Privacy

Privacy and cookies policy

Introduction

This privacy policy describes how GPsurgery.net protects and makes use of the information held about you in regards the use of our website gpsurgery.net

If you are asked to provide information relating to this service, it will only be used as described in this privacy policy

This privacy policy may be updated from time to time.  All updates and amendments are effective immediately, and we encourage you to review this policy often to stay informed of changes.

If you have any question about this policy or the data we hold about you, please contact dpo@gpsurgery.net

Who We Are

Dewar Green Limited (Trading as GPsurgery.net)
The Butchery
Ashford Road
St Michaels
Tenterden
Kent TN30 6PR

ICO Registration number Z2666032

You can contact us with queries

Via this website
By post at the above address
By telephone:  +44(0) 1580 762900
By email dpo@gpsurgery.net

The information we collect and how we use it

We are committed to safeguarding and preserving the privacy of our visitors. You may visit this site as often as you like without providing any information such as your name, address or email address. Certain services provided via the site, as detailed below, do however require the provision and processing of personal data.

Contacting us

By using our online form, you will be asked to provide the following:
Title
First Name
Surname
Email Address
Practice Name
Telephone Number

This information is used for the sole purpose of contacting you to describe and sell our services. By sending us a message using the online form, you consent to the use of your details for this purpose and accept GPsurgery.net may respond to you using the contact details provided.

By contacting us via email
Title
First Name
Surname
Email Address
Practice Name
Telephone Number

This information is used for the sole purpose of contacting you to describe and sell our services. By sending us a message by email, you consent to the use of your details for this purpose and accept GPsurgery.net may respond to you using the contact details provided.

By continued use of the website, the following information will be collected and shared with a third party, which is also subject to their privacy policy that can be found here:

Google Privacy Policy

The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services to improve the user experience.

Our usage of your data for delivering GPsurgery.net services

We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters.

Providing your personal data to others

We hold your data on services run by Dewar Green Limited.  This includes sub processors that act on our written instruction as Data Controller.

  • Freshworks Ltd for purposes of technical support
  • WP Engine for purposes of receiving sales and technical requests
  • Google Analytics for purposes of improving website navigation
  • Google G Suite for communication purposes
  • Xero for accounting purposes
  • Mailchimp for system updates and announcements

Retaining and deleting personal data

This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

We will retain your personal data as follows:

Your personal or company contact details will be retained for a minimum period of three years following the date you stop receiving services from us.

Security of personal data

Your data is stored in UK data centres.  It is encrypted when stored, and in transit such as when you submit a form to us.

You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password.

Access to information

In accordance with the Data Protection Act 2018 you have the right to access any information that we hold relating to you and Dewar Green Limited shall charge no fee for the processing of this request. You can make a request by emailing dpo@gpsurgery.net. If the nature of the request is unusually complex, way may write to you to explain this may delay our response. We may also charge a reasonable fee to complete the request in full if it is prohibitively time-consuming. We will explain these costs and will only be for the effort of meeting the data request.

Correcting your data

At any time, you may contact us to request your data be corrected if you believe it to be incorrect. To do so, contact us at dpo@gpsurgery.net and include who you are, and what type of data you believe needs to be corrected. To protect your data, as part of this activity we may need to ask you for identifying documents to confirm who you are.

Erasure of Data

Also known as “The Right to Be Forgotten”. You have a right to have your data erased if:

  • The personal data is no longer necessary for the purpose which we originally collected or processed it for;
  • We are relying on consent as our lawful basis for holding the data, and you withdraw your consent – we will specifically mention if we rely on consent;
  • We are processing the personal data for direct marketing purposes and you object to that processing – we will specifically mention if we will use your data for direct marketing;
  • We are determined to have processed the personal data unlawfully;

There may be times when we are unable to comply with your request, such as having to do it to comply with a legal obligation

To request erasure of your data, please email dpo@gpsurgery.net, and include the types of data about you that we need to erase, and the reason from the above list that you believe relates to the requirement for us to erase your data. To protect your data, as part of this activity we may need to ask you for identifying documents to confirm who you are.

Restriction of processing

You have the right to request that we restrict processing your data if:

  • You contest the accuracy of your personal data and we are verifying the accuracy of the data;
  • The data has been unlawfully processed (i.e. in breach of the lawfulness requirement of the first principle of the GDPR) and the individual opposes erasure and requests restriction instead;
  • We no longer need the personal data, but you need us to keep it in order to establish, exercise or defend a legal claim; or
  • You have objected to us processing your data under Article 21(1), and we are considering whether our legitimate grounds override yours.

To place such a request please email dpo@gpsurgery.net, and include the types of data about you for which we need to restrict processing. To protect your data, as part of this activity we may need to ask you for identifying documents to confirm who you are.

Objecting to processing

You have the right to object to:

  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • Direct marketing (including profiling); and
  • Processing for purposes of scientific/historical research and statistics.

For an objection against the first point, you must provide a reason relating to your own situation that warrants an objection to the processing. In the case of legitimate reason, we must stop processing the personal data unless:

  • We can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the person objecting; or
  • The processing is for the establishment, exercise or defence of legal claims.

For an objection against processing for direct marketing, we must stop processing your data.

For an objection against processing for scientific/historical research and statistics, you must provide a reason relating to your own situation that warrants an objection to the processing. In the case of legitimate reason, we must stop processing the personal data unless the processing is necessary for the performance of a public interest task.

The object to processing, please email your request to dpo@gpsurgery.net, and include your objection, reason for objecting, and the types of data about you that you object to the processing of. To protect your data, as part of this activity we may need to ask you for identifying documents to confirm who you are.

Automated decision making

This notice identifies any instances of automated decision making that is related to the processing described.

How we respond to requests to exercise your rights to your personal data

We are required by law to comply with your requests. In certain circumstances, however, we have the right to reject such a request.

We may refuse to comply with a request for erasure if it is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.

In such a case that we consider a request is manifestly unfounded or excessive we can:

  • Request a “reasonable fee” to deal with the request; or
  • Refuse to deal with the request.

In either case we must justify your decision and will inform you of our reasons for doing so.

Any such fees will be based on the administrative costs of complying with your request. If we decide to charge a fee, we shall contact you promptly and inform you of such. We do not need to comply with the request until we have received the fee.

Lodging a complaint about handling of your data

If you believe you have an issue with how your data is being processed, we would encourage you to contact us first, putting your complaint in writing to dpo@gpsurgery.net. We will take any such complaints seriously and do our best to resolve them.

Under the EU General Data Protection Regulation 2016 you have the right to lodge a complaint with the supervisory authority (the organisation responsible for enforcing data protection in your country) applicable to you. If you are a UK resident, your supervisory authority is the Information Commissioner’s Office (or ICO). You can find more details about how to do this on the ICO’s website, here: https://ico.org.uk/concerns/

Cookies

About cookies

  • A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
    • Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
    • Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Cookies that we use

  • We use cookies for the following purposes:
    • security – we use cookies as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;
    • analysis – we use cookies to help us to analyse the use and performance of our website and services; and
    • cookie consent – we use cookies to store your preferences in relation to the use of cookies more generally.

Cookies used by our service providers

  • Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
    • We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://www.google.com/policies/privacy/. The relevant cookies are: _ga (persistent cookie 2 years) and _gid (persistent cookie 1 day),, _gat (temporary cookie) _gat_cqcTracker (temporary CQC cookie) .
    • We use CloudFlare to DNS Hosting. This service uses cookies for our website security, speed enhancements and robust service delivery . You can view the privacy policy of this service provider at https://www.cloudflare.com/security-policy. The relevant cookies are: __cfduid.

Managing cookies