Privacy Notice

 

 

 

Introduction

The Avenue Medical Centre is part of the NHS and is committed to protecting your privacy and keeping your personal information secure. This notice explains how we collect, use, and share your information in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Your information is important in helping us provide you with safe, effective, and high-quality healthcare.

Who We Are

The Avenue Medical Centre
51-53 Victoria Avenue,

Blackley

Manchester

M9 6BA
0161 720 9441
Website: Homepage - The Avenue Medical Centre

We are the data controller for your personal data.

How We Collect Information About You

We collect information about you in a number of ways:

• When you register with the practice
• When you consult with a GP, nurse, or other healthcare professional
• From other NHS organisations (e.g. hospitals, community services)
• From third parties (e.g. carers, relatives, or social services where appropriate)
• Through online services such as the NHS App or eConsult services

What Information We Collect

We may collect and process:

• Personal details (name, address, date of birth, NHS number)
• Contact details (phone number, email address)
• Medical records (diagnoses, treatments, test results, medications)
• Appointment and consultation details
• Information about your care from other organisations
• Relevant information from people who care for you

How We Use Your Information

We use your information to:

• Provide direct healthcare and treatment
• Manage and coordinate your care
• Refer you to other services
• Communicate with you about appointments and services
• Maintain accurate and up-to-date records
• Support NHS planning and service improvement
• Meet legal and regulatory requirements

Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Article 6(1)(e) – Task carried out in the public interest
• Article 9(2)(h) – Provision of health or social care

We may also process data where required by law (e.g. safeguarding or public health).

How We Share Your Information

We may share your information with other NHS and partner organisations where it is necessary for your care or required by law, including:

• GP practices (if you move practice)
• NHS hospitals and trusts
• Community and mental health services
• Pharmacies
• Ambulance services
• Local authorities and social care services
• Integrated Care Boards (ICBs)
• NHS England
• Screening services

 

Your information may also be shared via shared care records used across local NHS services to improve coordination of care.

We only share the minimum necessary information and ensure it is done securely.

Recruitment

 

We collect and process personal data relating to our employees, workers, contractors, and job applicants (“staff data”) for the purposes of recruitment, personnel administration, and business management. This may include contact details, employment history, qualifications, right-to-work documentation, payroll and tax information, performance records, and, where necessary, special category data such as health information for occupational health and legal compliance. We use this information to assess suitability for roles, manage employment relationships, fulfil contractual obligations, comply with legal requirements, and protect our legitimate business interests. Staff data is shared only with authorised personnel and, where appropriate, with third-party service providers such as payroll processors, recruitment platforms, and professional advisers, under strict confidentiality and security measures. We retain this data only for as long as necessary in line with our retention policy and applicable laws. Individuals have rights over their personal data, including the right to access, rectify, and, in certain circumstances, erase or restrict processing.

National Data Opt-Out

The NHS uses anonymised patient data to improve services and plan care.

You can choose whether your confidential patient information is used for research and planning by opting out via the National Data Opt-Out service. This does not affect your individual care.

How We Keep Your Information Safe

We are committed to keeping your information secure. We use:

• Secure NHS IT systems
• Access controls and role-based permissions
• Staff training and confidentiality agreements
• Regular audits and monitoring

How Long We Keep Your Information

We follow NHS Records Management Code of Practice. GP records are generally retained for:

• 10 years after death or after a patient leaves the UK permanently

Your Rights

You have the right to:

• Request access to your records (Subject Access Request)
• Request correction of inaccurate information
• Request restriction of processing (in certain circumstances)
• Object to certain types of processing
• Request a copy of your data in a portable format (where applicable)

 

Data Protection Officer

We have a Data Protection Officer (DPO) to oversee data protection compliance.

Data Protection Officer
Manchester ICB

Name: Carolyn Heaney - carolyn.healey@nhs.net

Complaints

If you are unhappy with how we handle your data, you can contact:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113

Changes to This Privacy Notice

We may update this notice from time to time. The latest version will always be available on our website and in the practice.