We use cookies to make this site work. We'd also like to set optional cookies so we can understand how the site is used and improve it. We will not set optional cookies unless you accept them. You can change your choice at any time from the Cookie settings link in the footer.
Strictly necessary cookies
These cookies are required for the site to work. They store your cookie preferences and keep your session secure. They are exempt from consent under PECR Regulation 6(4) because they are essential to deliver the service you have requested.
Optional cookies
Optional cookies help us understand how the site is used and provide additional features such as analytics, accessibility tools and translation. We will only set them if you accept.
Privacy Notice - Patient Call In System
As part of our commitment to improving patient care and population health management, this GP practice uses Engage Patient Call In, a secure patient call in system.
| 1) Controller contact details |
Lee Road Surgery 20 Lee Road London SE3 9RT |
| 2) Data Protection Officer contact details |
John Eni-Uwubame South East London Integrated Care System |
| 3) Purpose of the processing |
The Engage Patient call In System allows practice staff to call patients who have atteneded for a face to face appointment to the clinicians rooms. This is to facilitate easier notification to patients and streamline the arrival/call process. First name/last name” to “clinician name” in “room name”. This is displayed for 10 seconds on the screen. The screen plays a notification sound when calling but will also announce the call message. What data is shared? The clinical system will fetch: Any patient data not used will be discarded in memory, not persistent, not saved in logs. Pseudonymised data may be shared securely with other NHS organisations only for direct care, planning, quality improvement, and assurance purposes, and never for marketing or commercial use. Only anonymised data stored, such as logs. Data processed via Engage AWS servers. Who can access the data? The data is behind the clinical system API. Any data exposed by this API would be data that is already accessible to the member of staff, via RBAC. |
| 4) Lawful basis for processing |
We process this data under UK General Data Protection Regulation (GDPR) Article 6(1)(e), the performance of task carried out in public interest. For health data, the condition is Article 9(2)(h), the provision of health and social care. |
| 5) Rights to object |
Under the UK GDPR, you have the right to object to your data being processed in this way. If you wish to object, please contact the Practice Manager. We will carefully consider your request and assess whether we can reasonably stop processing your data without affecting our ability to deliver safe, effective care or meet our legal obligations. |
| 6) Right to access and correct |
The Data Subjects or their legal representatives have the right to access the data that is being processed or shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of Law. |
| 7) Retention period |
The data will be retained for active use during and thereafter retained in an inactive stored form according to the law and national guidance |
| 8) Right to Complain. |
You have the right to complain to the Information Commissioner’s Office, you can use this link https://ico.org.uk/make-a-complaint/data-protection-complaints/ or calling their helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate) |