Privacy Policy
SurgeryWeb are the suppliers of this practice website and takes privacy and security very seriously, especially when it comes to personal information.
This privacy policy describes how the Practice collects, protects and makes use of information held about you. This policy may be updated regularly and any amendments are effective immediately so we recommend you review this policy often to stay informed.
Our website may contain links to other websites, which are provided for your convenience. We are only responsible for the privacy practices and security of this website and not external websites. You should therefore check any other linked website’s privacy policies.
If you have any questions about this policy or the data we hold about you, please contact the practice.
What we collect and how we use it
Users may visit our website and use it as often as they like without providing any information, however certain services provided via the website do require the processing of personal data.
The processing of personal data is performed by SurgeryWeb who act as Data Processors on behalf of the Practice and the Data Processing Agreement can be seen here: https://colindalemedicalcentre.nhs.uk/data-processing-agreement
Contact Form
Our website contains a contact form which collects information such as your name, email address, telephone number and practice name. This information is used for the sole purpose of contacting you to answer any questions you may have about our services. By submitting the contact form online, you consent to the use of your details for this purpose.
Other Online Forms
Our website may also contain other online forms which collect information such as your name, date of birth, NHS number, address and postcode, telephone number, email address and other health related data. This information is used for the sole purpose of what the respective form is created for, and by submitting each form online, you consent to the use of your details for this purpose.
A data flow of the form submission process can be seen here: Data Flow
How we store it
The Practice will retain your personal data as long as it is required for the purpose for which the data is collected. Any data submitted via online forms are also retained on the web hosting server for a period of time specified by the practice, default period is 30 days. Backups of this data is stored by SurgeryWeb for a maximum period of 14 days at which time this data is auto-deleted.
Your data is held on a server provided by Catalyst2 and you can see more about their infrastructure and security here - https://www.catalyst2.com/about-us/infrastructure/
The data centre is UK based and all data is encrypted when stored and in transit such as when you submit a form to us. This website is https-secured which means communication between the users web browser and the server hosting this website is encrypted and cannot be intercepted en-route, this can be verified by the padlock icon in the address bar.
Access to your information
In accordance with the Data Protection Act 2018, you have the right to request a copy of the information that we hold about you, if you would like a copy of some or all of your personal information, please contact the practice.
Erasure of Data (right to be forgotten)
You have the right to have your data erased if the personal data is no longer required for the purpose it was originally collected for, if we are processing the personal data for direct marketing purposes and you object to that processing, or if you believe we are processing your personal data unlawfully.
To request erasure of your personal data, please contact the practice.
Complaints about the handling of your data
If you have any issue with how your data is being processed, we would recommend you to contact us first, putting your complaint in writing to the practice. We take all complaints seriously and do our best to resolve them.
Under the EU General Data Protection Regulation 2016 you have the right to complain to the supervisory authority which in the UK is the Information Commissioners Office (ICO). You can find more details about how to do this on the ICO website here: https://ico.org.uk/make-a-complaint/
Use of Digital Assistants for Managing Patient Requests
Our practice uses a digital assistant service provided by QuantumLoop Technologies Ltd to help manage patient contacts, support access to care and improve the safety and efficiency of our telephone and online systems.
Patients may interact with this service when they call the practice, use an online form or web chat, or receive a message from the practice asking for further information.
Any information you provide through this service is used solely for the purposes of delivering your care or managing the services we provide to you.
QuantumLoop processes this information only under our instruction, and does not use it for marketing, profiling or any non-care purpose.
All information is processed securely and stored within the UK in accordance with NHS data protection requirements.
Lawful basis for processing:
We process this information under Article 6(1)(e) of UK GDPR (task carried out in the public interest) and Article 9(2)(h) (management and provision of health and social care).
QuantumLoop acts as our Data Processor, and we remain the Data Controller for all patient data.
More information about your rights and how we use your data can be found in the full Practice Privacy Notice.
This policy was last updated on 01/10/2025.
