Privacy Notice

This privacy notice entails all the information you, as a service user or data subject needs to know about what we do with the patient data we collect and process in order to run our service.

How We Process Your Data

When a “patient” (service user) uses our service, we are required to process and store data in order to provide the necessary amount of care.

The data we process falls within your vital interest within article six of the GDPR and the data we retain fall within the lawful obligation as stated in article 6 of the GDPR. (http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN)

EBPCOOH (East Berkshire Primary Care Out of Hours Service) is a data processor on behalf of NHS England and the local NHS authorities, who are our data controllers.

In order to provide medical health care as provisioned by NHS England and local authorities, we request patient’s data in order for us to process each patient to ensure they receive the care they need. The Data EBPCOOH collects on each patient is necessary as without it EBPCOOH would not:

  • Be aware that the correct patient is receiving care
  • Be able to contact or visit a patient that is in need of care
  • Be able to refer patients if necessary
  • Be able to view patients’ previous medical history and notes
  • Be unable to update patients’ medical history and notes

All of the above come under our necessary right to process due to vital interest of our service users.

Advanced Healthcare Computing (Adastra)

EBPCOOH uses Adastra software to process and store patient data, as well as receive data from the 111 service and transfer data to patient’s medical practices or other healthcare services where necessary.

For details on Adastra’s privacy notice and how they store and process data, please refer to: www.oneadvanced.com.

NHS England 111 Service

For details on which systems the NHS 111 services use, please refer to your local 111 service’s website. Note: SCAS (South Central Ambulance Service) covers the 111 Service for the east Berkshire region: https://www.scas.nhs.uk/

Vocare cover the 111 service for Richmond: http://vocare.org.uk

For details on which systems other local healthcare services use to process and store data, please refer to that particular service’s website.

Data Retention

EBPCOOH are governed by NHS England guidelines – and currently store patient data indefinitely. We have a legal obligation to store patient data for at least 30 years. Currently, EBPCOOH find it necessary to store patient data indefinitely to serve the legal and vital interests and obligations that are connected with healthcare.

Consent to Contact Forms and Patient Surveys

Patients who attend our services may be asked whether they want to give consent for us to contact them on their preferred method of contact to fill out a patient satisfaction survey.

The survey itself is anonymised and does not ask for any personal identifiable data.

The surveys are only sent if necessary explicit consent has been given by a service user for us to contact them.

EBPCOOH uses a third party company named Text Local (www.textlocal.com) to send out survey links. Text local stores service user’s mobile telephone numbers in their secure UK based database centre. EBPCOOH controls the deletion of this data and all numbers are deleted monthly. EBPCOOH holds these numbers as records for a month to avoid any needless duplicated texts to service users.

You can view Text Local’s privacy policy here: https://www.textlocal.com/legal/terms-and-conditions/

Call Recordings

When service users ring our services directly, or when our service users receive a telephone call from one of our clinicians, these calls are recorded.

EBPCOOH uses a telephony company named Content Guru (http://www.contentguru.com.).

Content Guru stores our call recordings on their system for 30 days. Content Guru’s data storage uses a cloud based system that never leaves the UK.

Within these 30 days, one dedicated EBPCOOH employee has administrative rights to listen and download records, should it be necessary. The system tracks all user’s activity. Access is securely restricted and requires a username, pass code, password and RSA token secure log on number to access.

Once the 30 days expires, all EBPCOOH’s telephone records are downloaded onto EBPCOOH’s internal hard drive, securely locked in our IT room. This room is only accessible to senior management and the IT manager. The PC to gain access to the hard drive is securely locked and requires password authentication to access which is restricted to one dedicated user within the organisation.

EBPCOOH retains call recordings for a minimum of 25 years as per NHS Guidelines, but no more than 30 years.

A signed copy of Content Guru’s addendum to contract with EBPCOOH that explains in detail their compliance is available upon request. Please email [email protected] for a copy.

When service users ring our services directly, or when our service users receive a telephone call from one of our clinicians, these calls are recorded.

EBPCOOH uses a telephony company named Content Guru (http://www.contentguru.com.).

Content Guru stores our call recordings on their system for 30 days. Content Guru’s data storage uses a cloud based system that never leaves the UK.

Within these 30 days, one dedicated EBPCOOH employee has administrative rights to listen and download records, should it be necessary. The system tracks all user’s activity. Access is securely restricted and requires a username, pass code, password and RSA token secure log on number to access.

Once the 30 days expires, all EBPCOOH’s telephone records are downloaded onto EBPCOOH’s internal hard drive, securely locked in our IT room. This room is only accessible to senior management and the IT manager. The PC to gain access to the hard drive is securely locked and requires password authentication to access which is restricted to one dedicated user within the organisation.

EBPCOOH retains call recordings for a minimum of 25 years as per NHS Guidelines, but no more than 30 years.

This Website

We are committed to protecting your privacy. You can access our website without giving us any information about yourself.

We do not use tracking cookies on this website therefore you will not see a message asking you to choose to accept or decline cookies.

We do not collect information about our visitors from other sources, such as public records or bodies, or private organisations. We do not collect or use personal data.

This website does not use any analytical tool to track your online usage, with the exception of our internal staff area, where basic log in details are required for staff to access. This however only affects the staff area section of this website, which is not open to or intended for use from the general public.

Staff log in details are stored within the website, and only one dedicated company administrator has access to view these details.
Our website requires to see your IP address – which is necessary for you to access the website – but we do not store, track or view this information.

What is a cookie?

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Our website does not require usage of this as it is intended to be viewed only.

For more information about cookies, including how to view the cookies that have been set and how to manage or delete them, please visit www.allaboutcookies.org.

What is an IP Address?

IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number used by computers on the network to identify your computer. IP addresses are automatically collected by our web servers so that data (such as the web pages you request) can be sent to you.

Web server log files are used to record information about our site, such as system errors. Log files do not contain any personal information or information about other sites which you have visited, and we do not view, track or store this information.

Links to other websites

Please be aware that our site may link to other websites which may be accessed through our site. If you follow a link to any of these websites, please note that they will have their own cookies and privacy policies.

We do not accept any responsibility or liability for the privacy and security practices of such third party websites and your use of such website is entirely at your own risk.

How to Contact Us

If you have any concerns regarding the usage of our website, or what our website requires from you in order for you to view – please email our Information Governance Team who can assist you with additional information or guidance: [email protected]