailed above. If you remain dissatisfied with our response you may complain to the ICO https://ico.org.uk/global/contact-us/
11. PASTORAL CARE
Part of the LMCs’ function is to provide pastoral care to constituent GPs within Hampshire and the Isle of Wight, Dorset, Wiltshire, Swindon, BaNES and the Channel Islands. The service is led by our Medical Directors.
What we do with your information:
If you contact the GPSD email, a small team of administrators monitor this. It is checked by one administrator per day. They will pass on emails to a Medical Director. Either the administrator or the Medical Director will then make contact with you either by email or by telephone if you have provided this information to make an appointment with a Medical Director to discuss your needs further.
You are likely to be offered telephone or face to face support. The Medical Director may make notes to help identify the support you need for your situation.
Any notes will be disposed of securely (via shredding)
Outbound email correspondence will be kept in line with our privacy notice if it does not contain any personal sensitive information.
If it is deemed to contain sensitive information then the email will be deleted off our system after being sent. We will retain the information in a password protected word file, personal to you, accessed only by the Medical Directors. These will be kept for 6 months after your last contact and then deleted unless it is felt to be ongoing or there are exceptional circumstances.
We keep a list of those who have accessed the service on a spreadsheet on Teams only accessible by the Medical Directors in order to be able to monitor numbers accessing the service, support signposted so we can assess needs and to collect feedback.
You may be contacted by an administrator with regards to collecting feedback via a survey but they would have no knowledge of your case.
12. IF ENGLISH IS NOT YOUR FIRST LANGUAGE
If English is not your first language, you can request a translation of this Privacy Notice. Please contact our LMC Compliance Lead.
13. COOKIES (GOOGLE ANALYTICS)
When visiting the LMC website www.wessexlmcs.org.uk , we have engaged the third party service of Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we want to collect personally identifiable information through our website, we will be up front about this and will make it clear when we collect information and, in this instance, will explain what we intend to do with it. We will ask for your consent to do this should we need to collect and do something different with any information where prior consent has not already been obtained.
Our website search facility is powered by FourteenFish. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific information is collected by either the LMC or any third party.
Our website contains hyperlinks to other third party websites. If you go to another website from our website it is important that you read the Privacy Notice on that website to find out what they do with your information. We take no responsibility legal or otherwise for the content or use of information, personal or otherwise, on other websites.
myLMC Bespoke Software
We use a bespoke software package called myLMC, supplied by a third party, to publish newsletters, send out mailings, process events/payments, elections, DBS Checks and to hold practice records and individual information. This software is hosted by FourteenFish and held securely on their server.
14. THIRD PARTY ENGAGEMENT / SUPPLIERS
Where we use third parties to process or use your information we ensure that we have a robust agreement in place which makes it clear that they must be compliant with the UK GDPR, the principles of Regulation (EU)2016/679 (General Data Protection Regulation), (where applicable) and any other relevant data protection legislation. We are clear that the information they may receive about you from us is only used in a manner consistent with the aims of the LMC and this Privacy Notice.
15. SECURITY AND STORAGE OF YOUR INFORMATION
We take the security of your information very seriously and we do everything we can to ensure that your information is always protected and secure. We regularly update our processes and systems and we also ensure that our staff are properly trained. We also carry out assessments and audits of the information that we hold about you and make sure that, if we provide any other services, we carry out proper assessments and security reviews.
In most circumstances, we hold your information electronically. It is password protected and held securely on either our internal computer systems or on a third party secure server. In some instances, your information can be accessed by mobile devices which are password protected.
Where paper records are retained, these are held securely in a locked filing cabinet within the LMC office, accessed by the LMC management and administration team only.
The LMC uses a third party service (FourteenFish) to help maintain the security and performance of the LMC website.
16. TELEPHONE RECORDINGS
We do not record any telephone calls you make to our offices. If you leave us an answerphone message with your details we will pass on your message to the relevant person as soon as we can. Your answerphone message will be deleted as soon as we have done this.
Please note that we have a CCTV system in place in 4 locations on the outside of the building, covering all access points and our car park. This is for the safety of our visitors/staff and, in particular, to record and evidence any serious incidents.
We operate this system in accordance with the Law and codes of practice issued by the Information Commissioners Office, as well as other regulatory bodies.
CCTV recordings are kept on a rolling basis according to available memory on the hard drive (4TB). These recordings are kept on average for 4 – 6 weeks. Recordings are kept on the equipment’s hard drive and relevant software is located on six PCs accessed by members of the administrative team within the LMC office.
CCTV is monitored daily and only authorised administrators have access.
The CCTV is intended to provide security for those working in, and accessing, the office and car park. Recordings are not destroyed, they are overridden by rolling use of the equipment’s hard drive memory which has a maximum of 4TB of storage.
The equipment has the ability to save recordings if required to do so but we will not keep images on CCTV for longer than is necessary.
Where recordings are viewed, this is done in a secure environment by the administrators who are authorised to do so.
If you believe your image has been captured on our CCTV, you have a right to see it. Please contact our LMC Compliance Lead, who will be able to assist with your enquiry.
18. CONTACTING YOU
We are obliged to protect any confidential information that we hold about you and we take this very seriously. It is imperative that you let us know immediately if you change any of your contact details so as to ensure that the information we hold about you is up to date and correct.
19. CHANGES TO OUR PRIVACY NOTICE
Please note that this Privacy Notice will be regularly reviewed and updated in line with current data protection legislation, regulations and guidance.
This Privacy Notice was last updated on 27 May 2021.