Please choose one of the tabs below to view the practice policy…
General Data Protection Regulation (GDPR) 2018.
The General Data Protection Regulation (GDPR) comes in to force on 25 May 2018, superseding the Data Protection Act (1998).
Under the terms of the new GDPR, a privacy notice is required to explain to our patients what personal data is held about them, how it is collected, processed and who has access to it.
All businesses who collect data about people need to comply with the GDPR European legislation and will need to continue to adhere to it once the U.K. leaves the E.U.
For a full background on GDPR see the GDPR Website here. (https://www.eugdpr.org/)
2.0 Data Controller & Data Protection Officer
|Names of Data Controller||Dyfi Valley Health|
Dyfi Valley Health
Glantwymyn Health Centre
Phone: 01650 511 227
Dyfi Valley Health
Machynlleth Health Centre
Phone: 01654 702 224
|Data Protection Officer||Mr. James Bradbury-Willis|
The Digital Musketeer
The Old Library, Literary Institute
Seaview Terrace, Aberdovey
Gwynedd, LL35 0LL
Phone: 01654 767 737
3.0 Your Data
3.1 How we Collect Your Data
We collect your data when you willingly provide us with the required personal information whilst registering to become a patient at Dyfi Valley Health, via the Registration Questionnaire (14052018_v1) and NHS Wales Registration Form.
3.1.1 Information Collected by Other Resources
By registering with the practice in Section 3.1, you consent to your medical history from your previous practice(s) being sent to the practice. The provision of this information is essential in order that we can deliver personal care and medical treatment.
We often obtain information from hospitals, pharmacies and other medical practitioners to whom you will already have submitted your personal data.
3.2 What Data we Collect
Date of Birth
Your Medical History
Chronic Health Concerns
If you are a carer or cared for
Have a disability
Your ability to access the surgery
If you were in the armed forces
Family Medical History
Lifestyle (smoking / drinking)
3.3 Who Has Access to Your Data
Only specific, trained and required members of the Dyfi Valley Health clinical and non-clinical team has access to your data. Not all members of the team have access to all your data – only the clinical team does so. On occasions we may need to share your data in order to provide you with the best medical treatment – see Section 3.5.
We undertake at all times to protect your personal data in a manner which is consistent with the practice team’s duty of confidentiality and the requirements of the General Data Protection Regulation. We will also take all reasonable measures to protect your personal data stored in paper files and on our electronic system.
3.4 How we Use Your Data
|How Data is Used||Non-Clinical Team||Clinical Team|
Electronically File Medical Records
Provide Requested Test Results
Send Treatment Reminders
Send Clinic Reminders
|To Provide You with Care & Medical Treatment|
3.5 Sharing Your Data
We will keep information about you confidential and will only disclose any information with third parties with your permission, if it is in your interests to do so and when we are sure that the party with whom we are sharing information is a medical practitioner with whom you have already shared personal information. For example:
- Giving contact information to a physiotherapist or hospital which wishes to contact you regarding an appointment.
- With your written or verbal consent, we will share information about you with a carer.
- With express consent, Information shared with solicitors and insurance companies.
- With production of a court order, Information will be shared with legal agencies and the police
For more examples on how we may share your information, please speak to one of our non-clinical team who can advise accordingly and specifically.
3.6 How Long do we Hold Your Data
We will keep your paper and electronic (hospital/clinic) records as long as you are a patient at the practice.
When you end your time with the Practice, these records will be returned to Shared Services and follow NHS guidelines.
The practice will archive information held on its clinical system relating to consultations, immunisations, medical history and prescribing.
3.7 Location of Your Data
Your data is securely stored and located on our computer systems, which are managed by NHS Wales Information Service. For specific information on how your data is stored electronically contact them by clicking here. (http://www.wales.nhs.uk/nwis/page/52504)
We also store, when necessary, physical paper copies of your medical records. These records are held in a secure location that follows relevant legislative guidelines.
4.0 Patient (Data Subject) Rights
If you would like to invoke any of the following data subject rights, please write to The Practice Manager, Glantwymyn Health Centre, Cemmaes Road, Machynlleth, Powys, SY20 8LB.
4.1 Right to be Informed
4.2 Right to Access Your Data
GDPR 2018 grants you the right to access particular personal data which we hold about you. This is referred to as a subject access request. We will respond promptly and at least within one calendar month from the date of receiving the request and all necessary information in writing from you.
4.3 Right to Rectify
If considered appropriate, a retrospective entry can be made by a clinician if you have concerns regarding the accuracy of your clinical record.
You will also have the right to have incomplete personal data completed, if necessary by providing a signed and dated supplementary statement. We will respond to the request for rectification at least within one calendar month.
4.4 Right to Erase
You have the right to request erasure of personal information concerning you if this is no longer relevant. We can not delete data which may compromise your medical care in the current or future.
4.5 Right of Data Portability
We can respond to a request from you for the supply of your personal information in an electronic format, which you then have the right to transmit elsewhere.
4.6 Rights to Automation
Patients have the right not to be subject to a decision based on automated processing. Patients have the right to (a) obtain human intervention, (b) express their point of view, and (c) obtain an explanation of the decision and challenge it.
5.0 Questions, Queries & Complaints
Dyfi Valley Health
Machynlleth Health Centre
The NHS operates a zero tolerance policy with regard to violence and abuse and the practice has the right to remove violent patients from the list with immediate effect in order to safeguard practice staff, patients, and other persons. Violence in this context includes actual or threatened physical violence or verbal abuse which leads to fear for a person’s safety. In this situation, we will notify the patient in writing of their removal from the list and record in the patient’s medical records the fact of the removal and the circumstances leading to it.
Our website pages are designed so that you can change the style, size and colour of the font used, as well as the background colour. If you wish to do so, please see the guides below.
Customise settings in:
- Have problems seeing the screen
- Find it difficult to use the mouse or keyboard
- Need help with language or reading websites
then we recommend you visit the BBC website My Web My Way, which provides advice on how to make your computer easier to use, whether you are a Windows, Mac or Linux user.