This site uses cookies to store information on your computer. Some cookies on this site are essential, and the site won't work as expected without them. Read More

Box Surgery

Patients Privacy Notice: Box Surgery


Box Surgery is a well-established GP surgery.  Our General Practitioners and allied healthcare professionals provide primary medical care services to our practice population and are supported by our administrative and managerial team in providing care for patients.


This privacy notice explains how we use any personal information we collect about you as a patient of health care services provided by Box Surgery.

Why do we collect your personal information?

Health care professionals who provide you with care are required by law to maintain records about your health and any treatment or care you have received within any NHS organisation.  These records help to provide you with the best possible healthcare and help us to protect your safety.


We collect and hold data for the purpose of providing healthcare services to our patients and running our organisation which includes monitoring the quality of care that we provide.  In carrying out this role we will collect information about you which helps us respond to your queries or secure specialist services.  We will keep your information in written form and/or in digital form.  The records will include both personal and special categories of data about your health and wellbeing.


What types of personal information do we collect about you?

We may collect the following types of personal information:


  • Your name, address, email address, telephone number and other contact information
  • Gender, NHS Number and date of birth and sexual orientation
  • Details of family members and next of kin details
  • Health (Medical) information, including information relating to your sex life
  • Details of any contact the surgery has had with you, such as appointments, clinic visits, emergency appointments and telephone calls.
  • Results of investigations such as laboratory tests or x-rays
  • Biometric data
  • Genetic information

How will we use the personal information we collect about you?

We may use your personal information in the following ways:

  • To help us assess your needs and identify and provide you with the health and social care that you require
  • To determine the best location to provide the care you require
  • To comply with our legal and regulatory obligations  
  • To help us monitor and manage our services.

Text (SMS) Messages

If you have provided your mobile telephone number, we may use this to send automatic appointment reminders, requests to complete surveys or to make you aware of services provided by the surgery that we feel will be to your benefit.


If you do not wish to receive these text messages, please let the reception team know.

Call Recording

Recordings of calls made and received by Box Surgery may be used to support the learning and development of our staff and to improve the service we provide to our patients.


They may also be used when reviewing incidents, compliments or complaints.


Call recordings will be managed in the same way as all other personal information processed by us and in line with all current legislation.

Appointments via Video Conference Calls

If you have provided permission, the surgery is able to provide clinician appointments via video conference calls delivered using your, and the clinicians, smartphone device.  AccuRX is the smartphone app used and a Data Protection Impact Assessment was completed prior to this service being offered to our patients.  This service was a response of the practice to minimise face-to-face contacts between healthcare staff and their patients during COVID-19.

Data processors

We may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how they will handle patient information and ensures they treat any information in line with the General Data Protection Regulation, confidentiality, privacy law, and any other laws that apply.


How will we share your personal information?

We may share your personal information with other health and social care professionals and members of their care teams to support your ongoing health and or social care and achieve the best possible outcome for you. This may include:


  • Improved Access

Box Surgery is a member of the Wiltshire GP Alliance improved access service so you may be treated at one of the other participating practices and they will require access to your patient record.


  • Shared Administration

Box Surgery is part of a Primary Care Network (PCN) which includes 4 other GP practices, namely, Rowden Surgery, Hathaway Surgery, Lodge Surgery and Porch Surgery.  From September 2020, this PCN is adopting a process called “Shared Administration”.  This means that doctors, health care professionals and authorised administrative staff working at one of the 5 GP practices will be able to access the medical notes of all patients across the 5 surgeries.  If you wish to opt out of shared access to your medical records please contact the surgery.


  • Patient Referrals

With your agreement, we may refer you to other services and healthcare providers for services not provided by Box Surgery.


  • Local Hospital, Community or Social Care Services

Sometimes the clinicians caring for you may need to share some of your information with others who are also supporting you.


  • Safeguarding

We will share your personal information with the safeguarding teams of other health and social care providers where there is a need to assess and evaluate any safeguarding concerns.  Your personal information will only be shared for this reason where it is legally required for the safety of the individuals concerned.


  • Summary Care Record (SCR)

Your Summary Care Record is an electronic record of important patient information created from the GP medical records. It contains information about medications, allergies and any bad reactions to medications in the past. It can be seen by staff in other areas of the health and care system involved in your direct care.


  • Integrated Care Records (ICR)

An Integrated Care Record allows other health and care providers who are directly involved with your care to access appropriate, timely and relevant information about you to enable them to support your heath and care.


  • GP Connect in support of the National COVID-19 Service

GP Connect is a system that allows the national COVID-19 service to access your GP medical records to enable them to support your heath and care in response to the COVID-19 pandemic.


  • NHS Digital

In order to comply with its legal obligations this practice may send data to NHS Digital when directed by the Secretary of State for Health under the Health and Social Care Act 2002.

This practice contributes to national clinical audits and will send the data, which are required by NHS Digital when the law allows. This may include demographic data, such as date of birth and information about your health, which is recorded in coded form. For example, the clinical code for diabetes or high blood pressure.


  • National Services

There are some national services like the national Cancer Screening Programme that collect and keep information from across the NHS. This is how the NHS knows when to contact you about services like cancer screening.


  • Other NHS Organisations

Sometimes the practice will share information with other health care organisations that do not directly care for you, such as the Clinical Commissioning Group. However this information will be anonymous and does not include anything written as notes by the GP and cannot be linked to you.


Any medical or health related personal information will be treated with confidence in line with the common law duty of confidentiality and the Confidentiality NHS Code of Practice. We may be required to share information with people other than health and social care professionals and members of their care teams in order to comply with our legal and regulatory obligations.


We will not share your information with people other than health and social care professionals and members of their care teams without your consent unless the law allows or requires us to.


NHS National Data Opt-out

Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care Services, important information about you is collected in a patient record for that service. Collecting this confidential patient information helps to ensure you get the best possible care and treatment.


The confidential patient information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care where allowed by law.


You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information, you do not need to do anything. If you choose to opt out your confidential patient information will still be used to support your individual care.


We do not share your confidential patient information for purposes beyond your individual care without your permission. When sharing data for planning and reporting purposes, we use anonymised data so that you cannot be identified in which case your confidential patient information isn’t required.


Information being used or shared for purposes beyond individual care does not include your confidential patient information being shared with insurance companies or used for marketing purposes and information would only be used in this way with your specific agreement.


Health and care organisations that process confidential patient information have to put systems and processes in place so they can be compliant with the national data opt-out. They must respect and apply your opt-out preference if they want to use or share your confidential patient information for purposes beyond your individual care.


Box Surgery are currently compliant with the national data-out policy as we do not share your confidential patient information for purposes beyond your individual care without your permission.


To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters


You can change your choice at any time.



DoctorLink is a free service offered by the practice that allows you to check your symptoms and health issues, or the symptoms and health issues of a family member.  DoctorLink will guide you through a symptom assessment and offer the most suitable course of action, for example, whether a GP appointment is appropriate.


The following link explains how DoctorLink uses your personal and special categories of personal information when providing this service: https://www.doctorlink.com/privacynotice/


This information is also explained when you initially register with DoctorLink.


To remain compliant against the Data Protection Act 2018 (including GDPR), the surgery has completed a Data Protection Impact Assessment prior to implementing and offering this service to our patients.


How long do we keep your personal information?

We follow the Records Management Code of Practice for Health and Social Care 2016 records retention schedule published by the Information Governance Alliance for the Department of Health which states that electronic patient records should be retained for 10 years from the date of death. At that point, all personal data we hold on you will be securely deleted.


We keep recordings of our calls for 3 years.


Legal basis

We have been commissioned by the Wiltshire Clinical Commissioning Group to provide a GP surgery service and it is necessary for the performance of this task in the public interest for us to process your personal data.


We will use your special categories of personal data, such as that relating to your race, ethnic origin, and health for the purposes of providing you with health or social care or the management of health or social care systems and services. Such processing will only be carried out by a health or social work professional or by another person who owes a duty of confidentiality under legislation or a rule of law.


In some circumstances, we may process your personal information on the basis that:

  • it is necessary to protect your vital interests;
  • we are required to do so in order to comply with legal obligations to which we are subject;
  • we are required to do so for the establishment, exercise or defence of a legal claim;
  • you have given us your explicit consent to do so.


Your rights

You have a right to:

  • ask for a copy of the information we hold about you;
  • correct inaccuracies in the information we hold about you
  • withdraw any consent you have given to the use of your information;
  • complain to the relevant supervisory authority in any jurisdiction about our use of your information
  • in some circumstances:
    • erase information we hold about you;
    • receive a copy of your personal data in an electronic format and require us to provide this information to a third party;
    • restrict the use of information we hold about you; and
    • object to the use of information we hold about you.


You can exercise these rights by contacting us as detailed below.


How to contact us

If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information then please contact our Data Protection Officer at:


Data Protection Officer

Box Surgery

London Road



SN13 8NA






How to make a complaint


You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioners Office (ICO):


0303 123 1113


Changes to our privacy notice

We keep our privacy notice under regular review and we will place any updates on this webpage. This privacy notice was last updated on 16 April 2020.



Choose font size: A A A

Total visitors:389953 | Disclaimer