Office opening hours: 8.30am to 5.30pm Monday to Friday. Offices closed on Bank Holidays.
Home Menu Search

Wessex LMCs Privacy Policy

 

We understand how important it is to keep your information safe and secure and we take this very seriously. We have taken steps to make sure your information is looked after in the best possible way and we review this regularly.

Please read this Privacy Notice (‘Privacy Notice’) carefully, as it contains important information about how we use the information we collect, store and use about you.

1. WHY WE ARE PROVIDING THIS PRIVACY NOTICE

We are required to provide you with this Privacy Notice by Law. It explains how we use the information we collect, store and hold about you. If you are unclear about how we process or use your information, or you   have any questions about this Privacy Notice or any other issue regarding your information, then please contact our LMC Compliance Lead (see below).

          The Law says:

2. ABOUT US

We are Wessex Local Medical Committees Ltd, (‘the LMC’) registered office situated at Wessex Local Medical Committees Ltd, Churchill House, 122-124 Hursley Road, Chandler’s Ford, Eastleigh, Hampshire, SO53 1JB, company number 05970383.

Wessex Local Medical Committees is the statutory representative body for GPs and their Practices, operating across the counties of Dorset, Hampshire, the Isle of Wight, Bath and North East Somerset, and Wiltshire. We also provide services to the Islands of Jersey and Guernsey.  We exist solely to represent, advise, and support GPs and their Practices.

We are the Data Controller of your information.

There may be times where we also process your information.

This means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors.

The purposes for which we use your information are set out in this Privacy Notice.

3. LMC COMPLIANCE LEAD

The LMC Compliance lead is Lisa Harding, Director of Primary Care.

Email: lisa.harding@wessexlmcs.org.uk .             

Telephone Number: 023 8025 3874.

Contact the LMC Compliance Lead if:

4. WHAT INFORMATION WE COLLECT ABOUT YOU

We record your name, role, contact details (including, emails, addresses, practice address, telephone number), GMC number (if you are a GP), date of birth (if you are a GP), gender/sex, contacts with the LMC office.  This may include email correspondence, letters, details of event bookings and summaries of telephone conversations.  This may relate to mailings sent by the LMC, individual advice /support, and pastoral support.  This information is held securely and confidentially.

If you are Committee or Secretariat member we will, in addition to the above information, collect your national insurance number, your financial details including your bank account and your sort code for the purpose of paying you.

5. WHY WE USE YOUR INFORMATION

To communicate with you as constituent GPs, Committee and Secretariat members, practice managers and other members of the wider practice team in order to gather and disseminate knowledge, advice and bespoke information.  This is part of your membership offering by the LMC.

All information collected will only be used for the legitimate purpose of fulfilling the LMCs’ function. This shall include sending you information such as bulletins, newsletters, mailings, elections on behalf of the LMC / CCGs / Federations/PCNs/the BMA (GPC), pastoral care, events/training, bespoke information and guidance be it on a locality, practice or individual level, surveys, DBS checks, levy collections.

Our Values Reporting

We offer a dedicated email address for the confidential reporting of unacceptable behaviours under our ‘Our Values’ Charter.  This is managed by Lisa Harding, Director of Primary Care, who is responsible for convening a small group to consider any matters submitted.  The membership of the group is determined by the named person (Lisa Harding) as those most appropriate to discuss the matter confidentially and the group will be chaired by the Chair of the Secretariat or a Committee Chair/Vice-Chair, as appropriate. No minutes will be taken of the meeting and confidentiality will be maintained.  The named person will update the Secretariat with a spreadsheet to include the date the issue was raised, how the issue was raised, when it was discussed by the group, the outcome, when the outcome was fedback to the reporter and any learning or changes made as a result.

An anonymous report of unacceptable behaviour under the ‘Our Values’ charter may also be made via an online form, hosted on Sharepoint and available to the whole LMC family.  The named person will check for reports weekly and will follow the same process as set out for the dedicated email address reports, however, it will not be possible to feedback to the reporter as the form takes no personal details, such as name or contact.

Teams and Zoom

We record events/webinars and meetings for the purposes of uploading events/webinars to our website and ensuring that meeting invitees can listen to meetings if they have not been able to attend them live or to ensure that minutes of meetings are recorded accurately.  You will be informed if a recording is to be made and your consent for the recording to be made will be sought.  All recordings will be deleted in line with our Retention and Disposal Policy.

WhatsApp Group

From time to time, we will utilise the Committee WhatsApp group to be used by the office team and Committee members as a means of communication. We will always ask for consent to add members to the group and you may opt to leave the group at any time by notifying the Business Manager.  Anyone leaving the organisation or standing down from a Committee will be automatically deleted from all WhatsApp groups.

6. LEGAL BASIS FOR USING YOUR INFORMATION

The law states that we must collect your information in accordance with a legal basis. 

We will only use any information that you provide in accordance with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (“UK GDPR”), the Data Protection Act 2018 and any other relevant legislation, regulation, code of practice or guidance.

The legal basis for using your information is as follows;

  1. Under UK GDPR Article 6(1) (a) ‘the data subject has given consent to the processing of his or her personal data for one or more specific purposes’
  2. Under UK GDPR Article 6(1) (c) ‘processing is necessary to comply with a legal obligation to which the controller is subject’
  3. Under UK GDPR Article 6(1) (e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’
  4. Under UK GDPR Article 6(1) (f) ‘processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child’

Where you have given your consent for us to use your information you have the right to withdraw your consent at any time.

Committee and Secretariat members

If you are a Committee or Secretariat member the legal basis for processing your information is:

a)  Under UK GDPR Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’  

b)  Under UK  GDPR Article 6(1) (c) ‘processing is necessary for compliance with a legal obligation to which the controller is subject’

c)  Under UK GDPR Article 6(1) (e) ‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’

Where we process any special category/sensitive information the legal basis is as below.

Suppliers and/or Contractors

Where we use your services pursuant to a contract we have with you, the legal basis for processing your information is:

Under UK GDPR Article 6 (1) (b) ‘Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract’

Special category/sensitive information

The Law provides special protection for certain kinds of information that is particularly sensitive.

This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, and trade union membership.

In addition to establishing a legal basis for processing your information under Article 6 of the UK GDPR as set out above, where we process special category data belonging to you, we must also identify a separate condition for processing under Article 9 of the UK GDPR. These special category conditions are:

a)  Under UK  GDPR Article 9(2) (b) ‘processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by domestic law or a collective agreement pursuant to domestic law providing for appropriate safeguards for the fundamental rights and the interests of the data subject’

b)  Under UK  GDPR Article 9(2) (d) ‘processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects’

Where you have provided us with your explicit consent the special category condition is:

 c)  Under UK Article 9(2) (a) ‘the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where domestic law provides that the prohibition referred to in paragraph 1 may not be lifted by the data subject’

7. HOW LONG WE RETAIN YOUR INFORMATION

Your information will be retained in line with current law, national guidance and our current Information Retention and Disposal Policy. However, we do not keep your information any longer than we consider reasonably necessary.

8. WHO WILL YOUR INFORMATION BE SHARED WITH

Where we do ask for your information this is to ensure we provide you with information that we believe is important to your membership of the LMC.

We may pass on your information if we have a legal obligation to do so, otherwise, we will not share your information with other organisations for market research or commercial purposes and we will not pass on your details to other websites.

There may also be occasions where we may provide information about you in an anonymised form. If we do so, then none of the information we provide to any other party will identify you as an individual and cannot be traced back to you.

Your information may be shared with third parties (for example CCGs, Federations) for the following purposes:-

Elections:  The use of email addresses held on the LMC system may be used for locality / CCG / Federation / PCN and BMA  (GPC) election purposes or for internal committee elections.

DBS Checks:  The use of application details and proof of ID are shared between the practice and the LMC office in order to complete and forward DBS checks for processing by the Disclosure and Barring Service Government Agency.

Levy Collections:  Practice name and patient population details will be shared between the LMC and CCGs in order to process levy collections be them statutory or voluntary.  Where voluntary, relevant mandates are held by the LMC and shared with the CCG.

Training/Events:  Delegate details will be provided to trainers in order to verify their attendance at an event the delegate has booked on to.

Sponsorship:  Delegate lists (excluding personal information) will be shared with event sponsors.

General Support:  Where we have your explicit consent, on a case by case basis, your details may be shared with GP Supporters, PM Supporters, PM Caretakers and Pastoral Support Agencies. 

Honoraria:  If you are a Committee or Secretariat member, your information will be processed via the Quickbooks payroll system in order to pay honoraria and will be provided to HMRC for tax purposes.

Direct Marketing

We will not share your information for marketing purposes unless we have your consent. 

Education / Training

As part of the ongoing service the LMC provides to practices, training and education mailings will be disseminated to relevant contacts on our database from time to time.

9. YOUR DATA PROTECTION RIGHTS

You have the right to:

For further information on your rights please go to: https://ico.org.uk/your-data-matters/

 10. RIGHT TO OBJECT AND COMPLAIN

You have the right to object to your information being used in some or all of the ways as described in this Privacy Notice. Please contact our LMC Compliance Lead should you have any questions or issues with the use of your information as described here. 

You have the right to complain about the management of your information.  In the first instance please refer your complaint to the LMC Compliance Lead as detailed above.  If you remain dissatisfied with our response you may complain to the ICO  https://ico.org.uk/global/contact-us/

11. PASTORAL CARE

Part of the LMCs’ function is to provide pastoral care to constituent GPs within Hampshire and the Isle of Wight, Dorset, Wiltshire, Swindon, BaNES and the Channel Islands. The service is led by our Medical Directors.

What we do with your information:

If you contact the GPSD email, a small team of administrators monitor this. It is checked by one administrator per day. They will pass on emails to a Medical Director. Either the administrator or the Medical Director will then make contact with you either by email or by telephone if you have provided this information to make an appointment with a Medical Director to discuss your needs further.

You are likely to be offered telephone or face to face support. The Medical Director may make notes to help identify the support you need for your situation.

Any notes will be disposed of securely (via shredding)

Outbound email correspondence will be kept in line with our privacy notice if it does not contain any personal sensitive information.

If it is deemed to contain sensitive information then the email will be deleted off our system after being sent. We will retain the information in a password protected word file, personal to you, accessed only by the Medical Directors. These will be kept for 6 months after your last contact and then deleted unless it is felt to be ongoing or there are exceptional circumstances.

We keep a list of those who have accessed the service on a spreadsheet on Teams only accessible by the Medical Directors in order to be able to monitor numbers accessing the service, support signposted so we can assess needs and to collect feedback.

You may be contacted by an administrator with regards to collecting feedback via a survey but they would have no knowledge of your case.

12. IF ENGLISH IS NOT YOUR FIRST LANGUAGE

If English is not your first language, you can request a translation of this Privacy Notice. Please contact our LMC Compliance Lead.

13. COOKIES (GOOGLE ANALYTICS)

When visiting the LMC website www.wessexlmcs.org.uk , we have engaged the third party service of Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we want to collect personally identifiable information through our website, we will be up front about this and will make it clear when we collect information and, in this instance, will explain what we intend to do with it.  We will ask for your consent to do this should we need to collect and do something different with any information where prior consent has not already been obtained.

Search Engine

Our website search facility is powered by FourteenFish. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific information is collected by either the LMC or any third party. 

Hyperlinks

Our website contains hyperlinks to other third party websites.  If you go to another website from our website it is important that you read the Privacy Notice on that website to find out what they do with your information. We take no responsibility legal or otherwise for the content or use of information, personal or otherwise, on other websites.

myLMC Bespoke Software

We use a bespoke software package called myLMC, supplied by a third party, to publish newsletters, send out mailings, process events/payments, elections, DBS Checks and to hold practice records and individual information.  This software is hosted by FourteenFish and held securely on their server.          

14. THIRD PARTY ENGAGEMENT / SUPPLIERS

Where we use third parties to process or use your information we ensure that we have a robust agreement in place which makes it clear that they must be compliant with the UK GDPR, the principles of Regulation (EU)2016/679 (General Data Protection Regulation), (where applicable) and any other relevant data protection legislation.  We are clear that the information they may receive about you from us is only used in a manner consistent with the aims of the LMC and this Privacy Notice.

15. SECURITY AND STORAGE OF YOUR INFORMATION

We take the security of your information very seriously and we do everything we can to ensure that your information is always protected and secure. We regularly update our processes and systems and we also ensure that our staff are properly trained.  We also carry out assessments and audits of the information that we hold about you and make sure that, if we provide any other services, we carry out proper assessments and security reviews.

In most circumstances, we hold your information electronically. It is password protected and held securely on either our internal computer systems or on a third party secure server.  In some instances, your information can be accessed by mobile devices which are password protected. 

Where paper records are retained, these are held securely in a locked filing cabinet within the LMC office, accessed by the LMC management and administration team only.

The LMC uses a third party service (FourteenFish) to help maintain the security and performance of the LMC website.

16. TELEPHONE RECORDINGS

We do not record any telephone calls you make to our offices. If you leave us an answerphone message with your details we will pass on your message to the relevant person as soon as we can. Your answerphone message will be deleted as soon as we have done this.

17. CCTV

Please note that we have a CCTV system in place in 4 locations on the outside of the building, covering all access points and our car park. This is for the safety of our visitors/staff and, in particular, to record and evidence any serious incidents.

We operate this system in accordance with the Law and codes of practice issued by the Information Commissioners Office, as well as other regulatory bodies.

CCTV recordings are kept on a rolling basis according to available memory on the hard drive (4TB).  These recordings are kept on average for 4 – 6 weeks.  Recordings are kept on the equipment’s hard drive and relevant software is located on six PCs accessed by members of the administrative team within the LMC office.

CCTV is monitored daily and only authorised administrators have access.

The CCTV is intended to provide security for those working in, and accessing, the office and car park. Recordings are not destroyed, they are overridden by rolling use of the equipment’s hard drive memory which has a maximum of 4TB of storage.

The equipment has the ability to save recordings if required to do so but we will not keep images on CCTV for longer than is necessary.

Where recordings are viewed, this is done in a secure environment by the administrators who are authorised to do so.

If you believe your image has been captured on our CCTV, you have a right to see it. Please contact our LMC Compliance Lead, who will be able to assist with your enquiry.

18.   CONTACTING YOU

We are obliged to protect any confidential information that we hold about you and we take this very seriously. It is imperative that you let us know immediately if you change any of your contact details so as to ensure that the information we hold about you is up to date and correct.

19. CHANGES TO OUR PRIVACY NOTICE

Please note that this Privacy Notice will be regularly reviewed and updated in line with current data protection legislation, regulations and guidance.

This Privacy Notice was last updated on 27 May 2021.

About this page...

Updated on Tuesday, 22 June 2021 5645 views