Privacy policy

Privacy Summary

Our Privacy Policy outlines how we collect, use, store, and protect your personal information. It covers:

What information we collect: Including personal details (e.g. name and email), usage data, and relevant clinical information.
How we use your information: To provide services, improve patient experience, communicate updates, and meet legal obligations.
Data sharing: Clarifies if and when your information is shared with third parties (e.g., service providers, regulators, pathology and radiology providers).
AccuRX communication: We use AccuRX to send appointment booking links and reminders by text to your mobile phone unless you ask us not to. We also send clinical letters securely, accessible via a secure link on your phone.
Your rights: Explains your rights to access, correct, or delete your personal data.
Data security: Describes how we protect your information from unauthorised access or breaches.
Retention: Details how long your data is stored and the criteria for deletion.
Contact information: Provides details on how to reach us with questions or concerns about your privacy.

What is a Privacy Policy?

A Privacy Policy is a statement by an organisation to patients, service users, visitors, carers, the public, and staff that describes how we collect, use, retain, and disclose personal information which we hold. This privacy policy is part of our commitment to ensure that we process your personal information/data fairly and lawfully.

How we use and share your information

At Communitas Clinics, we securely share and access your health information to ensure that healthcare professionals have the information they need to provide safe, effective care.

When you are referred to us, we assume implied consent for sharing relevant health information to provide your care. If you do not wish for your records to be shared, you have the right to opt out at any time.

We use AccuRX to send appointment booking links and reminders by text to your mobile phone unless you ask us not to. We also send clinical letters securely, accessible via a secure link on your phone.

What information do we collect and hold about you?

We may collect and hold the following personal and sensitive information about you in the delivery of your care:

Basic details about you such as name, address, date of birth, telephone number, and email address.
Next of kin and carer details.
NHS number.
Contact we have had with you such as appointments or clinic visits.
Notes and reports about your health, treatment, and care.
Results of tests.
Relevant information from people who care for you and know you well, such as health professionals and relatives.

This may also include personal sensitive information such as sexuality, race, your religion or beliefs, and whether you have a disability, allergies, or wider health conditions. It is important for us to have a complete picture, as this information assists staff involved in your care to deliver and provide improved care, appropriate treatment, and care plans to meet your needs.

It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.

How we share your information

We use two secure systems to support the coordination of your care:

SystmOne (our clinical system – EDSM enabled)

Allows us to share your medical records with other SystmOne healthcare providers who have enabled sharing, including your GP, community services, and other NHS providers involved in your care.
Enables us to share and view relevant records from other SystmOne providers, provided they have also enabled data sharing under the Enhanced Data Sharing Model (EDSM).
We may also securely share your information with pathology providers (e.g., for blood tests) and radiology providers (e.g., for imaging investigations) as part of coordinating your care.
SystmOne data is only accessible to organisations using SystmOne that have agreed to share records appropriately under NHS rules and your preferences.

London Care Record (LCR – External System)

A secure system that allows health and social care professionals outside of SystmOne (e.g., hospitals, community services, and social care providers) to access relevant records about your care.
Some of our employees use the LCR to access records from external providers when involved in your care.

To access the London Care Record, your SystmOne record must have EDSM enabled. If you opt out of Sharing In, we will not be able to view information from or contribute information to the London Care Record.

Lawful basis for data sharing

Article 6(1)(e) – Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Article 9(2)(h) – Provision of Health or Social Care: Processing is necessary for the provision of health or social care, including treatment and the management of healthcare systems.

How long will we store your information?

As a provider of NHS services, your data will be stored in line with the law and national guidance. For more information, please refer to the Records Management Code of Practice – NHS Transformation Directorate or contact us for further information.

How you can access your records

The General Data Protection Regulation gives you the right to access the information we hold about you on our records. This is commonly known as a Subject Access Request.

If you require access to your records, please complete and return a Subject Access Request Form.

You will not usually be charged a fee for most requests to access your information, although a reasonable fee for administrative costs may be charged if a request is manifestly unfounded or excessive, for example, if it is repetitive. We will respond to your request within 30 calendar days from receipt of a signed copy of the completed Subject Access Request Form.

Subject Access Requests should be posted to our administration office or emailed to intermediate.services@nhs.net.

Registration with the Information Commissioner’s Office

Communitas Clinics is registered with the Information Commissioner’s Office (ICO).
Details of our registration can be found here by entering our registration number Z2911737.

Your right to complain

We try to meet the highest standards when collecting and using personal information. We encourage people to bring concerns to our attention and we take any complaints we receive very seriously.

You can submit a complaint through the Company’s Complaints Procedure, which is available on our website, or write to:

Communitas Clinics
The Complaints Department
6th Floor, Sunley House
4 Bedford Park
Croydon
CR0 2AP

If you remain dissatisfied following your complaint, you may wish to contact:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

The Information Commissioner will not normally consider an appeal until you have exhausted your rights of redress and complaint to the organisation.
Visit their website here or call their helpline on 0303 123 1113 (local rate) or 01625 545 745 (national rate).

Additional information

Data Controller
Communitas Clinics Ltd
6th Floor, Sunley House
4 Bedford Park
Croydon
CR0 2AP
Telephone: 0208 683 6734
Website: https://communitasclinics.nhs.uk

Data Protection Officer
DPO – Umar Sabat
6th Floor, Sunley House
4 Bedford Park
Croydon
CR0 2AP
Telephone: 0208 683 6734
Email: umar.sabat@nhs.net

How to make a choice

📞 Contact us directly on 020 8683 6734 to discuss your SystmOne sharing preferences.

📞 Call 020 3192 6011 to opt out of the London Care Record.

🌐 Visit the South East London ICS website to complete the opt-out form.

Your information is shared to provide the best possible care. If you have any concerns or questions, we are here to help.

Accreditations

Cyberessentials plus
QAS International