Introduction
Barnard Medical Group is committed to protecting your privacy and ensuring that your personal information is handled securely, fairly and lawfully.
We collect, store and use personal information to provide healthcare services and to meet our legal, regulatory and contractual obligations as an NHS GP Practice.
This Privacy Notice explains how we use your information, who we may share it with, your rights and where you can find further information about the processing of your personal information.
Barnard Medical Group complies with:UK General Data Protection Regulation (UK GDPR)
- Data Protection Act 2018
- Common Law Duty of Confidentiality
- NHS Information Governance requirement
Who We Are
Barnard Medical Group is the Data Controller for the personal information held within your GP medical record.
Barnard Medical Group
43 Granville Road
Sidcup
Kent DA14 4TA
Telephone: 020 8302 7721
Information Governance Contact
Barnard Medical Group is committed to protecting the confidentiality and security of patient information.
The Practice has appointed a Data Protection Lead, Caldicott Guardian and Senior Information Risk Owner (SIRO) to oversee information governance arrangements.
If you have any questions about how we use your personal information, or wish to exercise your data protection rights, please contact the Practice in the first instance.
Email: barnardmedicalgroup@nhs.net
Telephone: 020 8302 7721
The Practice also receives independent Data Protection Officer support through South East London Integrated Care Board.
What Information We Hold
We maintain a confidential medical record for all registered patients.
This may include:
- Personal and contact details
- NHS Number
- Medical history
- Diagnoses and treatment records
- Medications and allergies
- Test results
- Referral information
- Correspondence from hospitals and other healthcare providers
- Appointment and attendance information
- Relevant safeguarding information
How We Use Your Information
We use your information to:
- Provide healthcare and treatment
- Arrange referrals and investigations
- Prescribe medicines safely
- Coordinate care with other healthcare providers
- Maintain accurate medical records
- Improve the quality and safety of our services
- Meet our legal, regulatory and contractual obligations
- Support NHS service planning, public health activities and approved research programmes where there is a legal basis to do so and appropriate safeguards are in place
Digital Services
Barnard Medical Group uses a range of approved NHS and healthcare technology systems to support patient care, including online appointment booking, repeat prescription services, electronic prescribing, text messaging, the NHS App and online consultation services where available.
Information processed through these services is protected by appropriate security measures and is only used for authorised healthcare purposes.
Who We May Share Information With
Where necessary and lawful, we may share information with:
- NHS hospitals and specialist services
- Community healthcare providers
- Pharmacies
- Mental health services
- Ambulance services
- NHS England
- South East London Integrated Care Board
- Other organisations involved in your care
Information is only shared when there is a lawful basis to do so and where it is necessary for the purpose concerned.
Shared Care Records
Health and care organisations across South East London work together through secure shared care record systems to support safe and coordinated care.
Where appropriate, authorised healthcare professionals involved in your treatment may access relevant information to support your care.
Further information is available within our Shared Care Record Privacy Notice.
Your Rights
Under UK GDPR you have the right to:
- Be informed about how your information is used
- Request access to your information
- Request correction of inaccurate information
- Request restriction of processing in certain circumstances
- Object to processing where applicable
- Lodge a complaint with the Information Commissioner’s Office
Some rights may be limited where information is required for the provision of healthcare or where there is a legal obligation to process information.
Accessing Your Medical Records
You have the right to request access to the personal information we hold about you.
Requests can be made by contacting the Practice.
We will respond within one calendar month in accordance with UK GDPR requirements.
Further information can be found within our Complaints, Subject Access Requests and Freedom of Information Privacy Notice.
National Data Opt-Out
The NHS National Data Opt-Out allows patients to choose whether their confidential patient information is used for research and planning purposes.
The National Data Opt-Out does not apply to information used for your direct care.
Further information is available from: NHS Your Data Matters
Additional Privacy Notices
Barnard Medical Group maintains a number of detailed Privacy Notices which explain specific uses of personal information.
These include:
Direct Care
- Direct Care Privacy Notice
- Direct Care Emergencies Privacy Notice
- Primary Care Network (PCN) Data Sharing Privacy Notice
- Summary Care Record Privacy Notice
- Shared Care Record Privacy Notice
Other NHS Uses of Information
- Research Privacy Notice
- Public Health Privacy Notice
- National Screening Programmes Privacy Notice
- Risk Stratification Privacy Notice
Patient Rights and Requests
- Complaints, Subject Access Requests and Freedom of Information Privacy Notice
- Access to Medical Reports Privacy Notice
Legal and Regulatory Requirements
- Care Quality Commission (CQC) Privacy Notice
- DVLA Notification Privacy Notice
Copies of all Privacy Notices are available on our website and from Reception upon request.
How Long We Keep Information
Patient records are retained in accordance with the NHS Records Management Code of Practice and other legal requirements.
Records are kept only for as long as necessary to fulfil legal, clinical and operational requirements.
Complaints
If you have concerns about how your information has been handled, please contact the Practice Manager in the first instance.
You also have the right to complain to the Information Commissioner's Office (ICO).
Information Commissioner's Office
Telephone: 0303 123 1113
Website: Information Commissioner's Office (ICO)
Changes to This Notice
We may update this Privacy Notice from time to time to reflect changes in legislation, NHS requirements or Practice procedures.
The latest version will always be available on our website and from Reception.
Last updated: June 2026