188 High Street, Cottenham, Cambridge, CB24 8SE
Telephone: 01954 250079
Sorry, we're currently closed. Please call NHS 111 if life threating emergency please call 999
Cottenham Medical Practice – Procurement update Patient Helpdesk Closure Pharmacy Consultation Service COVID Pass available to children aged 12 to 15 Vaccination Data Resolution Service and overseas vaccinations recording service Tell the NHS about coronavirus (COVID-19) vaccinations you’ve had abroad Message to our patients – update on the COVID-19 booster programme Housebound Covid Boosters New provider of GP services at Cottenham Surgery Dr Blumenfeld leaving the practice
Our website may contain links to other websites, which are provided for your convenience. We are only responsible for the privacy practices and security of this website and not external websites. You should therefore check any other linked website’s privacy policies.
This policy may be subject to change, so you are advised to check our website regularly for any further changes.
You can access our home page and browse our site without disclosing any personal or company data except for information automatically collected by cookies that we use.
Cookies on this website
Who are we?
We are SurgeryWeb, our core business is providing customised websites for medical centres and doctor’s surgeries, primarily within an NHS framework.
How the Law Protects You
Data protection laws (GDPR) state that we are only able to process personal or company data if we have valid reasons to do so. The basis for processing your personal or company data includes, but is not limited to, your consent, performance of a contract, to enable billing and to contact you for customer service purposes.
How Do We Collect Personal or Company Data From You?
We receive information about you, when you use our website, complete registration forms on our website and if you contact us by phone, email or otherwise in respect of any of our services.
Secure Hosting Facilities
This website is provided by SurgeryWeb and hosted by either TMZVPS within a UK data centre located in Maidstone, Kent, UK or a cloud based server provided by Amazon Web Servers (AWS).
Some of the data centre’s more notable security features are as follows:
Your personal or company data may automatically be collected when you use our website, including but not limited to, your IP address, device-specific information, server logs, device event information and location information.
What Type of Data Might We Collect From You?
The personal or company data that we may collect from you may include your name, address, email address, phone numbers and medical information submitted by online forms.
We may also retain records of your enquiries and correspondence, in the event you contact us.
How Do We Use Your Data?
We may use information about you in the following ways:
We shall retain your data only for as long as necessary in accordance with applicable laws. Third party information, relating to patients, may be retained for up to 30 days only.
We assure you that your data shall only be used for the purposes stated herein.
Who Has Access to Your Personal or Company Data?
We process your data for administration, billing, support and the provision of services. Management and officers of SurgeryWeb may have access to your data for the process of conducting business related activities only.
We do not sell, rent or share your personal or company data to third parties for marketing, advertising or any other purposes.
We will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal or company data is secure and will not be used for any marketing purposes by any third parties.
We may need to share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business. In these circumstances, we may disclose your personal or company data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings.
Similarly, we may share your personal or company data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of SurgeryWeb, or others.
Under data protection legislation (GDPR), you have several rights regarding the use of your personal or company data, as follows:
The Right of Confirmation and Access
You have the right to obtain confirmation from the data controller appointed by SurgeryWeb, as to whether or not personal or company data concerning you is being processed or stored. You also have the right to request a copy of this information. You have the right to be informed of the appropriate safeguards relating to any transfer of your data to any international company.
Right to Rectification and Erasure (Right to be Forgotten)
You have the right to ask us to correct any inaccurate data or to complete any incomplete personal or company data that we may hold. You have the right to request that we erase your personal or company data without delay where one of the statutory grounds applies, so long as the processing is not necessary. If you request us to erase your personal or company data, then this means that our business relationship with you will end as we cannot provide our service without processing your data.
Right of Restriction of Processing/Right to Object
You have the right to object, on grounds relating to your particular situation, at any time, to the processing of personal or company data concerning you. You also have the right to restrict the processing of your personal or company data under certain circumstances, including if you have contested its accuracy and while this is being verified by us, or if you have objected to its processing and while we are considering whether we have legitimate grounds to continue to do so.
Right of Data Portability
You have the right for certain data you have given us to be provided to you in a structured and commonly used electronic format (for example, a MS document, XLS file), so that you can move, copy or transfer this data easily to another data controller. You may also request that we transmit this data directly to another organisation where it is practical for us to do so.
Automated Individual Decision-Making, Including Profiling
You have the right not to be subjected to a decision, based solely on automated processing, including profiling. We do not process any personal or company data in this way.
How to Exercise Your Rights
If you wish to contact us in respect of any of your rights as described above, please contact the Practice – We will respond to your request free of charge and usually within 30 days.
How to Complain About the Use of Your Data
If you wish to complain about how we have handled your personal or company data, including any of the rights outlined above, please contact the Practice.
Accessing and Updating Your Data
You must ensure all your details, including but not limited to, name, address, phone number and email address are kept up to date at all times. All changes should be notified to us directly.
Where We Store Your Personal or Company Data
All information you provide to us is stored on our secured, GDPR compliant system, which is protected by firewalls and anti-virus software programs. From time to time, your information may be transferred to and stored on other storage media and kept securely at our business premises. By providing your data to us, you agree to this transfer and storage.
Please note: As the transmission of information via the internet and email is not completely secure, we cannot guarantee the security of your data during transmission, therefore any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
All sensitive data are encrypted and fully protected.
We agree to take all reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions.
In the event of a data breach, we shall ensure that our obligations under applicable GDPR data protection and UK Privacy laws are complied with, which may include, and is not limited to, notifying the Relevant Supervisory Authority.
Please contact us with any questions or comments you have about privacy issues.
Data Protection Officer
We have appointed a Data Protection Officer to ensure that we continuously process your personal or company data in an open, accurate and legal manner. If you have any questions about the processing of your personal or company data, please contact our Data Protection Officer at the Practice.
Your Right to Make a Complaint
You have the right to make a complaint about how we process your personal or company data to: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
This notice was last updated on 20/09/2022. Should any information provided within this policy be subject to change then this page will be updated to reflect any changes in the law or our privacy practices. However, we will not use your personal or company data in any new ways without your prior consent.
All requests for information relating to your personal or company data and how we use and process this data will be provided free of charge.