How we use your information and the law
TALKE CLINIC is the Data Controller of your personal data.
We collect basic personal data, including name, address, telephone number, email, date of birth, next of kin, NHS number, etc.
We may also collect sensitive personal data (“special category data”), including health information, religious beliefs (if relevant), ethnicity, sexuality, and information received from other health providers or third parties.
Your rights over your personal information
You have the following rights under UK GDPR:
Right to be informed – how your data is processed and shared
Right to access your personal information – request copies of the data we hold
Right to rectification – correct inaccurate or incomplete data
Right to erasure – have your data deleted where lawful
Right to restrict processing – limit how your data is used
Right to data portability – receive your data in a structured format
Right to object to processing – object to processing, subject to compelling grounds
Rights in relation to automated decision making and profiling – request human review of automated decisions
To exercise these rights, contact: Talke Clinic
Why we need your information
Your records help us provide safe, effective healthcare and may include:
Contact and demographic details
Records of appointments and consultations
Notes on health, treatment, and care
Test results and investigations
Relevant information from other health professionals or relatives
Contact details for communication purposes
How we lawfully use your data
We process data in accordance with UK GDPR:
Article 6(1)(e) – performance of a task carried out in the public interest
Article 9(2)(h) – health care provision and management of health systems
Telephone Call Recording
Talke Clinic records telephone calls which include inbound and outbound calls made via the Practice and Newcastle North PCN telephone system by authorised staff to ensure safe and effective healthcare.
Purpose of call recording
Staff training and development
Monitoring and improving service quality
Accurate record of advice given
Investigating complaints or incidents
Protecting staff and patients
Supporting patient safety, safeguarding, and governance
Lawful basis
Article 6(1)(e) UK GDPR – public interest
Article 9(2)(h) UK GDPR – health care provision
Storage, security, and retention
Call recordings are stored securely and access is limited to authorised personnel
Recordings are retained for 12 months and then permanently deleted
Patient rights
You may request access to call recordings via a Subject Access Request
Information about call recording is communicated via privacy notices, signage, and phone messages
Risk Stratification
Information is used to identify health risks, prevent unplanned admissions, and enable proactive interventions. Data is anonymised and securely processed by Natwest.
Population Health Management
Data is analysed to improve population health, targeting interventions and supporting health outcomes. External organisations may process data under strict contracts.
Medicines Management
Reviews of prescribed medications are carried out to ensure cost-effective and safe treatment, with data processed under contract with the Clinical Commissioning Group.
Patient Communication
The Practice may contact you regarding NHS services or healthcare management
NHS Account Messaging Service may be used, requiring NHS App registration
Explicit consent is required for research communications
Safeguarding
Personal data may be processed to protect children and vulnerable adults
Legal basis: Article 6(1)(e) and Article 9(2)(b) UK GDPR
Information may be shared with authorities as needed
Research
Data may be shared anonymously with CPRD or via the GP DPR programme
You can opt out via NHS Digital or the NHS App
Third-party processors
IT service providers, hosting, delivery, payment providers, and sub-contractors process data under contract
Confidentiality
All staff and sub-contractors sign confidentiality agreements
Data is shared only when necessary for care or legal reasons
Where we store your information
Data is processed in the UK, hosted securely on EMIS Web via AWS
Partner organisations include NHS Trusts, CCGs, local authorities, social care, and more
Integrated Care Record systems like One Health and Care share key information across partners
Sharing your information without consent
Only in legal, safeguarding, or emergency situations
Retention and destruction
Data retained according to NHS Records Management Code of Practice 2020
Manual records shredded and electronic records securely overwritten
Primary Care Networks
Data may be shared within Newcastle North PCN for patient care
Partner practices include Audley Health Centre, Dr Harbidge, Heathcote Street Surgery, Mount Road Practice
Access to your personal information
Right to request access under Data Protection legislation
Requests processed within one calendar month
What to do if your personal information changes
Notify the Practice promptly of any changes to contact details or personal information
Objections/Complaints
Contact Dianne James, Practice Manager
Supervisory authority: Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Contact for Data Protection
IG Lead: Dr Khin Latt
Caldicott Guardian: Dr Khin Latt
Data Protection Officer: Hayley Gidman
Useful Links
Information Commissioners Office
Information Governance Alliance
NHS Constitution
NHS Digital Guide to Confidentiality in Health and Social Care
Health Research Authority
National Data Opt-Out
