Privacy Policy

Who we are

Virtually is the brand name of Archway Medical Centre’s online consultation service. When you register through Virtually you will be registering with Archway Medical Centre whose address is 652, Holloway Road, London N19 3NU. It is an NHS GP Practice registered with the Care Quality Commission https://www.cqc.org.uk/location/1-547846390?referer=widget3#accordion-1

Your data will be controlled by Archway Medical Centre and is held in three ways:
– on their clinical system EMIS
– in their module on this platform
– on NHS paper records known as a Lloyd George folder

You can obtain copies of any of your records by calling Carole Hubbard, Assistant Manager of Archway Medical Centre whose direct line is 020 7561 5856 or calling the patient support desk on 020 7263 8380. You may prefer to use the form “Request your medical records” in the administration section of your dashboard.

This website is run by Virtually Health Systems Ltd whose registered office is 652, Holloway Rd. London N19 3NU. VHS Ltd is a data processer. Its employees have no access to your data.

1. Introduction

The Data Protection Regulations in the UK include two key pieces of law:

• The Data Protection Act 2018

• The UK GDPR which was adapted from the EU version at Brexit and now applies to processing for people based in the UK

There are other regulations in specific areas which need to be taken into account. This Privacy Notice has been written within the legislative framework as at May 2022. It will be revised as the framework and case law change. This notice was last updated May 2022.

2. What is this Privacy Notice about?

This Privacy Notice is part of the information to data subjects about how personal data is used. Being transparent and providing accessible information to individuals about how organisations will use their personal information is a key element of Data Protection Regulations.

This Privacy Notice is part of our programme to make the data processing activities we are carrying out in order to meet our healthcare obligations transparent.

The Privacy Notice tells you about information we collect and hold about you, the legal basis for collecting and holding the information, what we do with it, how we keep it secure (confidential), who we might share it with and what your rights are in relation to your information.

3. Who we are

Your data will be controlled by Archway Medical Centre and is held in three ways:

– on their clinical system EMIS

– in their module on this platform

– on NHS paper records known as a Lloyd George folder

This website is run by Virtually Health Systems Ltd whose registered office is 652, Holloway Rd. London N19 3NU. VHS Ltd is a data processer. Its employees have no access to your data.

This privacy policy sets out how Virtually uses and protects any information that you give us when you use our online consultation module. We are committed to ensuring that your privacy is protected. Any identifying information we ask you to provide will only be used in accordance with this privacy statement.

4. Types of information we use

We use the following types of information/data:

· Personal data or sensitive personal/special categories of personal data such as:

Ø demographics – name, address, date of birth, postcode, NHS number

Ø racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, medical/health data, sexual life or sexual orientation data.

· Pseudonymised – about individuals but with identifying details (such as name or NHS number) replaced with a unique code.

· Anonymised – about individuals but with identifying details removed.

· Aggregated – anonymised information grouped together so that it doesn’t identify individuals.

5. What we use your personal data and special categories of personal data (known as or sensitive personal) for

We use and share information about you in a number of ways. These include:

Primary uses – information from your GP medical record which can be made available to other NHS and public sector organisations, including doctors, nurses and care professionals in order to help them make the best informed decision, and provide you with the best possible direct care delivery.

Secondary uses – information from your GP medical record involves extracting identifiable data and (usually) sharing that data with other NHS organisations, for the purpose of indirect care. Examples include using your information for research, auditing, and healthcare planning (population health management). A national opt-out for some secondary uses exists for your data – please see section 15 below.

6. Identity and Contact details of the Data Controller and Data Protection Officer

Practice Contact Details

ARCHWAY PRIMARY CARE TEAM, ARCHWAY MEDICAL CENTRE. 652 HOLLOWAY ROAD LONDON N19 3NU. Email igpf.dpo@nhs.net or phone 0207 272 0111

Practice ICO Reference Number: Z804312X

Data Protection Officer

You can contact the data protection officer by post at the practice address, addressed for the attention of the Data Protection Officer.

The Data Protection Officer service is provided across NCL practices by:

Name: Steve Durbin Email: dpo.ncl@nhs.net

Please quote the practice name in any communication.

7. Organisations we share your your personal information with

We share information about you with other GPs, NHS acute or mental health Trusts, local authorities, community health providers, pharmacists, commissioning organisations, medical research organisations and some specific non-NHS organisations for the purposes of direct and indirect care delivery of care. If you would like a copy of the practice’s Information sharing protocol please raise a support ticket on Helpdesk on your Virtually dashboard or call 0207 272 0111.

We are required under the law to provide you with the following information how we process your personal data, the purpose of proposing, recipient/categories of your personal data, the identity of our Data Protection Officer (DPO), how long we retain personal information about you, the legal basis and justification for the processing, and your right to view, request access copies of your personal information, or object to the processing.

Included below is a table of the organisations we share information about you with split into the following categories. In all cases, the data controller and Data Protection Officer (DPO) are as listed in section 6 above: a. Direct Medical Care and Administration b. Other primary care services delivered for the purposes of direct care c. Statutory Disclosures of Information d. Processing for the Purposes of Commissioning, Planning, Research and Risk Stratification e. Data Sharing Databases f. Data Processors

Your consent

Whenever you submit information in Virtually’s module on this site, you consent to the collection, use, and disclosure of that information in accordance with those Terms of Use and this Privacy Policy.

NHS Login

Please note that if you access our service using your NHS login details, the identity verification services are managed by NHS Digital. NHS Digital is the controller for any personal information you provided to NHS Digital to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose. For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS Digital (as the “controller”) when verifying your identity. To see NHS Digital’s Privacy Notice and Terms and Conditions, please click here. This restriction does not apply to the personal information you provide to us separately.

What we collect

We may collect the following information:

Your email address
Your chosen password (which will always be encrypted)
Personal information, such as your postcode, your home address
Your age/date of birth
Your sex
Previous GP details
NHS number
Telephone number
a picture of your government-issued photo ID

Call recordings

Like many GP surgeries, the Archway Medical Centre uses the X-On phone system. This is a cloud-based phone system which allows us to manage our call volume, easily call our patients back, and also enables our staff to work remotely.

X-On automatically records incoming and outgoing calls, and we have a warning to this effect which is played to all incoming callers. All call recordings are strictly confidential. Call recordings form part of your patient record; as such, you are entitled to request access to call recordings which are a part of your medical record.

After 36 months, all call recordings are automatically, and permanently, destroyed. As Virtually calls are recorded on the Virtually platform, this notice only applies to you if you call our surgery directly, or when you are contacted by a non-clinical member of our surgery staff.

What we do with the information we gather

We will never pass on your information unless you specifically consent to us doing so or we are specifically required to by law. We only use it in your healthcare, to understand your health and healthcare needs and provide you with a better service, and in particular:

for internal record keeping
to improve our services and email you messages related to your health or healthcare
to offer you relevant information based on your location
to present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in keeping you informed of our services subject to your right to opt-out at any time.

As part of providing you with high-quality preventative health care, we may contact you by SMS, email and/or other means to offer you helpful or important information about your care – this may include invitations to make in-person appointments.

Lawful basis for processing your information

We are required by law to tell you the legal basis that we are using for processing and using your
data. These are GDPR articles 6 (1) (e) and 9 (2) (h):

6 (1) (e):
“processing is necessary for the performance of a task carried out in the public interest or in
the exercise of official authority vested in the controller”
9 (2) (h):
“processing is necessary for the purposes of preventive or occupational medicine, for the
assessment of the working capacity of the employee, medical diagnosis, the provision of
health or social care or treatment or the management of health or social care systems and
services”

If you would like more information on these, please contact Carole Hubbard.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical and electronic procedures to safeguard and secure the information we collect online.

Passive information collection

As you navigate through this site, certain anonymous information can be passively collected (that is, gathered without your actively providing the information) using various technologies, such as cookies* and other navigational data collection (such as server logs). Your internet browser automatically transmits to this site some of this anonymous information, such as the URL of the website you just came from and the IP address and the browser version your computer is currently using.

This helps us analyse data about our site traffic, so we can improve Virtually and tailor it more to our members’ needs. All information is anonymous and only used for operational purposes.

*A cookie is a small file which “asks permission” to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of our website. Read more about our Cookies Policy.

Links to other websites

Our website may contain links or references to other websites e.g. the NHS site to which this Privacy Policy does not apply. If you click on these links to leave our site, you should note that we cannot be responsible for the protection and privacy of any information you provide whilst visiting those sites, nor can we be held responsible for the accuracy of this content. We suggest you always look at the privacy statement of any other website you visit.

Controlling your personal information

You may choose to change or restrict the use of your personal information by going to your Profile and amending your registration details.

We will not give your personal information to third parties unless we have your permission or are specifically required to by law.

You may ask us to provide details of the personal information we hold about you, under the Data Protection Act 1998. To request this information, please call Carole Hubbard, Assistant Manager of Archway Medical Centre whose direct line is 020 7561 5856 or call the patient support desk on 020 7263 8380. You may prefer to use the form “Request your medical records” in the administration section of your dashboard.

If you believe that any information we are holding on you is incorrect or incomplete, please contact us using the ‘Message to Practice’ form in the administration section of your dashboard as soon as possible. We will, of course, happily correct any information that’s found to be incorrect.

Content of consultations

All clinical conversations and content entered within consultations remains confidential and will not be accessible by Virtually Health Systems Ltd staff members. However, Virtually clinical staff who are employed and managed by Archway Medical Centre will access consultation information, for legitimate healthcare reasons.

Cookies

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

COVID-19 supplementary information

14 June 2020. This notice describes how we may use your information to protect you and others during the Covid-19 outbreak. It supplements our main Privacy Notice.

The health and social care system is facing significant pressures due to the Covid-19 outbreak. Health and care information is essential to deliver care to individuals, to support health and social care services and to protect public health. Information will also be vital in researching, monitoring, tracking and managing the outbreak. In the current emergency it has become even more important to share health and care information across relevant organisations.

Existing law which allows confidential patient information to be used and shared appropriately and lawfully in a public health emergency is being used during this outbreak. Using this law the Secretary of State has required NHS Digital; NHS England and Improvement; Arm’s Length Bodies (such as Public Health England); local authorities; health organisations and GPs to share confidential patient information to respond to the Covid-19 outbreak. Any information used or shared during the Covid-19 outbreak will be limited to the period of the outbreak unless there is another legal basis to use the data. Further information is available on gov.uk here.

During this period of emergency, opt-outs will not generally apply to the data used to support the Covid-19 outbreak, due to the public interest in sharing information. This includes National Data Opt-outs. However, in relation to the Summary Care Record, existing choices will be respected. Where data is used and shared under these laws your right to have personal data erased will also not apply. It may also take us longer to respond to Subject Access requests, Freedom of Information requests and new opt-out requests whilst we focus our efforts on responding to the outbreak.

In order to look after your health and care needs, we may share your confidential patient information including health and care records with clinical and non-clinical staff in other health and care providers, for example neighbouring GP practices, hospitals and NHS 111. We may also use the details we have to send public health messages to you, either by phone, text or email.

During this period of emergency, we may offer you a consultation via telephone or videoconferencing. By accepting the invitation and entering the consultation you are consenting to this. Your personal/confidential patient information will be safeguarded in the same way it would with any other consultation.

We will also be required to share personal/confidential patient information with health and care organisations and other bodies engaged in disease surveillance for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the outbreak. Further information about how health and care data is being used and shared by other NHS and social care organisations in a variety of ways to support the Covid-19 response is here.

NHS England and Improvement and NHSX have developed a single, secure store to gather data from across the health and care system to inform the Covid-19 response. This includes data already collected by NHS England, NHS Improvement, Public Health England and NHS Digital. New data will include 999 call data, data about hospital occupancy and A&E capacity data as well as data provided by patients themselves. All the data held in the platform is subject to strict controls that meet the requirements of data protection legislation.

In such circumstances where you tell us you’re experiencing Covid-19 symptoms we may need to collect specific health data about you. Where we need to do so, we will not collect more information than we require, and we will ensure that any information collected is treated with the appropriate safeguards.

We may amend this privacy notice at any time so please review it frequently. The date at the top of this page will be amended each time this notice is updated.

gp practice

contraception

physiotherapy

sexual health

Diet and Weight Loss

dermatology

Mental Health Sign Posting

About Us

FAQ

Contact Us

Work For Us

How It Works

Useful Information

Carer Support