Important - The Practice will be closed on Good Friday and Easter Monday. Please note PATCHS is only available during surgery opening hours and will NOT be seen by a GP over a weekend, bank holiday or evenings If you require medical attention when the surgery is closed please ring 111 or visit 111.nhs.uk If you have a life-threatening emergency please ring 999
1-2 Roman Road, Prenton, Wirral, CH43 3DB
We're open
Please wear a face covering if you visit your GP practice Our Practice Supports Clinical Research Introducing Florence Wirral’s new sexual health service for young people Easter Bank Holidays – When We Are Closed Spider Project Spring Newsletter Measles: Know the Symptoms Surgery Closed Wednesday 7th Feb Pharmacy First Christmas and New Year Surgery Opening Time 2023-24 Children in Need – Wellbeing Walk
This agreement is considered to be agreed upon signing of the Contract for Services between the Practice (acting as the Data Controller) and SurgeryWeb (the Supplier acting as the Data Processor on behalf of the Data Controller).
The Practice (as Data Controller) wishes to subcontract certain services which require the processing of personal data to SurgeryWeb (as Data Processor).
Both the Practice and SurgeryWeb shall comply with all applicable Data Protection Laws in the processing of the Practices personal data. The personal data to be processed includes (but is not limited to) Patient name, Date of Birth, Sex, Gender, Racial/Ethnic Origin, Address, Postcode, Telephone number, Email address, NHS number and relevant health data.
The Practice instructs SurgeryWeb to process this personal data where necessary to deliver the services provided by them. The processing required and purposes are listed below.
SurgeryWeb shall not process personal data for other purposes other than on the relevant Practices instructions. SurgeryWeb shall process personal data for the duration of the contract between the Practice and the supplier.
SurgeryWeb will not appoint or share any personal data with any subcontracted processor unless authorised by the Practice. SurgeryWeb shall ensure that any subcontracted processor has implemented appropriate measures to ensure a level of security to the risk of a personal data breach as required by UK GDPR.
Sub-processor | Personal data | Subject | Purpose | Additional Information |
---|---|---|---|---|
Amazon SES | Name, Email | NHS Patients, NHS Staff | Emailing patients and NHS staff | Amazon Web Services commitment to GDPR |
Catalyst2 | Name, Date of Birth, Sex, Gender, Racial/Ethnic Origin, Address, Postcode, Telephone number, Email address, NHS number and relevant health data, documents, photographs. | SurgeryWeb customers, NHS Patients, NHS Staff | Web hosting, Storage and transmission | Catalyst2 Privacy Policy |
Dropbox | Name, Date of Birth, Sex, Gender, Racial/Ethnic Origin, Address, Postcode, Telephone number, Email address, NHS number and relevant health data, documents, photographs. | SurgeryWeb customers, NHS Patients, NHS Staff | Storage of Data backups, retained for maximum of 2 weeks | Dropbox GDPR Compliance |
All personal data is encrypted to NHS encryption standards. All personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for while the data is processed.
SurgeryWeb stores encrypted backups in a UK based data centre which auto-delete after a maximum of 2 weeks and is only accessible to authorised staff.
SurgeryWeb will notify the Practice (Data Controller) within 2 working days if a request from a Data Subject is received in respect of personal data and will not respond to the request unless instructed to by the Practice.
SurgeryWeb will notify the Practice (Data Controller) without delay upon becoming aware of a personal data breach affecting personal data, providing the Practice with sufficient information to allow them to meet any obligations to report or inform Data Subjects of the breach under Data Protection Laws.
SurgeryWeb will co-operate with the Practice and take reasonable steps to assist in the investigation, mitigation and remediation of each breach.
SurgeryWeb has adopted retention periods for personal data of 2 weeks (14 days) for data backups and 3 years for data held on servers.