Have you seen our Facebook page?
Like and follow our page for public health information and the very latest news and updates about sessions for you and your children.
Like and follow our page for public health information and the very latest news and updates about sessions for you and your children.
We value your trust and are committed to protecting the privacy of your personal information.
This privacy notice explains:
Please take the time to review this notice carefully to understand how your information is managed.
If you would like this information in an alternative format – such as large print, easy read, or an alternative language, please let us know using the contact details below.
UK Data Protection Laws:
Personal data: Any information relating to an identifiable individual. This might include your name, NHS number, contact details. It can also be location data or an online identifier.
Special categories of personal data are defined as: Racial or ethnic origin, politics, religious or philosophical beliefs, trade union membership, genetics, and biometrics (where used for identification) information concerning your health, sex life or sexual orientation.
Data Controller: An entity or individual that determines how and why personal data is processed.
Data Processor: An entity or individual that processes personal data on the behalf of the data controller.
Surrey Children Community Health services are provided by HCRG Care Ltd. We are the data controller for any personal information we hold about you.
HCRG Care Ltd is a limited company registered in England and Wales, registered number 05466033. Registered office: The Heath Business and Technical Park, Runcorn, Cheshire, WA7 4QX. Part of the HCRG Care Group of companies.
Please see our website for further information about the services we provide https://surreychildandfamily.co.uk/
HCRG Care Ltd is contracting Kingston and Richmond NHS Foundation Trust to provide paediatric audiology services. Details on how Kingston deliver this service and handle, process and store patient data can be found at Privacy notices :: Kingston and Richmond NHS Foundation Trust
Data Protection Officer
Deborah Tonkin
The Heath Business Park
Runcorn
Cheshire
WA7 4QX
via email: Ask.IG@hcrgcaregroup.com
If you are not happy about the way your information is handled, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioners Office (ICO).
The Information Commissioner’s Office
Wycliffe House
Cheshire
SK9 5AF
Helpline: 0303 123 1113 (local rate)
Email: casework@ico.org.uk
Website: www.ico.org.uk
We will collect ‘personal data’ about you such as your:
This is required for verification of identity and to provide you with best possible healthcare
We may also ask you for more sensitive data, called ‘special category data’, such as your ethnicity and information about your health.
Health care professionals are required by law to maintain records about your health. Your health record may include:
These records help to provide you with the best possible healthcare.
In order for HCRG Care Ltd to legally process your information a ‘lawful basis’ needs to be identified.
Our legal basis for processing your personal information falls under one of the following legal bases:
Our legal basis for processing special category data falls under one of the following legal bases:
The information we hold about you is used to:
| To provide services to you such as:
§ Provide information to make health decisions made by care professional with and for you. § To register you on our clinical system and book an appointment. § You will also have the option to add your appointment directly in to your mobile calendar at the end of the online booking process. § Diagnosis, treatment and follow up care (including sharing relevant information with healthcare professionals directly involved in your care). § Preventative care. § Providing social care. To deliver National Immunisation/Vaccination Programme: § HCRG Care Ltd will continue to deliver the school age immunisation program across primary and secondary schools in Surrey. § We will collect personal data to deliver this service safely and effectively. § We will collect parental/carers consent via electronic form. To deliver National Child Measurement Programme: § HCRG Care Ltd will continue to deliver the National Child Measurement Programme across primary schools in Surrey. § We will collect parental/carers consent via electronic form. § For this program, we will collect height, weight, and BMI data.
|
| To contact you regarding your care, such as:
§ Appointment reminders via different methods such i.e., SMS text message, telephone, or email. § Health related updates. § Service-related Surveys. § Other important information relating to your care. |
We may also use, or share, your information for the following purposes:
| Quality, Improvement, and Research:
§ Training and education of staff and general public. § Medical research (We will always seek your consent). § Organisational research i.e., patient surveys (We will always seek your consent). § Preparing statistics on NHS performance and activity. § Investigating concerns, complaints, or legal claims. § Internal quality improvement initiatives. |
| The Friends and Family Test (FFT):
NHS organisations including HCRG Care Group are required to use the Friends & Family Test (FFT) to capture feedback and submit response data to NHS England each month. Patients can access the data which will then help them make informed choices about their future care. We collect feedback from a number of different channels, including SMS text messaging, online – via our HCRG Care Group website and paper questionnaires/feedback forms. |
|
SMS Text Message Reminder Service: We provide a text messaging reminder service which automatically sends SMS messages to remind you of your appointments with us. We will not send any information which is not related to your direct care, and you have the option to opt out of this service if you wish by contacting the team you are in contact with. |
| Invoice Validation:
Invoice validation enables us to identify which ICB is responsible for paying for your treatment. Section 251 of the NHS Act 2006 provides a statutory legal basis to process data for invoice validation purposes and uses your NHS number to validate payment. We can also use your NHS number to check whether your care has been funded through specialist commissioning, which NHS England will pay for. The process makes sure that the organisations providing your care are paid correctly. For further information please see: NHS Digital – how we use your information for invoice validation |
| Your Summary Care Record:
Your Summary Care Record is a short summary of your GP medical records. It tells other health and care staff who care for you about the medicines you take and your allergies. This means they can give you better care if you need health care away from your usual doctor’s surgery:
§ In an emergency. § When you’re on holiday. § When your surgery is closed. § At out-patient clinics. § When you visit a pharmacy.
Staff will ask your permission to look at your SCR (except in an emergency where you are unconscious, for example) and only staff with the right levels of security clearance can access the system. SCRs improve care, but if you don’t want to have one you can opt out. Tell your GP or fill in a SCR Opt-out form and give it to your GP Practice. |
| CCTV:
We have installed CCTV systems in our premises for the purposes of public and staff safety and crime and prevention and detection. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for further information. Images captured by CCTV will be deleted 30 days after the CCTV footage was taken. However, on occasions there may need to be a need to keep images for longer, for example where a crime is being investigated. You have the right to see CCTV images of yourself and be provided with a copy of the images. We will only disclose images to authorised bodies such as the police, who intend to use it for the purposes stated above. Please see Section 8 for details of how to request a copy of your information. |
| Call Recordings:
We may record telephone calls you make to our service for training and monitoring purposes. If this is the case, you will be informed via an automated message. The recording would include any personal information you provide to us during your call, such as your name and date of birth, as well as any information relating to your care. Any recordings made are automatically deleted after one year. Please see Section 8 for details of how to request a copy of your information. |
We may share your information for the purpose of providing you with care, or another lawful reason, with our partners and other recipients. This could include the prevention or detection of fraud. We work in partnership with our commissioners and other health and care providers. These may include:
Your information is stored in secure locations and only accessible on a need-to-know basis. These include:
We will keep your healthcare records in accordance with the NHS Records Management Code of Practice for Health and Social Care.
Please note that due to a legal hold on the destruction of records by NHS England, we are currently not destroying records that have reached their retention period. This is to support ongoing statutory public inquiries including:
UK data protection laws provide you with the following rights:
| The right to be informed | As a data controller, we are obliged to provide understandable and transparent information about the way we process your data (this is provided by our privacy policy) |
| The right of access | You are entitled to request a copy of the personal data we hold about you. |
| The right to rectification | You are entitled to request changes to information if it is inaccurate or incomplete. |
| The right to erasure | Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. |
| The right to restrict processing | Under certain circumstances, you may ask us to stop processing your personal data. We will still hold the data but will not process it any further. |
| The right to data portability | Subject to certain conditions, you may request a copy of your personal data to be transferred to another organisation. |
| The right to object to processing | You have the right to object to our processing of your data where:
§ Processing is based on legitimate interest. § Processing involves automated decision-making and profiling. § Processing would be for a purpose beyond your care and treatment, e.g., direct marketing and scientific or historic research. You can opt-out to the sharing of this information under the National Data Opt-Out. Further information can be found on the following website: |
Please note that the above rights may not apply in all circumstances, but we will respond within a month of any requests. If you have any questions or concerns about the information we hold on you, please contact our Data Protection Officer.
How to request a copy of your information:
Please email the Access to Records Team accesstorecordsteam@hcrgcaregroup.com or write to us at The Heath Business Park, Runcorn, Cheshire, WA7 4QX.
Keep us updated of any changes:
Please let us know if you change your address or contact details etc. so that we can keep your information accurate and up to date.
In the event of the contract with the service and HCRG Care Group coming to an end, all relevant documentation and records will be transferred to the new provider (s).
The transfer of records will be conducted in accordance with the current UK Data Protection Law.
We will update this privacy notice from time to time to reflect any changes to our ways of working.
Date privacy notice last updated: March 2025.
