Skip to main content

Privacy Information

Purpose of providing this privacy information

This privacy notice tells you what to expect when you, and sometimes others, provide your personal information to us.  It sets out what information we collect about you and why we collect it, how the information may be used, who it may be shared with and how we will protect it and keep it confidential.

The notice explains what rights you have to control how we use your information, our legal basis for processing it and how you can access it. We also explain who to contact if you have any questions and how to contact them.

The Practice Of Health is the Data Controller for the personal information we process, unless otherwise stated. There are many ways you can contact the Practice, including by phone, email, and post. Further details can be found on our Practice Details webpage.

Privacy Notice for 13-16 year olds

Privacy Statement for Patients

Privacy Notice for Patients and their Carers


The practice Data Protection Officer is DHCW DPO Service. DPO Support Service; Digital Health and Care Wales (DHCW).

Good quality information helps with making choices about lifestyle and self-care, and making decisions about health and well being.

With access to information, patients become empowered to play a greater role in the decisions that affect their health. To help you make informed decisions about your healthcare, this section includes guidance relating to patients’ rights, health and social care policy and how to complain about NHS treatment or services. You can also find information on accessing your health records here

- or see our Your Privacy - Yours Rights leaflet.


Security of personal data

The surgery recognises that your personal data is very valuable, and so we take its security very seriously. We employ robust technical measures to secure your personal data and access to it is restricted to people who have a need to process it in line with their work.

All practice staff are bound by contracts which include clear responsibilities in relation to confidentiality. All of our non-medical staff have the same duty of confidentiality as healthcare professionals such as Doctors and Nurses.

All of our staff must attend training in what we call Information Governance. Amongst other things, this training makes them understand the importance of confidentiality and security of your personal data and makes clear that they are personally responsible for the security of any information which they are processing. They must attend this training at least once every two years and must pass a test to demonstrate that they have understood it. The expectations we have on our staff are set out in the Information Governance Policy. Failing to comply with this policy is a disciplinary offence.


How we use your medical records - Important information for patients


  • This practice handles medical records in-line with laws on data protection and confidentiality.
  • We share medical records with those who are involved in providing you with care and treatment.
  • In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill.
  • We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.
  • You have the right to be given a copy of your medical record.
  • You have the right to object to your medical records being shared with those who provide you with care.
  •  You have the right to object to your information being used for medical research and to plan health services.
  • You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office. Please see the practice privacy notice on the website or speak to a member of staff for more information about your rights.


See our Records Management Policy for more information.