General
This Website is owned and operated by GP Matters Limited, a limited company incorporated under the Companies Act with Company Registration No.SC424457 and having its registered office address at 5 Park Gate, Glasgow, G3 6DL.

For the purposes of these Terms and Conditions “We”, “Our” and “Us” refers to GP Matters Limited. Please review these Terms and Conditions carefully before using this Website. Your use of this Website indicates your agreement to be bound by these Terms and Conditions.

Data protection
Any personal information you supply to us when you use this Website will be used in accordance with our privacy policy.

Terms of use – Basis of use of website
In using this website you agree that you have read and understood these terms and conditions and you agree to them. If you do not agree to these terms and conditions you are not authorised to use this website.

Your use of the website
You agree that your use of the website shall be in accordance with the following conditions. You will not express opinions that are vulgar, crude, racist, sexist or otherwise offensive.

You will not submit to the website or to any associated online platforms owned by GP Matters Limited any message, e-mail or other communication that contains material which does not belong to you without the owner’s express permission or which contains information that to the best of your knowledge is untrue, incorrect or misleading.

Third party websites
We accept no liability or responsibility for the information services or content of third party websites which are linked to this website. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Our warranty
Although we have taken all reasonable care to make sure that the information available on this website is correct, we are providing this website on an “as is” basis. We make no representation or warranty of any kind regarding the information contained on this website. The information on this website may be inaccurate, incorrect, incomplete, out of date, or unsuitable for any purpose. You must check all such information with us before you take any action in reliance upon it.

Our liability to you
On condition of us allowing you free access to the material on this website you accept that we shall not be liable for any loss or damage caused directly or indirectly by your reliance on the information on this website except to the extent we are unable to do so by law. This is a comprehensive exclusion of liability and includes all losses, damages, costs and expenses of any kind including loss of profit, economic loss, loss of goodwill and all and any direct, indirect or consequential loss of any kind. The exclusions and restrictions of liability contained in these terms and conditions are considered reasonable by you.

Intellectual property
All copyright, trademarks and other intellectual property rights in all material or content in this website shall at all times remain our property or that of our licensors. You are allowed to use this material and content of the website as expressly authorised by us or our licensee. You may not copy, modify, distribute, reproduce, transmit, license, publish, use or resell the information or incorporate into any other work, part or all of the material available on the website in any form except that you may:

Print or download extracts of the material on this website for your personal non-commercial use.
Copy the material on this website for the purpose of sending to individual third parties for their personal non-commercial information, provided that you acknowledge us as the source of the material and that you inform the third parties that these conditions apply to them and that they must comply with them. You will notify us immediately, if you become aware that any third party infringes our intellectual property rights.

General
Each of the provisions contained in these terms and conditions shall be construed as being independent of every other and if any provision contained in the terms and conditions is determined to be invalid or unenforceable pursuant to applicable law including, but not limited to the limitations on liability, such determination shall not affect the validity of the remainder of the terms and conditions which shall continue in effect.

Our website is operated and controlled from the United Kingdom and these terms and conditions and your use of this website are governed by and construed in accordance with the laws of Scotland. 

Our website uses cookies to distinguish you from other users of our site(s). This helps us to provide you with a good experience when you browse our website and also allows us to improve our site(s). 

Cookies
A cookie is a small data file that certain web sites write to your hard drive when you visit them. The only personal information a cookie can obtain is information a user supplies him or herself. A cookie cannot read data from your hard disk or read cookie files created by other sites. Cookies, however, enhance our web site performance in several ways, including providing a secure way for us to verify your identity during your visit to our web site and personalising your experience on our site, making it more convenient for you. This web site uses the following cookie types so that we can serve you better.

Functionality or strictly necessary cookies
These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) to provide an enhanced, more personal experience. For instance, remembering a choice such as not to be asked again to fill in a questionnaire or user poll, or fulfilling a request by the user such as submitting a comment. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. This site uses:

– PHPSESSID: This cookie is automatically created via PHP when a session is in use on the site.

– ASP.NET_SessionId – This is a session cookie and allows for the maintenance of the online journey.

– SecureToken – a session cookie used for the secure maintenance of a signed-in customer.

Performance cookies
These cookies collect anonymous information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. Any data collected is limited to the website operator’s use only, for managing the performance and design of the site. These cookies can be third party cookies but the information must be for the exclusive use of the publisher of the website visited. This site uses:

Google’s cookies for analytics and for conversion tracking. As follows:

__utma

This cookie is typically written to the browser upon the first visit to our site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to our site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure. This cookie expires 2 years from set/update.

__utmb

This cookie is used to establish and continue a user session on our site. When a user views a page on our site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on our site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on our site for longer than 30 minutes.

• Google Conversion tracking
The conversion tracking cookie is set on your browser only when you click an ad delivered by Google where the advertiser has opted in to conversion tracking. These cookies expire within 30 days and do not contain information that can identify you personally. If this cookie has not yet expired when you visit certain pages of the advertiser’s website, Google and the advertiser will be able to tell that you clicked the ad and proceeded to that page. Each advertiser gets a different cookie, so no cookie can be tracked across advertiser websites. If you want to disable conversion tracking cookies, you can set your browser to block cookies from the googleadservices.com domain.

• DoubleClick tracking
We may, from time to time, use the Google DoubleClick cookie to allow us to implement Google Display Network impression reporting which reports display advertisement impressions, other uses of ad services and interactions with these ad impressions and ad services which are related to our websites.

We also have implemented Google Analytics Demographics and Interest reporting which reports 3rd-party audience data (such as anonymised age, gender and interests) within Google Analytics. You can manage how Google manages this information and “opt out” from data collection at Google Ads Preferences Manager.

Why do we need to use these cookies?

We use the information we obtain from our cookies for the following:

• Website usage and analytics
• To track your journey from page to page to enable the booking and payment process to function
• Tracking transactions to measure the effectiveness of search and marketing campaigns

Other third-party cookies and Targeting cookies
A cookie is classed as being first party if it is set by the site being visited. However, a third party cookie is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor’s viewing habits or for analytical purposes. For example, when visiting a page with content embedded from YouTube, Google or Facebook. These service providers may set their own cookies on your web browser. Such anonymous cookies may be set by that third party to track the success of their application or to customise their application to you.

Targeting cookies are used to deliver adverts more relevant to you and your interests. They collect information about your browsing habits and are linked to services provided by third parties, such as ‘like’ and ‘share’ buttons and advertisements. We may use targeting cookies to send third party partners of GP Matters Limited information on your visit so that they can make our advertising more relevant to you when you visit their websites. An example of such a third party partner would be Facebook. Online Targeted Advertising does not result in more ads, rather the ads you see will be more relevant to you.

Blocking and deleting cookies
Should you wish to do so, you can refuse cookies by disabling them in your web browser’s settings. If this is done it is important not to exclude the benign and useful session cookies. Choose an option that rejects all third-party cookies such as Do Not Track (DNT), which can be enabled in your browser. Please note that this may impact on the usability of ours and other websites.

Most browsers are defaulted to accept and maintain cookies and you can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it or not.Please consult the support documentation for your web browser, which can be found online, for more information.

Contact
Questions, comments and requests regarding this privacy and cookie policy are welcomed and should be addressed to: info@gpmatters.com

Data Protection Compliance Policy
This Data Protection Compliance Policy sets out the steps taken by GP Matters Limited to ensure that its data processing practices are in accordance with UK data protection law. GP Matters Limited acknowledges that the personal data it processes is, and shall remain, the property of the Client/Patient. Upon termination of the contractual relationship with the Client/Patient, GP Matters Limited (or other properly appointed responsible agent) will continue to hold the personal data on behalf of the Client/Patient. The Client/Patient reserves the rights to access their personal data in accordance with this data protection statement at any time. Personal data will not be given to any other third parties for any purpose. GP Matters Limited has in place appropriate technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, loss, damage or disclosure of personal data and adequate security programmes and procedures to ensure that unauthorised persons do not have access to personal data or to any equipment used to process personal data. GP Matters Limited provides individuals (including the Client/Patient HR) with the right of access, rectification, blocking, erasure and/or destruction available to such individuals under the applicable data protection laws in the UK. GP Matters Limited acknowledges that the personal data it processes is, and shall remain; the property of the Client/Patient and it will return to the Client/Patient all copies of the relevant data upon termination of the contractual relationship with them as and when requested.

GDPR May 2018
The EU General Data Protection Regulation (GDPR) becomes enacted on the 25th May 2018 and will standardise data privacy and protection laws across Europe. The UK government is equally committed to this process. As a result, there may be some further fine tuning of this process following on from the Brexit transition. It will also affect companies outside of Europe as it applies to any entity that processes personal data tied to offering goods and services to, or monitoring behaviour of, European data subjects. The GDPR has implications for all healthcare service operators; with in the NHS and Private sectors.

GP Matters Limited is very much aware of its obligations as a data processor under the GDPR and we are committed to discharging these obligations in a robust and professional manner. All the activities here at GP Matters Limited remain underpinned by the same ongoing obligations regarding patient and client confidentiality and always remain an essential part of the core “duties of a doctor” and there are high expectations which are also enforceable by our professional body (General Medical Council) and this will continue in the same vein. This applies to Occupational Health (business to business) related activities just as much as it does for ordinary private GP services. As part and parcel of our ongoing GDPR compliance efforts we will continue to review, improve, refine and document our security measures to protect any of our patients and clients against any unauthorised access, use or disclosure of the content we protect. As well as providing direct private patient care, GP Matters Limited also provides occupational and Company medical services on behalf of third party employers and it is important that all service users and agents have confidence in all aspects of our service and the data that we must process to effectively do so.

The medical director (Dr Carole McAlister) is the Data Controller for GP Matters Limited and will remain so and he will also be primarily responsible for dealing with any of the measures required to facilitate best practice and all related data/GDPR matters and taking full cognisance of the newly emerging legislation. Dr McAlister also welcomes any informal or other feedback about any of these statements and how they are interpreted by others (info@gpmatters.com). Furthermore, as part of our extensive obligations to the inspectorate here in Scotland (Healthcare Improvement Scotland) all policies (including those relating to data processing and the GDPR) are assessed and monitored by them for appropriate compliance.

What GDPR will mean for patients/staff?
Your data:
• Must be processed lawfully, fairly and transparently.
• Collected only for specific, explicit and legitimate purposes.
• Must be limited to what is necessary for the purposes for which it is processed.
• Must be accurate and kept up to date.
• Must be held securely.
• It can only be retained for as long as is necessary for the reasons it was collected.

Patients/staff rights:
• Being informed about how their data is used.
• To have access to their own data.
• To ask to have incorrect information changed.
• To restrict how their data is used.
• Move their patients/staff data from one organisation to another.
• To object to their personal information being processed (in certain circumstances).

The GDPR will supersede the current Data Protection Act (DPA).It is like the Data Protection Act (DPA) 1998, with which GP Matters Limited already fully complies with: but further strengthens many of the DPA’s principles.

The main changes are:
• The Practice must comply with Subject Access Requests (see appendix 1 – below) – a written signed request from an individual to see what information is held about them – like where we require your consent to process data. This must be freely given, specific, informed and unambiguous.
• New special protection for personal data.
• The Information Commissioner’s Office must be notified within 72 hours of a data breach.
• Higher fines for data breaches.

There is a lot of guidance available on line to explain all these issues in much greater detail. The Information Commissioners Office website is generally highly informative and very reliable: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Information for individuals is also available there; for example, a subject access request SAR) can be read about at: https://ico.org.uk/for-the-public/personal-information (or ask GP Matters Limited reception/(see appendix 1 – below).

Existing patients and clients of GP Matters Limited are very welcome to make direct contact with us at any time to make any kind of enquiry about their existing data and how this is stored/protected. Every effort will be made to reply to you as quickly as possible but initially, all queries will be dealt with only by the Medical Director. Thank-you for your forbearance and be rest assured, that for most of services provided by GP Matters Limited; business and service will essentially continue along the same lines.
We will in due course be asking all existing users coming back for future appointments to review our new patient form (also on the website) and re-sign a copy for their GP Matters Limited records: to update and refresh this professional service ‘relationship’.
Thank-you.

Daniel Diez 19th November, 2018
Practice Manager

Privacy Notice for patients
Further information on the Privacy Notice for Patients can be found on this webpage or by request (please email info@gpmatters.com) .

Security Policy
GP Matters Limited has in place and undertakes to maintain appropriate technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, loss, damage or disclosure of data. Likewise, adequate security programs and procedures are in place to ensure that unauthorised persons do not have access to the data or to any equipment used to process the data.




Appendix 1
General Data Protection Regulation 2016 (GDPR)


Subject Access Request Form
The General Data Protection Regulation (GDPR) gives people the right to know what personal information an organisation has about them. To use this right, you can make what is known as a ‘subject access request’.

Only the following people may apply for access to personal information.
• The person who the information is about.
• Someone acting on behalf of the person who the information is about.

You have a right to know whether or not we have any information about you, and a right to have a copy of that information. You have a right to know the following.

• What kind of information we keep about you.
• The reason we are keeping it and how we use it.
• Who gave us your information
• Who we might share your information with and who might see your information.

You also have the right to have any codes or jargon in the information explained. You won’t be able to see information that could:

• Cause serious harm to your physical or mental health, or anyone else’s
• Identify another person (except members of NHS clinical staff who have treated the patient) unless that person gives their permission.

If you need any more advice about your rights under the General Data Protection Regulation, please contact the GP Matters Data Protection Officer or, you can contact the Information Commissioner’s Office:

Data Protection Officer, Medical Director: Dr Carole McAlister, GP Matters, 24 Buckingham Terrace, Glasgow G12 8ED, tel 0141 7373 289, email: info@gpmatters.com

The Information Commissioner’s Office – Scotland 45 Melville Street Edinburgh EH3 7JL. Phone: 0131 244 9001 Email: Scotland@ico.org.uk

Fee
Data will be provided free of charge. There may be a charge of a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
A reasonable fee may occur when complying with requests for further copies of the same information. This does not mean that there will be a charge for all subsequent access requests.
The fee must be based on the administrative cost of providing the information.

Response time
We will deal with your request as quickly as possible and within 30 days of receiving your request. If we have any problems getting your information we will keep you up to date on our progress.

How long records are kept
The usual rules to do with keeping records are that:
• GP Matters records are kept for 20 years after last contact
• maternity records are kept for 25 years after the birth of the last child;
• children’s and young people’s records are kept until the child’s or young person’s 25th birthday;
• mental-health records are kept for 20 years after the date of the last contact.
This may help you in considering what types of records you are applying to see.

Points to consider
Making false or misleading statements to access personal information which you are not entitled to is a criminal offence.
Accessing health records and information is an important matter. Releasing information may in certain circumstances cause distress. You may want to speak to an appropriate health professional before filling in the form below.

For the purpose of the Data Protection Act 1998 (the Act), GP Matters is fully registered with the Information Commissioner’s Office (ICO Ref ZA487876) and the Medical Director, Dr Carole McAlister is the Data Protection Officer.
GP Matters Limited, is a limited company incorporated under the Companies Act with Company Registration No. SC424457 and having its registered office address at 5 Park Gate, Glasgow, G3 6DL. 


WHAT IS A PRIVACY NOTICE?
A Privacy Notice (or ‘Fair Processing Notice’) is an explanation of what information the Practice collects on patients, and how it is used. Being transparent and providing clear information to patients about how a Practice uses their personal data is an essential requirement of the Data Protection Act (DPA) 1998. This is being added to by the GDPR and new DPA 2018.

Under the DPA/GDPR, the first principle is to process personal data in a fair and lawful manner and applies to everything that is done with patient’s personal information. In practice, this means that the Practice must;
• Have legitimate reasons for the use or collection of personal data
• Not use the data in a way that may cause adverse effects on the individuals (e.g. Improper sharing of their information with 3rd Parties)
• Be transparent about how you the data will be used, and give appropriate privacy notices when collecting their personal data
• Handle personal data only as reasonably expected to do so
• Make no unlawful use of the collected data


FAIR PROCESSING
Personal data must be processed in a fair manner – the DPA says that information should be treated as being obtained fairly if it is provided by a person who is legally authorized or required to provide it. Fair Processing means that the Practice must be clear and open with people about how their information is used.
Providing a ‘Privacy Notice’ is a way of stating the Practice’s commitment to being transparent and is a part of fair processing, however you also need to consider the effects of processing on the individuals and patients concerned;

• What information are we collecting?
• Who collects the data?
• How is it collected?
• Why do we collect it?
• How will we use the data?
• Who will we share it with?
• What is the effect on the individuals?
• If we use it as intended, will it cause individuals to object or complain?

Conducting a Privacy Impact Assessment is an effective way of assessing whether you can safely collect or use patient data according to the DPA and Information Governance requirements.


DATA CONTROLLERS
Under the Data Protection Act, the data controller is the person or organization that will decide the purpose and the manner in which any personal data will be processed – they have overall control of the data they collect and decide how and why it will be processed.

A GP Practice is a data controller for the patient information it collects and should already have data processing arrangements with third parties (e.g. IT systems providers) to ensure they do not use or access data unlawfully; the data controllers will have ultimate responsibility for the Practices’ compliance with the DPA. The data controller for GP Matters is the Medical Director (Dr Carole McAlister)


RISK STRATIFICATION
As GP Matters is an entirely private provider, no information is gathered routinely and shared with NHS with respect to identifying those patients at higher risk of needing secondary care within hospitals etc. This is a provision undertaken ONLY by NHS GP services.


INVOICE VALIDATIONS
Personal information may be shared within a secure and confidential environment to determine which person/body/insurer should pay for the treatment received. This means sharing identifiable information such as name, address, date of treatment etc. to enable the billing process.


PARTNER ORGANISATIONS
If the Practice shares information with any external organisations (within or outside the NHS), then it should let patients know by listing them. Partner organisations will usually include Private Hospital providers; healthcare professionals and NHS organisations (hospitals/NHS GP services etc.)


ACCESS TO PERSONAL INFORMATION
The DPA gives patients the right to view any information held about them – the ‘Right of Subject Access’. GP Matters is fully registered with the Information Commissioner’s Office (ICO Ref ZA487876).


HOW WE USE YOUR INFORMATION
This privacy notice explains why we as a Practice collect information about our patients and how we use that information.
GP Matters manages patient information in accordance with existing laws and with guidance from organisations that govern the provision of healthcare in Scotland/UK such as the Department of Health/NHS Scotland, Healthcare Improvement Scotland and the General Medical Council.
We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

• Data Protection Act and GDPR 2018.
• Human Rights Act 1998
• Common Law Duty of Confidentiality
• Health and Social Care Act 2012
• NHS Codes of Confidentiality and Information Security

As data controllers, GPs have fair processing responsibilities under the Data Protection Act 2018. In practice, this means ensuring that your personal confidential data (PCD) is handled clearly and transparently, and in a reasonably expected way.

The Health and Social Care Act 2012 changed the way that personal confidential data is processed, therefore it is important that our patients are aware of and understand these changes, and that you have an opportunity to object and know how to do so.

The health care professionals who provide you with care maintain records about your health and any treatment or care you have received (e.g. Private/NHS Hospital Trust, GP Surgery, Walk-in clinic, etc.). These records help to provide you with the best possible healthcare. We are not routinely given information from the NHS unless we have instigated a referral on your behalf or have your explicit consent to seek that data under specific circumstances.

Private/NHS health records may be processed electronically, on paper or a mixture of both; a combination of working practices and technology are used to ensure that your information is kept confidential and secure. Records held by this GP practice may include the following information:

• Details about you, such as address and next of kin
• Any contact the practice has had with you, including appointments (emergency or scheduled), clinic visits, etc.
• Notes and reports about your health
• Details about treatment and care received
• Results of investigations, such as laboratory tests, x-rays, etc. Consultant reports/letters and outcome reports from a wide variety of allied healthcare professionals
• Relevant information from other health professionals, relatives or those who care for you

GP Matters collects and holds data for the sole purpose of providing healthcare services to our patients and we will ensure that the information is kept confidential. However, we can disclose personal information if:

a) It is required by law
b) You provide consent – either implicitly for the sake of your own care, or explicitly for other purposes
c) It is exceptionally justified to be in the public interest

A patient can object to their personal information being shared with other health care providers but if this limits the treatment that you can receive then the doctor will explain this to you at the time.


MOBILE TELEPHONE
If you provide us with your mobile phone number, we may use this to send/text you reminders about any appointments or other health screening information being carried out.

Our Website may use cookies to optimise your experience:.
Using this feature means that you agree to the use of cookies as required by the EU Data Protection Directive 95/46/EC/ GDPR.


RISK STRATIFICATION
Risk stratification is a process for identifying and managing patients who are at high risk of requiring emergency or urgent care. This is a routine provision within NHS general practice but not so for GP Matters (being exclusively private). However, if a new ‘eligible’ condition such as Cancer or Diabetes is identified, the doctor here will discuss (with you) having this notified (as part of any general data sharing/ updates with NHS GP) with the appropriate NHS body so that you may be in a better position to avail yourself of subsequent/future care within the NHS system.


INVOICE VALIDATION
Information such as your name, address and date of treatment may be passed on to enable the billing process - these details are held in a secure environment and kept confidential. This information will only be used to validate invoices and will not be shared for any further commissioning or other purposes.


HOW DO WE MAINTAIN THE CONFIDENTIALITY OF YOUR RECORDS?
We are committed to protecting your privacy and will only use information collected lawfully in accordance with the Data Protection Act 2018 (which is overseen by the Information Commissioner’s Office), Human Rights Act, the Common Law Duty of Confidentiality, and the NHS Codes of Confidentiality and Security. Every staff member who works for GP Matters or any of its partner organizations has a legal obligation to maintain the confidentiality of patient information.

All of our staff, contractors and committee members receive appropriate and regular training to ensure they are aware of their personal responsibilities and have legal and contractual obligations to uphold confidentiality, enforceable through disciplinary procedures. Only a limited number of authorised staff have access to personal information where it is appropriate to their role and is strictly on a need-to-know basis.

We maintain our duty of confidentiality to you at all times. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations), or where the law requires information to be passed on.


WHO ARE OUR PARTNER ORGANISATIONS?
We may also have to share your information, subject to strict agreements on how it will be used, with the following organisations:
• Private Hospital Providers (BMI ROSS HALL / NUFFIELD for example) inpatient and outpatient care
• Health Insurers (e.g. BUPA/WPA, PPP, AVIVA…)
• NHS Trusts • Specialist Trusts
• Independent Contractors such as dentists, opticians, pharmacists, psychologists and other certified allied healthcare practitioners.
• Voluntary Sector Providers (rarely and only if requested by client/patient)
• Ambulance Trusts (exceptional and rare circumstances)
• Social Care Services (as above)
• Education Services (as above and only as a result of patient/client request)
• Fire and Rescue Services (exceptional safety critical issues)
• Police


ACCESS TO PERSONAL INFORMATION
You have a right under the Data Protection Act 2018 to access/view information the practice holds about you, and to have it amended or removed should it be inaccurate. This is known as ‘the right of subject access’. If we do hold information about you, we will:
• Give you a description of it
• Tell you why we are holding it
• Tell you who it could be disclosed to
• Let you have a copy of the information in an intelligible form

If you would like to make a ‘subject access request=SAR’, please contact GP Matters in writing. There may be a charge for this service. (You can also ask reception to email/post you a copy of explanatory SAR information)

The practice is registered as a data controller under the Data Protection Act. The registration number is ZA487876 and can be viewed on-line in the public register at http://www.ico.gov.uk/


CHANGE OF DETAILS
It is important that you tell the person treating you if any of your details such as your name or address have changed or if any of your details such as date of birth is incorrect in order for this to be amended. You have a responsibility to inform us of any changes so our records are accurate and up to date for you.


NOTIFICATION
The Data Protection Act requires organisations to register a notification with the Information Commissioner to describe the purposes for which they process personal and sensitive information. This information is publicly available on the Information Commissioners Office website www.ico.org.uk. GP Matters is registered with the Information Commissioners Office (ICO).


WHO IS THE DATA CONTROLLER?
The Data Controller, responsible for keeping your information secure and confidential is Dr Carole McAlister (Medical Director). Any changes to this notice will be published on our website and displayed in prominent notices at GP Matters.


FURTHER INFORMATION AVAILABLE:
1. www.ico.org.uk (information commissioner’s office)
2. www.gmc-uk.org (General Medical Council; regulatory body for all doctors: ethical guidanceetc.)
3. http://www.healthcareimprovementscotland.org (care regulator and inspector inScotland)   

Out Of Hours
Glasgow Emergency Medical Services (GEMS) AND NHS 24
If a patient requires medical advice or treatment outwith normal surgery hours, AND WHICH WILL NOT WAIT UNTIL THE SURGERY REOPENS, please telephone 211 6210 or 211 6220, which will connect you with NHS 24. NHS 24 is a Scottish-wide service provided by NHS Scotland. If you prefer, you may also contact NHS 24 directly by telephoning 111, or visit their website on www.nhs24.com.
You will speak to trained and experienced NHS 24 staff who will ask you a series of questions about your problem. You will then either be offered advice where appropriate, invited to attend an emergency centre, or a house visit will be arranged for you. If necessary, transport to and from the emergency centre is available. Please remember that the emergency centres are not intended to be used as 'drop in' centres and you should always telephone first.

GP Matters Complaints Policy
We always try to give the best service possible, but there may be times when you feel that this has not happened. This leaflet explains what will happen if you have a complaint about the service we provide for you. We hope that most problems can be sorted out quickly and easily, often at the time when they arise and with the person concerned. If the problem cannot be sorted out in this way and you wish to make a complaint, we would like you to let us know as soon as possible, ideally within a matter of days or at the most a few weeks, as this will enable us to establish what happened more easily.

Who can make a complaint?
Complaints may be made by:
• anyone directly affected by the way GP Matters Limited has carried out its functions.
• anyone acting directly on such a person’s behalf (for example, parent, guardian, carer, advocate, other relative or the executor of an estate).
• anyone having reasonable concern about the way GP Matters Limited service is being provided. 

If you would like to make a complaint
Healthcare Improvement Scotland is the organisation regulating independent healthcare services in Scotland. Our service users can complain at any time to Healthcare Improvement Scotland at the address below (either in writing, by telephone or in person).

Healthcare Improvement Scotland
Independent Healthcare Team
Gyle Square
1 South Gyle Crescent
Edinburgh
EH12 9EB

T: 0131 623 4342
E: hcis.clinicregulation@nhs.net

Complaints Procedure If you would like to make a complaint
We would hope that we would be able to discuss and treat the majority of complaints inhouse and you can contact the practice manager through one of the following channels:

Write:  GP Matters, 24 Buckingham Terrace, Glasgow, G12 8ED

Tel: 0141 7373 289

E-mail: info@gpmatters.com

Confidentiality
We have to respect the rules of medical confidentiality and a patient’s written consent will be necessary if a complaint is not made by the patient in person.

Acknowledgement
Upon receipt of your complaint, we shall send you an acknowledgement letter within two working days. We hope that if you have an issue, you will use our practice complaints procedure as we believe this will give us the best chance of putting right whatever has gone wrong. However, this does not affect your right to complain to the appropriate authority if you feel that you cannot raise your complaint with us or you are dissatisfied with the result of the investigation.

Discrimination
It is against the law for private healthcare providers to discriminate against you, for example, because of your age, sex, sexual orientation, race, disability or religion. If you feel you have been discriminated against, you can complain about this. For more information, please look on the website of the Equality and Human Rights Commission at www.equalityhumanrights.com