We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. Cookie policy.
Cookie settings.
Functional Cookies
Functional Cookies are enabled by default at all times so that we can save your preferences for cookie settings and ensure site works and delivers best experience.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Privacy Notice
This privacy notice explains what happens to any personal data that you give to us, or any information that we may collect from you or about you from other organisations.
This privacy notice applies to personal information processed by or on behalf of the practice.
This Notice explains:
- Who we are and how we use your information
- Information about our Data Protection Officer
- What kinds of personal information about you we hold and use (process)
- The legal grounds for our processing of your personal information (including when we share it with others)
- What should you do if your personal information changes?
- For how long your personal information is retained / stored by us?
- What are your rights under Data Protection laws
How we use your information and the law
Weavers Medical is the Controller of your personal data. We collect basic personal data about you such as name, address and contact details (e.g., email, mobile number), as well as location-based information.
We also collect sensitive confidential data known as “special category personal data”, including health information, religious belief (if required in a healthcare setting), ethnicity and sex life information, where relevant. We may also receive this information about you from other health providers or third parties.
Why do we need your information?
Healthcare professionals who provide you with care maintain records about your health and any treatment or care you have received. These records help ensure the best possible healthcare and treatment. Records may be electronic, paper-based or a mixture of both, and are kept confidential and secure. These records may include:
- Personal details (e.g., address, emergency contact)
- Contact the surgery has had with you
- Notes and reports about your health
- Details of your treatment and care
- Test results (e.g., blood tests, x-rays)
- Information from other health professionals, relatives or carers
How do we lawfully use your data?
We process your personal and special category data to provide healthcare services under the UK GDPR, relying on:
- Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Article 9(2)(h): Processing is necessary for medical diagnosis, the provision of health or social care or treatment, or the management of health or social care systems.
This Privacy Notice applies to the personal data of our patients and any data you have given us about your carers/family members.
Risk Stratification
This involves using NHS data tools to assess risks to health and support prevention and targeted interventions. Identifiable information is used under strict controls, and you have the right to opt out.
Medicines Management
We may review prescriptions with support from the ICB’s Medicines Management Team to ensure optimal treatments.
Patient Communication
We may contact you using your provided contact details to inform you about NHS services or health-related information. You can opt in or out of specific communication methods.
Mobile Telephone
With your consent, we may use your mobile number for appointment reminders or health screening notifications.
Practice Website
Our website uses cookies. More information can be found at:
Invoice Validation
To determine which Integrated Care Board (ICB) funds your treatment, limited personal data may be used in a secure environment for billing purposes only.
Extended Access
You may be offered appointments outside normal hours. We will share your medical record with health professionals involved. Your consent will be sought before booking.
Safeguarding
We process personal data to safeguard children and vulnerable adults, based on:
- Article 6(1)(e)
- Article 9(2)(b)
Information may be shared with local authorities, police or other professionals to ensure safety and care.
Third Party Processors
We use approved third parties for services such as IT support, appointment systems and telecommunications. Contracts ensure data is kept secure and used only as instructed.
ANIMA
We use ANIMA, a secure NHS-assured digital platform, to assist in the processing and management of patient documents. ANIMA is used to support the clinical and administrative workflow by helping the practice manage and assign incoming documents efficiently.
What does ANIMA Docs do?
Documents received by the practice (e.g., hospital letters, referrals, investigation results) are securely transferred to the ANIMA platform, where they are reviewed and processed by clinical and administrative staff. Once processed, the documents are filed directly into the patient’s medical record within SystmOne, our core clinical system.
Is your data safe?
Yes. Patient information transferred to and processed within ANIMA Docs is handled securely in line with NHS standards. All data is encrypted during transfer and storage. Access to ANIMA Docs is restricted to authorised staff only, and all actions are logged and auditable.
Legal basis for processing
Processing of your data via ANIMA is necessary for the provision of healthcare and is carried out under the UK GDPR and Data Protection Act 2018 on the following legal bases:
- Article 6(1)(e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Article 9(2)(h): Processing is necessary for the provision of health or social care or treatment.
Confidentiality
We adhere to the UK GDPR, DPA 2018, and other relevant laws and NHS codes. Staff are legally obliged to keep your information confidential.
Use of Data for Research
With your explicit consent, we may use your information for research purposes. You can opt out at any time.
National Data Opt-Out
You can opt out of your confidential information being used for research or planning or call 0300 303 5678.
International Data Transfers
Data is processed in the UK. If data is hosted elsewhere, it is only in countries with adequate protection standards approved by the UK Government.
Partner Organisations
We may share data with:
- NHS Trusts/Foundation Trusts
- GPs and PCNs
- ICBs, NHSE, NHS Digital
- Social care services, police, ambulance, fire services
- Approved voluntary and private sector providers
Computer System and Shared Care Records
We use a clinical system shared securely with other clinicians involved in your care. You may opt out if based on consent.
Sharing without Consent
We may share data without consent where required by law, e.g., to prevent serious harm, safeguard others, or comply with court orders.
Data Retention
Data is retained as per the NHS Records Management Code of Practice for Health and Social Care 2021.
Your Rights under UK GDPR
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure (where applicable)
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making
You can contact us to exercise these rights. We aim to respond within one month.
Primary Care Network
We may share your information with practices in our PCN to improve care.
Data Subject Access Requests (DSAR)
To access your data:
- Submit a request to the practice
- Provide ID and necessary details
- We provide copies free of charge within one month
Updating Your Information
Let us know promptly if your personal information changes.
Complaints
Contact our Practice Manager:
Mrs Jo Barker
Practice Manager
Weavers Medical
Prospect House
121 Lower Street
Kettering, NN16 8DN
If unsatisfied, contact the Information Commissioner’s Office or call 0303 123 1113.
Data Protection Officer
Provided by Midlands and Lancashire Commissioning Support Unit
Changes
We may update this notice. Updates will be published on our website and in the surgery.