Policies: Privacy, GDPR and Cookies

What is a Privacy Notice?

A privacy notice is a statement that discloses some or all of the ways in which the practice gathers, uses, discloses and manages a patient’s data. It fulfils a legal requirement to protect a patient’s privacy.

Why do we need one?

To ensure compliance with the General Data Protection Regulation (GDPR) the Lunesdale Surgery must ensure that information is provided to patients about how their personal data is processed in a manner which is:

  • Concise, transparent, intelligible and easily accessible
  • Written in a clear and plain language, particularly if addressed to a child
  • Free of charge

What is the GDPR and how do we communicate our privacy notice:

The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region approach data privacy. The GDPR came into effect on the 25th May 2018.

Please click this link for Shap Medical Practice’s Privacy Notice.

We will:

  • Inform patients how their data will be used and for what purpose
  • Allow patients to opt out of sharing their data should they wish to

Risk Stratification

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions e.g. cancer. Your information is collected by a number of sources, including Shap Medical Practice; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.

What information do we collect about you?

We will collect information such as your personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, x-rays etc. and any other relevant information to enable us to deliver effective medical care.

How do we use your information?

Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research, however, we will always gain your consent before sharing your information with medical research databases or other when the law allows. Information will not be disclosed to family, friends or spouses unless we have your prior written consent.

How we keep your records confidential

Everyone working for the NHS has a legal duty to keep information about you confidential.

Shap Medical Practice is committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security as well as guidance issued by the Information Commissioner’s Office (ICO).

Accessing your records

You have the right to access the information we hold about you; if you would like to access your information you will need to complete a Subject Access Request (SAR) form, please ask at Reception for further information. Should you identify any inaccuracies, you have the right for this to be corrected.

Who are our partner organisations?

We may share information with the following main partner organisations:

  • NHS Trusts (Hospitals)
  • Ambulance Service
  • NHS England
  • NHS out of hours service
  • NHS Digital
  • Eden PCN


You have the right to object to your information being shared, should you wish to opt out of the data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information outside of the practice.

What to do if you have any question

Should you have any questions about our privacy policy or the information we hold about you, you can contact:

The Practice Data Controller,
Shap Medical Practice
Peggy Nut Croft
CA10 3LW

Email: [email protected]
Telephone: 01931 716230

The Data Protection Officer for Shap Medical Practice is:

Yvonne Selkeld
Information Governance Officer
Cumbria Partnership NHS Foundation Trust
Maglona House
Kingstown Broadway
Carlisle     CA3 0HA

Email: [email protected]
Telephone: 01228 603961


In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO, for further details visit www.ico.org.uk and select ‘Raising a concern’.

Cookies are files saved on your phone, tablet or computer when you visit a website. They store information about how you use the website, such as the pages you visit. This website does not collect any cookies.