Patient Privacy Statement

General Data Protection Regulation (GDPR) – How your information will be used

1. As one of your health and social care providers, the Claypath and University Medical Group needs to keep and process information about you for normal  health care purposes.

The information we hold and process will be used for our management and administrative use only. We will keep and use it to provide health care and
manage our relationship with you effectively, lawfully and appropriately, during your registration, whilst you are under our care, and at the time when you have been discharged or are no longer under our care. This includes using information to enable us to comply with any service/performance contracts, to comply with any legal requirements, to pursue the legitimate interests of the practice and to protect our legal position in the event of legal proceedings.

If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.

2.  As a business we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, for administrative purposes or to manage your health care. We will never process your data where these interests are overridden by your own interests.

3.  Much of the information we hold will have been provided by you, but some may come from other internal sources, such as clinical and administrative staff, or in some cases, external sources, such as other health and social care providers.

4.  The sort of information we hold includes your contact details, your medical records; correspondence with or about you, for example information from other health and social care providers, medications; records of appointments, visits and other attendances.

5.  Where we record or process special categories of information relating to your health and social care records, racial or ethnic origin, religious, biometric data or sexual orientation, we will always obtain your explicit consent to those activities unless this is required by law or the information is required to provide healthcare.

6.  Where we are processing data based on your consent, you have the right to withdraw that consent at any time.

7.  We may record computer and telephone/mobile telephone contacts.

8.  Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to other providers where it is required by law.

9.  We may transfer information about you to other health and social care providers for purposes connected with your healthcare or the management of our practice business. This can include commissioning bodies, hospital trusts, health and social care services, as well as certain third-party data processors as necessary to deliver our services to you. These third-party data processors are strictly controlled and are only allowed to use your data in ways that are specified by us. If you wish to receive a complete list of these data processors, you may make a request to us at any time.

10. Your personal data will be stored only for as long as we require it in relation to the purpose for which it was collected and/or processed.

11. If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

12.  Your rights

  • Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data. You also have the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
  • If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
  • You have the right to lodge a complaint to the Information Commissioner’s Office if you believe that we have not complied with the requirements of the GDPR with regard to your personal data.

13.  Identity and contacts details of data controller and data protection officer

The Claypath and University Medical Group acts as the controller and processor of data for the purposes of GDPR.

If you have any concerns as to how your data is processed you should contact the practice Data Protection Officer who for the purposes of GDPR is: Andrew Dowson

Andrew can be contacted on: or you can write to him at:
Andrew Dowson, Business Intelligence Manager & Data Protection Officer
Durham Dales Health Federation
Innovation House
27 Longfield Road
South Church
Bishop Auckland
DL14 6XB
Tel: 01388 665910

14. See this additional supplementary privacy notice related to COVID-19

15. See this additional supplementary privacy notice related to General Practice Data for Planning and Research 

4 June, 2018
(revised 26 May 2021)
(revised 28 April, 2023)

Last modified: June 16, 2023