Skip to main content

Privacy Notice

Last updated: December 2025

Stanley Corner Medical Centre is committed to protecting your personal information and respecting your privacy. This Privacy Notice explains what personal data we collect, how we use it, why we use it, and how we keep it safe, in accordance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and NHS data protection standards.

1. Who We Are

Data Controller: Stanley Corner Medical Centre
Address: 1-3 Stanley Avenue, Wembley HA0 4JF
Telephone: 0208 902 3887
Data Protection Officer (DPO): Dr Zahira Bachelani

2. What Personal Data We Collect

2.1 Personal information

  • Name, address, date of birth
  • Telephone numbers, email address
  • NHS number
  • Gender, ethnicity, preferred language, country of birth
  • Emergency contact details

2.2 Special category (sensitive) data

  • Medical records, diagnoses, test results
  • Medications, allergies, referrals
  • Mental health information
  • Sexual health information
  • Pregnancy/maternity information
  • Immunisation history

2.3 Other data

  • Online services usage
  • Call recordings

We only collect data necessary for delivering safe, effective NHS healthcare.

3. How We Use Your Information

We use your information to:

  • Provide you with NHS primary care services
  • Maintain accurate and up-to-date medical records
  • Arrange referrals, tests, and prescriptions
  • Work with other NHS and social care providers
  • Safeguard children and vulnerable adults
  • Invite you to screening, immunisations, and health checks
  • Manage practice operations (appointments, repeat prescriptions, recalls)
  • Respond to complaints or incidents
  • Support clinical audits and quality improvement
  • Contribute to approved research (only with strict safeguards)

4. Who We Share Information With

We share data only when necessary for your care or when legally required:

  • NHS trusts and hospitals
  • North West London Integrated Care Board (ICB)
  • Mental health and community services
  • Pharmacies (including electronic prescriptions)
  • Out-of-hours services
  • Social care and safeguarding teams
  • Diagnostic and blood test providers
  • NHS England & Department of Health & Social Cere
  • Approved researchers (with strict confidentiality rules)
  • IT system suppliers under NHS contracts

We do not share your data for marketing or commercial purposes.

5. National NHS Data Sharing

Your health information contributes to national NHS datasets, such as:

  • General Practice Data for Planning and Research (GPDPR)
  • OpenSAFELY COVID-19 Service & OpenSAFELY Data Analytics Service
  • National screening programmes
  • Vaccination programmes

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.

Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register type 1 opt out with their GP.

Find additional information about OpenSAFELY.

You have choices about how your data is used beyond your care, including National Data Opt-Out.
More information: https://www.nhs.uk/your-nhs-data-matters/

6. How We Store and Protect Your Data

We store your data securely on NHS-approved clinical systems.
We use:

  • Strong encryption
  • Access controls and role-based security
  • Staff confidentiality agreements
  • Regular audits
  • Secure email (NHSmail)

Paper records, if held, are stored in locked cabinets with restricted access.

7. How Long We Keep Your Information

We follow NHS retention schedules:

  • Adult medical records: minimum 10 years after death
  • Children’s records: until age 25 or 8 years after death
  • Administrative records follow the NHS Records Management Code of Practice

We keep information only as long as necessary.

8. Your Rights

Under UK GDPR, you have the following rights:

  • Right to access (Subject Access Request – SAR)
  • Right to rectification
  • Right to erasure (limited for medical records)
  • Right to restrict processing
  • Right to object
  • Right to data portability
  • Right to be informed

To exercise these rights, contact the Practice Manager or DPO.

9. Accessing Your Medical Records

You may request your records:

We will respond within 28 days, free of charge (unless the request is excessive).

10. Cookies and Website Usage

Our website may use cookies to support functionality, security, and analytics. You can manage cookie settings through your browser.

11. Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes in law or NHS guidance.

12. How to Make a Complaint

If you have concerns about how we use your data, please put it in writing to:

Practice Manager: Agnes Glowacka

If unresolved, you may contact:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113

Page published: 26 April 2024
Last updated: 10 December 2025