Privacy Policy

Please take a minute to read, if you find anything unclear please contact us.


  • City & Hackney GP Confederation promise to protect your privacy, we do this both by following this privacy policy, and by informing you of your rights under the Data Protection Act 2018 (incorporating the GDPR regulations).

  • This policy explains the information we hold about you as a Data Controller, what we do with it, who else may have access to it and how to exercise the rights that you have over your data.

  • We are registered with the Information Commissioner’s Office and our registration number is ZA101199.

  • Our Data Protection Officer is Miles Dagnall who can be contacted at

Your personal information

Personal information will only ever be collected and stored by City & Hackney GP Confederation for the following purposes:

  • To update and enhance the website and the services provided. (Please see our Cookie Policy or the paragraph below for further information);

  • In such cases where we do ask you for personal information for instance to investigate complaints or answer Freedom of Information or Subject Access Requests, we will inform you of how we intend to use the information and we will ask for your explicit consent;

  • On occasion the Confederation may use personal data for assessing current services or planning future ones. This will include data held at your practice as well as data held in EMIS Community which is the system we use to provide extended neighbourhood (out of hours) services. This also enables us to ensure that taxpayers’ money in the NHS is being used as effectively as possible. We do this by conducting audits of the services provided in the City and Hackney GP Confederation area.

The areas subject to audit currently include:

  • Extended access (out of hours services)

  • Wound care

  • Phlebotomy (blood tests)

  • Sexual health

  • Anticoagulation (treatment to thin the blood)

If you do not wish your data to be processed in this way, you have a right to ask for the processing of this data to cease or be restricted, please contact our Data Protection Officer using the details under “Contact Us” as below.

To update and enhance the website and the services provided.  (Please see our Cookie Policy or the paragraph below for further information);

In such cases where we do ask for patient information (for example, a copy of the GP referral form) this information is not stored on the website. Where we do ask for information in order to make a patient referral, once the referral contact has been made, we do not retain this data in our systems.

We do retain patient personal data collected in order to investigate and resolve any complaint that has been made.

Who else might see my personal information?

In nearly every case, your data is shared within the NHS and with other secondary care and public sector services by your practices for the purpose of providing you with direct care. Occasionally, City & Hackney GP Confederation may also share your data for the purposes of making a referral or resolving your complaint.

City & Hackney Confederation does NOT share your personal information with any other company. However, we are not responsible for the content of linked websites, and therefore we recommend that you check the privacy policy of those websites to which this website may link.

We will share your information where required to do so by relevant legislation, such as under the Control of Patient Information 2002 that is in place to allow personal information to be collected and transferred during the Covid 19 pandemic, or in order to comply with a court order.

Should City & Hackney GP Confederation be acquired by another company, customer information may be deemed a transferable business asset, and as such will transfer to the new owners.

The processing of personal data in the delivery of direct care and for providers’ administrative purposes in this surgery and in support of direct care elsewhere is supported under the following Article 6 and 9 conditions of the GDPR below.

Evaluating Existing Services

We use a combination of anonymised, pseudonymised and personally identifiable data to evaluate our existing services including those listed for audit above. We may also contact you directly to ask for your views and opinions. We may do this in person or by text or e-mail or by asking you to complete a survey. You are, of course free not to provide any further information in this way.

Risk stratification

Electronic tools of prediction, based upon algorithms and artificial intelligence are used within the NHS to determine a patient’s potential future risks and treatment needs. Wherever we can, we want to prevent admissions to A&E and secondary care which would be otherwise necessary and to plan services that keep people well in their daily lives. Such preventative, predictive, tools may, for instance, be used to determine the risk and consequence of a future fall in an elderly patient. The Confederation and its practices may use such tools in support of its practices enabling them to deliver better services and care.

However, under the 2018 Data Protection Act, you do have the right to opt out of having your data processed in this way using artificial intelligence or predictive tools. If you do wish to opt out, please contact your practice rather than the Confederation.


The Confederation may take part in research that uses anonymised or pseudonymised data. This means that patient data cannot be traced back to individuals and is therefore no longer personal data under the 2018 Data Protection Act.

Anonymised or pseudonymised patient data held by the Confederation may also be used to evaluate present services that provide direct care or to plan future ones within some or all of its practices or primary care networks across the City and Hackney area.

Opting-out from research, risk stratification and planning (the national data opt-out)

You can opt-out from having your confidential data (i.e. data that can identify you) being used for purposes beyond direct care, such as research and planning.  To this you need to access on-line and read the information and follow the instructions if you wish to opt out. This opt-out is recorded against your NHS number on the NHS ‘spine’.

There are some situations where the opt-out will not apply. These include:

  • Situations where data is needed in the “public interest”, e.g in cases of epidemic where communicable diseases need to be diagnosed and the spread of their infection prevented or controlled, such as the Covid 19 pandemic;

  • To monitor and deliver vaccination programmes;

  • To manage risks of infection from food or water supplies or the environment;

  • To enable the delivery of direct care to you

You can find out more about how your patient information is used at and https//

Please note that you can change your choice at any time. The Confederation is compliant with the national data opt-out policy.

What is the lawful basis for processing my information?

The Confederation’s role is mainly concerned with planning and delivering patient services. As an entity, it rarely uses patients’ personal data. When it does so, it is performing a public task on the following bases (as outlined in the GDPR):

Article 6(1) (e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”

How is the information stored?

The Confederation has access to the main patient record via a contracted data processor in the cloud. The contracted processor for the practice is Egton Medical Information Systems (EMIS). They can be contacted via EMIS, Rawdon House, Green Lane, Yeadon, Leeds LS19 7BY.

It does not store personal data in its own systems other than for the purposes for referral, for the purposes of managing, evaluating and planning services or for resolving complaints or for complying with Subject Access Requests and Freedom of Information requests.

Such personal information is retained on secure UK based data servers and access by staff who must abide by contractual clauses regarding the privacy of your information, have completed data privacy training in the last 12 months and whose access to the system is controlled by privileges allocated to their specific roles. The Confederation follows national guidelines as to the retention of different types of personal data. The details of such guidance can be found here:

Your rights under the 2018 Data Protection Act

Your right to object You have the right to object to some or all of your information being processed, which is detailed under Article 21. In most cases, the processing of your data is carried out by the practice who is the Data Controller. Please contact your practice or the Data Protection Officer whose details are below. You should be aware that this is a right to raise an objection that is not the same as having an absolute right to have your wishes granted in every circumstance.
Your rights to data access and data correction You have the right to access any personal data held by the Confederation by making a subject access request via the details below and to have any inaccuracies corrected.
Your right of erasure (right to be forgotten) There is no right to have accurate medical records deleted except when ordered by a court of Law.
Your right to restrict processing You have a right to request that the processing of your data ceases or is restricted. Please address such requests to our Data Protection Officer using the details under “Contact Us”. Please note that this is not an absolute right and such a request may be rejected, but reasons will be provided if this is the case.

Site Usage and Cookies?

When you visit this website, it deposits certain bits of information called "cookies" in a visitor's computer. A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a website's computer and stored on your computer's hard drive. We use cookies to tell us how and when pages in a website are visited and by how many people.

The information collected is in an aggregate, non-identifiable form and may include your computer’s IP address, operating system and browser type. The use of cookies is an industry standard, and many major websites use them to provide useful features for their customers.

Each website can send its own cookie to your browser if your browser's preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. (Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.)

Information for job applicants

City and Hackney GP Confederation will process information provided by applicants for the management of their application and the subsequent selection process. This involves providing details to the short-listing and selection panels. Other details are kept to help fulfil our obligations to monitor equality and diversity within the organisation and in the application process. You can find more information about the use of personal data throughout the application process.

Information will be retained on interview performance and the application in line with the retention periods of City and Hackney GP Confederation.

For more information about your application and personal data contact City and Hackney GP Confederation contact details are

City & Hackney GP Confederation
2nd Floor
The Lawson Practice
85 Nuttall Street
N1 5HZ

Telephone: 0207 729 7236


Update on the national planned extraction of data from patient records for planning and research.

Many patients have expressed concern over the extraction of data by NHS Digital. A new system was scheduled to take place on the 1st September 2021, but has now been postponed without a date being set for when it will take place. This is to allow NHS England and the government to make changes in the light of concerns that have been expressed and to engage with patients and doctors.

This information is important to the country and has been used to plan the response to the Covid 19 pandemic, including the vaccine roll-out and to understand how to support patients suffering from ‘long Covid’.

However, the new data extraction will only now take place, when;

You, as a patients have the means to delete your data from a data upload, even after a data collection has taken place. You will be also able to opt-out from any future collections. The way that you will do this is being made more simple.

The present back-log of opt-outs expressed by patients, whether at practice level or on-line ( with NHS Digital) have been cleared.

A “Trusted Research Environment” has been developed and implemented within NHS Digital itself.

This mean that the data collected will only be accessed within this environment and that it will not be able to be copied or transported outside of the environment. Data can only be copied and transferred outside of this secure environment, if you, as a patient have given your explicit consent; e.g. for a specific research study.

NHS Digital promises that:

1)     The data extraction will continue to be both pseudonymised, i.e. the data identifying you as you does not reach NHS Digital and will be encrypted by GP System suppliers.

2)     Wants to improve its communications:

a.     By continuing to listen to patients and other stakeholders,

b.     Will consult via series of events that aim to explain the programme and engage in co-design with stakeholders as to how the programme will move forward.

c.      Will demonstrate how  public feedback is being used to shape how the data is collected and how the data informs research and planning across the NHS

Jo Churchill, the under-secretary of State for Primary Care promises that:

“Once the data is collected, it will only be used for the purposes of improving health and care. Patient data is not for sale and never will be for sale.”

The full text of his letter is available here.

If you have any further queries, please contact our Data Protection Officer, Miles Dagnall via

What if this Privacy Policy changes?

City & Hackney GP Confederation reserve the right to change this privacy policy from time to time. We may notify you of such changes, but it is your responsibility to check the policy each time you use the site.

Contact us

If you have any queries or concerns about this website or this policy please write to:

City & Hackney GP Confederation
2nd Floor
The Lawson Practice
85 Nuttall Street
N1 5HZ

Alternatively, you can contact our Data Protection Officer via

The use of personal data is overseen by the Information Commissioners Office, often known as the ICO. If you wish to complain or raise a concern with the ICO, they can be contacted via their website:

Or you can also call their helpline

Tel: 0303 123 1113 (local rate)

01625 545 745 (national rate)

Or you can write to them at

The ICO, Wycliffe House, Water Lane, Wilmslow SK9 5AF