The UK data protection regime is set out in the DPA 2018 and the GDPR (which also forms part of UK law) and governs how Local Medical Committees (LMCs) use personal data.
- ABOUT US
- WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT
- CHANGE OF PURPOSE
- SHARING YOUR INFORMATION
- KEEPING YOUR INFORMATION SECURE
- YOUR RIGHTS
- HOW TO CONTACT US
1. ABOUT US:1.1 Morgannwg Local Medical Committee (LMC) is the statutory representative body for GPs and their Practices operating across the Swansea Bay University Health Board area. We exist solely to represent, advise and support GPs and their Practices.
DATA CONTROLLER: Morgannwg LMC Ltd, a Company registered in England and Wales under Company, number 7582825, whose registered office is at 6 Uplands Terrace, Uplands, Swansea SA2 0GU, is the data controller responsible for deciding how the personal data described below is held.
2. WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT:2.1 We will only use personal data where we have a valid lawful basis to do so. We summarise below what information we collect, how we use it and what our legal basis is for using it.
2 2 We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data without consent (as set out below), this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used.
2.3 If you are a Represented Practitioner
2.3.1 Interacting with you and representing your views(a) We collect and use personal data about you in order to;
- Administer your membership (if applicable)
- Provide you with advice, support and training
- Seek and represent your views
- Keep you informed about the LMCs activities and other information of interest to you
- Provide pastoral care
- Administer the LMC’s elections
- Support you in relation to fitness to practice investigations and complaints
(b) We collect and use the following personal data about you:
- Contact details
- Job title, employment status ad practice details
- Date of birth
- National Insurance Number
- Bank/payment details
- GMC registration number
- Contacts with the LMC office (eg emails, details of telephone conversations)
- Medical information (this is special category data and would only be necessary in relation to fitness to practice investigations.
- Further information that you provide to us in correspondence and records of our contacts and correspondence with you.
(c) We obtain the above personal data directly from you and/or your practice, from public domain sources and from third parties (such as other NHS bodies).
(d) Our lawful basis for processing the above personal data is that its processing is necessary in connection with the legitimate interests of the LMC as a body that advises, supports and represents practitioners and their practice staff. We undertake some processing that is necessary for the performance of a task carried out in the public interest or in order for the LMC to carry out its legal obligations. We will only use any information that you provide consistent with the principles of the Data Protection Act 2018 and General Data Protection Regulations. This means that we will always ask for your consent when we collect information for the purposes of this policy. At no time will your personal information be shared with third parties unless you have given us permission do so.
(e) We retain personal data relating to your membership whilst you are on the Medical Performers list and for one year thereafter unless there is a legitimate reason to retain some or all of it longer, such as in connection with a fitness to practice investigation or complaint.
(f) We generally retain:
- Minutes of LMC meetings for a period of 20 years following the meetings.
- Records of financial transactions for a period of 6 years following the transaction
- Records of elections for a period of 3 years
2.3.2 Supporting you in relation to fitness to practice investigations(a) In addition to the categories of data and details of processing described above, we may hold and process medical information and testimonials about you and allegations against you in relation to fitness to practice investigations.
(b) Our lawful basis for processing the above personal data is that its processing is necessary in connection with the legitimate interest of the LMC as a body that advises, supports and represents practitioners.
(c) We retain records relating to fitness to practice investigations for a period of five years from the end of the investigation.
2.3.3 Supporting you in relation to complaints(a) The same categories of data and details of processing apply to supporting you in relation to 4 complaints as apply to fitness to practice investigations.
(b) Our lawful basis for processing the above personal data is that its processing is necessary in connection with the legitimate interests of the LMC as a body that advises, supports and represents practitioners.
(c) We retain records relating to complaints for a period of 7 years from the end of the conclusion of the complaints process (including the exhaustion of all possible legal proceedings
2.3.4 Special category personal data
- where the personal data described above includes the special category personal data of Practitioners;
- we may hold and process such special category data in connection with our legitimate activities that the special category personal data is not disclosed outside the LMC without your consent.
- we may hold and process such special category data to the extent necessary for the establishment, exercise or defense of legal claims or in order to comply with legal obligations.
- in some cases, such as where the LMC is sent unsolicited information or in other unforeseen circumstances, there may be public interest grounds to hold and process special category personal data.
2.3.5 Processing requiring consent(a) We will obtain consent for any data processing that requires consent, such as for marketing purposes or to disclose your personal data outside the LMC in cases where such disclosure does not fall within a lawful basis for processing and condition for processing special category personal data outlined above.
(b) Even where consent to sharing personal data is not required, we would ask you to inform us of any instances where you would prefer that any of your personal data is not shared.
2.4 If you are a Non-Constituent:
2.4.1 Anonymised information(a) We encourage the provision of anonymised information which does not engage any rights under data protection and privacy laws, hence falls outside the scope of this policy.
2.4.2 Personal Data(a) We may receive information relating to an identified or identifiable Non-Constituent in relation to our advising, support and representation of Represented Practitioners or their staff. This information may be provided to us by the individual data subject, by the Represented Practitioner or by a third party.
(b) Such non-member personal data is handled in confidence and is used only for the purpose of advising, supporting and representing Represented Practitioners or their staff.
(c) Our lawful basis for using such non-Constituent personal data is that its processing is either necessary in connection with the legitimate interests of the LMC as a body that advises, supports and represents GPs and their staff or necessary for the performance of a task carried out in the public interest.
(d) Such Non-Constituent personal data is retained for as long as necessary to support the relevant Represented Practitioner and then destroyed.
2.4.3 Special Category personal data:(a) We will usually only receive special category personal data of Non-Constituents (eg data concerning health) in connection with fitness to practice investigations and complaints. In such cases, we may hold and process such data to the extent necessary for the establishment, exercise or defence of legal claims.
(b) In some cases, such as where the LMC is sent unsolicited information or in other unforeseen circumstances, there may be public interest grounds for us to hold and process the special category personal data of Non-Constituents.
3. CHANGE OF PURPOSE3.1 We may only use your personal data for the purpose for which we collected it and any purposes that are compatible with that original purpose. Please note that we may process personal data without the data subject’s knowledge or consent where this is required or permitted by law.
4. SHARING YOUR INFORMATION4.1 We may share your personal data (with your consent or under the lawful basis and special category conditions outlined above) as appropriate with the third parties involved in the activities set out above, eg legal advisors, parties identified as being involved in issues with which we are assisting Represented practitioners, regulators and other bodies with oversight of fitness to practice and complaints.
4.2 We may also need to share personal data to comply with the law.
4.3 We may share anonymised information with third parties. Such information does not engage any rights under data protection and privacy laws, hence falls outside the scope of this policy.
4.4 We require all outside service providers to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use that personal data for their own purposes and we only permit them to process personal data for specified purposes in accordance with our instructions. 4.5 We currently use the following service providers:
- BT (telephone /Broadband)
- Sage (payroll)
- Bull Solutions (website)
5. STORING PERSONAL DATA.5.1 The LMC is based and processes your personal data within the UK.
5.2 Our third party service providers (BT / Sage / Bull solutions) may have servers in countries outside of the UK /EEA and some personal data may be transferred outside of the EEA in connection with their provision of services. Where data that we control is transferred outside of the EE we take all steps reasonably necessary to ensure that your personal data receives an adequate level of protection and is treated in a way which is consistent with EU and UK laws on data protection.
5.3 Within the LMC office we hold your data electronically, password protected and held securely on our internal computer systems. In some instances, data can be accessed by mobile devices which are password protected. Where paper records are retained, these are held securely in the LMC office which is always locked when not occupied.
5.4 We will only retain personal data for as long as is necessary in order to fulfil the purposes for which it was collected for, including for the purpose of satisfying any legal, accounting or reporting obligations. In particular, any personal data linked to a possible legal claim may be retained for a period of 6 years.
6. KEEPING YOUR INFORMATION SECURE:6.1 All information that you provide to us is store on secure servers. We have put in place appropriate measures to protect the security of your information.
6.2 The transmission of information via the internet is not completely secure. Although we take appropriate measures to protect your personal data, we cannot guarantee the security of the information transmitted over the internet or to our website any transmission is at the sender’s own risk.
7. YOUR RIGHTS:7.1 Subject to certain conditions, you have the right under data protection laws to:
(a) request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. This right is subject to a number of exemptions which allow information to be withheld in certain circumstances. For example, subject access rights are excluded where compliance would involve disclosing: information relating: to another individual; data which consists of information which is subject to legal professional privilege; negotiations or confidential references;
(b) request correction or erasure of your personal data (unless we have the legal right to retain it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);
(c) object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. (d) request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
7.2 If you want to exercise any of the above rights, please contact us at email@example.com.
7.3 You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
7.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data are not disclosed to any person who has no right to receive it.
7.5 In the limited circumstances where we are relying on your consent as the legal basis to process your personal data for a particular purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at Morgannwglmcltd@btconnect.com. Once we know that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law
This policy was last updated on 12th March 2019
6 Uplands Terrace, Uplands, Swansea SA2 0GU.
If you are dissatisfied with our response, you may complain to the Information Commissioners Office.