SurgeryWeb are the suppliers of this practice website and takes privacy and security very seriously, especially when it comes to personal information.
Our website may contain links to other websites, which are provided for your convenience. We are only responsible for the privacy practices and security of this website and not external websites. You should therefore check any other linked website’s privacy policies.
If you have any questions about this policy or the data we hold about you, please contact the practice.
Users may visit our website and use it as often as they like without providing any information, however certain services provided via the website do require the processing of personal data.
The processing of personal data is performed by SurgeryWeb who act as Data Processors on behalf of the Practice and the Data Processing Agreement can be seen here: https://sothall.net/data-processing-agreement
Our website contains a contact form which collects information such as your name, email address, telephone number and practice name. This information is used for the sole purpose of contacting you to answer any questions you may have about our services. By submitting the contact form online, you consent to the use of your details for this purpose.
Our website may also contain other online forms which collect information such as your name, date of birth, NHS number, address and postcode, telephone number, email address and other health related data. This information is used for the sole purpose of what the respective form is created for, and by submitting each form online, you consent to the use of your details for this purpose.
A data flow of the form submission process can be seen here: Data Flow
The Practice will retain your personal data as long as it is required for the purpose for which the data is collected. Any data submitted via online forms are also retained on the web hosting server for a period of time specified by the practice, default period is 30 days. Backups of this data is stored by SurgeryWeb for a maximum period of 14 days at which time this data is auto-deleted.
Your data is held on a server provided by Catalyst2 and you can see more about their infrastructure and security here - https://www.catalyst2.com/about-us/infrastructure/
The data centre is UK based and all data is encrypted when stored and in transit such as when you submit a form to us. This website is https-secured which means communication between the users web browser and the server hosting this website is encrypted and cannot be intercepted en-route, this can be verified by the padlock icon in the address bar.
In accordance with the Data Protection Act 2018, you have the right to request a copy of the information that we hold about you, if you would like a copy of some or all of your personal information, please contact the practice.
You have the right to have your data erased if the personal data is no longer required for the purpose it was originally collected for, if we are processing the personal data for direct marketing purposes and you object to that processing, or if you believe we are processing your personal data unlawfully.
To request erasure of your personal data, please contact the practice.
If you have any issue with how your data is being processed, we would recommend you to contact us first, putting your complaint in writing to the practice. We take all complaints seriously and do our best to resolve them.
Under the EU General Data Protection Regulation 2016 you have the right to complain to the supervisory authority which in the UK is the Information Commissioners Office (ICO). You can find more details about how to do this on the ICO's website here: https://ico.org.uk/make-a-complaint/
This policy was last updated on 31/03/2023.