Privacy Notice

INTRODUCTION 

This Privacy Notice explains how West Mendip Primary Care Network (PCN) collects, uses, shares, and protects your personal information when you visit our website or interact with us online. 

We are committed to protecting your privacy and handling your information in a transparent and secure way, in accordance with UK data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. 

 

WHO WE ARE 

West Mendip Primary Care Network is a group of GP practices working together to deliver primary care services to our local population. 

Data Controller: West Mendip Primary Care Network 

PCN Address: Vine Health Suites, Hindhayes Lane, Street, Somerset BA16 0ET 

Email: somicb.westmendippcn.backoffice@nhs.net 

Telephone: 01458 553 025 

 

WHAT INFORMATION WE COLLECT 

When you use our website, we may collect the following types of information: 

  • Personal details you choose to provide, such as your name, email address, or message content (for example, via contact forms) 
  • Technical information, including IP address, browser type, operating system, and pages visited 
  • Information collected through cookies (see Cookies section below) 

We do not collect personal confidential medical information through our website. 

 

HOW WE USE YOUR INFORMATION 

The information collected about you when you use our services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with: 

  • Respond to enquiries or requests you submit via the website 
  • Improve the performance, content, and usability of our website 
  • Monitor website usage for security and statistical purposes 
  • Comply with legal and regulatory obligations, investigating fraud 
  • improving the quality and standards of care 
  • research into the development of new treatments 
  • preventing illness and diseases 
  • monitoring safety 
  • planning new services 
  • public health screening 
  • assisting the Care Quality Commission with any investigations 

Wherever possible data used for these purposes is anonymised so that you cannot be identified.  If information cannot be completely anonymous, then this may only take place when the law allows the information to be used.  All these uses help to provide better health and care for you, your family and future generations. 

 

LAWFUL BASIS FOR PROCESSING 

Under UK GDPR, we rely on the following lawful bases to process your personal data: 

  • Consent – where you have given clear permission (e.g. submitting a contact form) 
  • Legitimate interests – to manage and improve our website and communications 
  • Legal obligation – where we are required to process data by law 

 

COOKIES 

Our website DOES NOT use cookies to help it function and to understand how visitors use the site. 

 

Who We Share Information With 

We may share limited information with: 

  • Website hosting and IT support providers 
  • Analytics providers (e.g. anonymised website usage data) 
  • Prescriptions: Where you have agreed we will send information on your prescriptions to pharmacies, either by electronic systems or by paper. 
  • Patient referrals: With your agreement, our staff may refer you to other services not provided by the PCN, or they may work with other services to provide your care.  Information will be shared by letters, emails and shared record systems. This information may then be included in your record.  Referrals can be to lots of different services, such as smoking cessation services, social prescribers, voluntary services and other health and care agencies, as appropriate, for your care. 
  • Hospital, Community or Social Care Services: Sometimes the staff caring for you need to share some of your information with others who are also supporting you. This could include hospital or community based specialists, nurses, health visitors, therapists or social care services.  Information will be shared to organisations where you receive care, whether that is local or further away. 
  • Shared Computer Systems: Health and Social care services are developing shared systems to share data efficiently and quickly.  It is important for anyone treating you to be able to access your shared record so that they have all the information they need to care for you. Only authorised staff can access the systems and the information they see is carefully checked so that it relates to their job.  Systems do not share all your data, just data which services have agreed is necessary to include. For more information about shared care records, please visit:  The SIDeR Website. 
  • Clinical Digital Tools: We also use a range of digital tools to support improved patient care.  These digital tools may relate to very specific conditions and use of them supports diagnosis, clinical decision making, prescribing and management of a condition.  Often these digital tools are developed and managed by third parties who are contracted by the NHS for the provision of this very specific work to ensure best patient care.   Your information may be shared with these organisations where it is relevant to your care. 
  • Safeguarding of children or vulnerable adults: If we have significant concerns or hear about an individual child or vulnerable adult being at risk of harm, we may share relevant information with other organisations, such as local authorities and the Police, involved in ensuring their safety. 
  • Population Health Management: Health and care services work together as ‘Integrated Care Systems (ICS)’ and share data for the following reasons: 
  • Understanding the health and care needs of the care system’s population, including health inequalities 
  • Provide support to where it will have the most impact 
  • Provide support to where it will have the most impact 
  • Multi-disciplinary team meetings: For some long term conditions, such as diabetes, the practice participates in meetings with staff from other agencies involved in providing care, to help plan the best way to provide care to patients with these conditions. 

All third parties are required to keep your information secure and only use it for the purposes agreed with us. 

We do not sell or use your data for marketing purposes. 

 

HOW WE KEEP YOUR INFORMATION SECURE 

We use appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access, or disclosure. 

Access to personal information is restricted to authorised individuals only. 

 

HOW LONG WE KEEP YOUR INFORMATION 

We only retain personal information for as long as necessary to fulfil the purpose it was collected for, in line with our retention policies and legal requirements.

 

STAFF AND JOB APPLICANTS

We collect and process personal data relating to job applicants, employees, workers, contractors and volunteers as part of our recruitment and employment processes.

This information may include contact details, employment history, qualifications, right-to-work checks, payroll information, equality monitoring data, and where necessary, health and wellbeing information.

We use this information to:

  • Manage recruitment and selection
  • Administer employment relationships, pay and benefits
  • Meet legal, regulatory and safeguarding obligations
  • Support training, performance, wellbeing and workforce planning

We process personal data lawfully under UK GDPR, including where it is necessary for a contract, to meet legal obligations, or for legitimate organisational purposes. Special category data is handled with additional care and safeguards.

How long we keep the information

  • Unsuccessful applicants: usually retained for up to 6 months after the recruitment process ends
  • Staff records: retained for the duration of employment and typically for up to 6 years after employment ends

All staff and applicant information is stored securely and accessed only by authorised individuals.

 

YOUR DATA PROTECTION RIGHTS 

You have the right to: 

  • Access your personal data 
  • Request correction of inaccurate or incomplete data 
  • Request erasure of your data (where applicable) 
  • Object to or restrict processing 
  • Request data portability 
  • Withdraw consent at any time (where consent is the lawful basis) 

To exercise your rights, please contact us using the details above. 

 

DATA PROTECTION OFFICER (DPO) 

Our Data Protection Officer is:

Kevin Caldwell, Somerset ICB 

Email: somccg.GPDPO@nhs.net 

Telephone: 01935 384000 

 

COMPLAINTS 

If you have concerns about how your information is handled, please contact us in the first instance. 

You also have the right to raise a complaint with the Information Commissioner’s Office (ICO): 

  • Telephone: 0303 123 1113 

 

CHANGES TO THIS PRIVACY NOTICE 

We may update this Privacy Notice from time to time. Any changes will be published on this page. 

 

Last updated: December 2025