CGPC Privacy Policy

How we use your information 

Croydon Collaborative is committed to ensuring that your privacy is protected. However, where you are receiving a service from Croydon Collaborative we are required to share that information with other organisations as part of your treatment and care. This is to ensure that your health records are accurate and up to date. 

We may also use your information to inform, improve and maintain the services that we are delivering. This information may be included in reports that used by employed members of Croydon Collaborative to show how we are improving and maintaining services, however any identifiable information which can identify you will be removed and anonymised to preserve your privacy and confidentiality. 

We will not sell, distribute or lease your information to any third parties, unless we have your permission to do so. 

For more information on how we use your information please contact Umar Sabat, Data Protection Officer via e-mail on umar.sabat@ig-health.co.uk 

Data Protection 

Croydon Collaborative is committed to ensuring that any information it collects and retains is kept safe and secure and in line with the Data Protection Act 2018 and General Data Protection Regulations (GDPR). 

Croydon Collaborative has completed a number of requirements associated with changes in Data Protection law this includes 

• Appoint a Data Protection Officer 
• Continually reviewing and updating our policies and procedures 
• Reviewing our Information Asset Register – This is a register that lists all our databases which hold corporate and patient information
• Ensuring that there are Data Protection Impact Assessments in place where it has been determined that the information being processed is high risk due to the amount of sensitivity of the information. A Data Protection Impact Assessment policy is now in place. 
• Ensuring that any privacy notices are in included or on documentation where this will require personal information to be used. 

In addition to this, Croydon Collaborative will also ensure adherence to the 7 Caldicott Principles. 

Principle 1 – Justify the purpose for using confidential information
Principle 2 – Don’t use personal confidential data unless it is absolutely necessary
Principle 3 – Use the minimum necessary personal confidential data
Principle 4 – Access to personal confidential data should be on a strict need to know basis
Principle 5 –  Everyone with access to personal confidential data should be aware of their responsibilities
Principle 6 – Comply with the law
Principle 7 – The duty to share information can be important as the duty to protect patient confidentiality 

Security

We ensure your information is always secure. In order to prevent unauthorised access or disclosure we have put in place safeguards that protect physical, electronic and managerial procedures to secure information we collect. Please see our policies that show our commitment ensuring information is safe. 

1. Information Governance Policy 
2. Data Protection Impact Assessment Policy
3. Confidentiality Policy 
4. Acceptable Use Policy  

Employees and contractors  

Croydon Collaborative needs to process data about you because we enter in a contract with you. In Some cases, Croydon Collaborative also processes your data to comply with a legal obligation. 

Therefore, we may process your data in several different ways 

1. Maintain accurate up to date employment record and contact details 
2. Operate and keep a record of disciplinary 
3. Keep a record of application form 
4. Obtain occupational health and support for you, sharing your information with consent 
5. Ensure effective HR and business administration 
6. Provide references on request for current and former employees.  

In addition to this Croydon Collaborative works with appointed contractors that deliver clinical services on our behalf and your information will be shared with them for the purpose of delivering clinical care. 

Further information

Questions, comments and requests regarding this privacy policy are welcome and should be addressed to:  

Data Protection Officer
2nd Floor, Zone F, Bernard Weatherill House,
Croydon, 
CR0 1EA, 
UK