UK GDPR related information and topics are covered in this section. For further information, or any questions relating to this area, please call the practice and ask to speak with a manager.
Our Caldicott Guardian for the Practice is Dr Emma Poyner.
Confidentiality and access to your medical records
- Your medical records are confidential and will not be discussed with anyone else without your written permission. The practice complies with the GDPR. Staff will only enter your records for a genuine reason, e.g., during the consultation, to make an appointment, or to send a referral, etc.
- Everyone working for the NHS has a legal duty to keep information about you confidential.
- We only ever use or share information if we have a genuine need for it. The sharing of information is strictly controlled by law.
Privacy Policy
Our Patient Privacy Policy can be viewed via our website. Or alternatively ask our reception team for a copy.Easy read / Child friendly copies are available via this website and available in the surgery.
Your Information Your Rights
What you need to know
Many organisations in the NHS such as, hospitals, GPs, Dentists, Opticians, and Community Pharmacists provide healthcare services.
The people providing these services aim to provide you with the highest quality care. To do this they must keep records about your healthcare and any treatment they provide you.
They take their responsibility to look after your information very seriously. NHS Wales staff have a legal duty to keep your information confidential, accurate and secure at all times, and are trained to handle your information correctly and to protect your privacy.
There may be a need to share your information with people and organisations within the NHS who are responsible for providing you with treatment and care.
For example, your Dentist could share your information with a doctor in a hospital, so that they can provide you with further treatment or a hospital Pharmacist may access your GP record in order to review your current medication. This is to ensure patients receive the most appropriate, up to date and cost effective treatments
Sometimes members of a care team, which may include people from organisations such as health, social care, or other care organisations, may need to share your information within the team to provide your care.
There may be occasions where we are required to use or share your information to help us plan our services for patients and check how well we are doing when we provide you with treatment and care.
We will only share the minimum information needed at that time and only where the law allows us to share it. We will never sell your personal information.
Further Information
Review the full Privacy Policy by clicking the link below.
Privacy Information - Pendre Surgery
Freedom of Information
To view of freedom of information policy, download from the below link:
FOI - Publication Scheme.docx
Or ask our reception staff for a hard copy.
We also have some key / useful information available which you can read by reading your Procedure - FOI and EIR V1.0 24-2025.pdf
Where can you find further information - Who to Ask?
We are starting to publish key information on our website. However, if you find that information that you require is not available readily, please contact the surgery and ask to speak with Paul Deaves. It may be necessary to leave your contact details so he can return your call.
FOI Costs
Most requests are free but you might be asked to pay a small amount for photocopies or postage. We will tell you if you have to pay anything.Some sensistive information is not available to members of the public, for example; information which could identify a person, or groups of people, therefore these requests will be declined. We may also decline a request if the cost to obtain the information exceeds £450.
Shared Information:
Access Standard - Click the below link to see monthly statistics on:
- Total number of calls to surgery
- Number of calls answered within two minutes
- Number of calls abandoned
- Items issued via prescription
- Referrals made
- Fit notes issued
- Administrative communications issued (letters/emails)
- Text messages sent and received
- Total digital requests submitted to practice
- Appointments - total
- Appointments - seen
- Appointments - DNA
Access - Expectations - Pendre Surgery
Welsh GP Record
The Welsh GP Record enables a range of people supporting your direct care to access a summary of key health information from the records your GP keeps about you. It helps to improve patient safety and quality of care through quicker access to information.
Please click on the below links for more information in this area, including what to do if you want to ask further questions. English / Welsh
Data Protection Impact Assessments (DPIA's)
- A Data Protection Impact Assessment (DPIA) is a process to help us to identify and minimise the data protection risks of a proposed project.
- We must do a DPIA for processing that is likely to result in high risks to individuals. This includes some specified types of processing.
- It is also good practice for us to do a DPIA for any other major projects which requires the processing of personal data.
Any new DPIA's we produce will be available below:
Clinical Practice Research Datalink
This practice contributes to the Clinical Practice Research Datalink
Information in patient records is important for medical research to develop new treatments and test the safety of medicines. This practice supports medical research by sending some of the information from patient records to the Clinical Practice Research Datalink (CPRD).
CPRD is a Government organisation that provides anonymised patient data for research to improve patient and public health.
You cannot be identified from the information sent to CPRD.
If you do not want anonymised information from your patient record to be used in research you can opt out by speaking to your doctor.
For more information about how your data is used visit www.cprd.com/public
Shared Information
INR Star
INRStar, Relates to anticoagulation patients - LumiraDx Care Solutions are planning to migrate INRstar from its existing infrastructure to a new cloud infrastructure, currently scheduled for 30th July 2021. For more information, follow this link - INRstar Migration to New Cloud-First Technology FAQs - INRstar Help. INRStar's Privacy Notice can be found here INRStar Privacy Notice (Patients and Carers) (Eng) (DOCX, 103KB)
COVID-19
Information about patients’ coronavirus (COVID-19) status may be shared with NHS and other partners involved in their care and treatment, along with:
- NHS Wales
- Public Health Wales
- The Department of Health
- The Police Force
- Other government departments where it is legally required, or where it is necessary for the protection of public health or management of the outbreak
The lawful basis is GDPR Article 6(1)(c), compliance with a legal obligation, or Article 6(1)(e), that processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (the provision of statutory health care services).
The exemptions in GDPR Article 9(2)(h) and 9(2)(i) will be applied, that processing is necessary for matters of substantial public interest or for the management of health care systems.
The conditions in paragraphs 2 (management of health care systems), 3 (public health) and 6 (statutory and government purposes) of schedule 1 of the Data Protection Act 2018 are also engaged.