Peverell Park Surgery & University Medical Centre
Peverell Park Surgery | 01752 766644 | administration.peverellpark@nhs.net
University Medical Centre | 01752 222341 | administration.umcpeverell@nhs.net
Online Consultation is available between 8:00am-3:00pm weekdays (excluding Bank Holidays). Click on the Appointments menu below and select Online Consultation.
Latest News:
New stop smoking service GP Patient Survey Results 2023 Clear on Cancer Mental Health – Every Mind matters Volunteers needed for Covid19 Research Study Quit smoking this Stoptober Access your GP health record HANDi App for child health Struggling with poor sleep National Breastfeeding Week Prescriptions – Aug Bank Holiday Download the NHS App Junior Doctor Industrial Action 14 – 17 June Devon Carers Week Delivery Plan for Recovering Access to Primary Care Healthy Families Mental Health Awareness Week Child Health Drop in Clinics
Data Processing Agreement
This agreement is considered to be agreed upon signing of the Contract for Services between the Practice (acting as the Data Controller) and SurgeryWeb (the Supplier acting as the Data Processor on behalf of the Data Controller).
The Practice (as Data Controller) wishes to subcontract certain services which require the processing of personal data to SurgeryWeb (as Data Processor).
Processing of Personal Data
Both the Practice and SurgeryWeb shall comply with all applicable Data Protection Laws in the processing of the Practices personal data. The personal data to be processed includes (but is not limited to) Patient name, Date of Birth, Sex, Gender, Racial/Ethnic Origin, Address, Postcode, Telephone number, Email address, NHS number and relevant health data.
The Practice instructs SurgeryWeb to process this personal data where necessary to deliver the services provided by them. The processing required and purposes are listed below.
SurgeryWeb shall not process personal data for other purposes other than on the relevant Practices instructions. SurgeryWeb shall process personal data for the duration of the contract between the Practice and the supplier.
Sub-processing
SurgeryWeb will not appoint or share any personal data with any subcontracted processor unless authorised by the Practice. SurgeryWeb shall ensure that any subcontracted processor has implemented appropriate measures to ensure a level of security to the risk of a personal data breach as required by UK GDPR.
| Sub-processor | Personal data | Subject | Purpose | Additional Information |
|---|---|---|---|---|
| Amazon SES | Name, Email | NHS Patients, NHS Staff | Emailing patients and NHS staff | Amazon Web Services commitment to GDPR |
| Catalyst2 | Name, Date of Birth, Sex, Gender, Racial/Ethnic Origin, Address, Postcode, Telephone number, Email address, NHS number and relevant health data, documents, photographs. | SurgeryWeb customers, NHS Patients, NHS Staff | Web hosting, Storage and transmission | Catalyst2 Privacy Policy |
| Dropbox | Name, Date of Birth, Sex, Gender, Racial/Ethnic Origin, Address, Postcode, Telephone number, Email address, NHS number and relevant health data, documents, photographs. | SurgeryWeb customers, NHS Patients, NHS Staff | Storage of Data backups, retained for maximum of 2 weeks | Dropbox GDPR Compliance |
Security
All personal data is encrypted to NHS encryption standards. All personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for while the data is processed.
SurgeryWeb stores encrypted backups in a UK based data centre which auto-delete after a maximum of 2 weeks and is only accessible to authorised staff.
Data Subject Rights
SurgeryWeb will notify the Practice (Data Controller) within 2 working days if a request from a Data Subject is received in respect of personal data and will not respond to the request unless instructed to by the Practice.
Data Breach
SurgeryWeb will notify the Practice (Data Controller) without delay upon becoming aware of a personal data breach affecting personal data, providing the Practice with sufficient information to allow them to meet any obligations to report or inform Data Subjects of the breach under Data Protection Laws.
SurgeryWeb will co-operate with the Practice and take reasonable steps to assist in the investigation, mitigation and remediation of each breach.
Data Retention
SurgeryWeb has adopted retention periods for personal data of 2 weeks (14 days) for data backups and 3 years for data held on servers.
