NICS Privacy Notice

North West Surrey Integrated Care Services

NICS Privacy Notice
For the patients of the 37 member practices in North West Surrey

Who We Are And What We Do
North West Surrey Integrated Care Services (NICS) is the GP Federation for the 37
practices in North West Surrey and we support your practice by offering medical services.
Services NICS provides include the locally commissioned services and the integrated
access (extended access service). For further information please refer to the ‘services’ page
on our Website: Our Services | (nicsfed.co.uk)
If you have been asked by your practice if you would like an appointment via a NICS service
and you have agreed, then your details will have been forwarded to NICS.
NICS is committed to protecting your privacy and ensuring that the personal information we
hold about you is used lawfully, fairly and transparently. This Privacy Notice explains what
information we collect, how we use it, who we share it with, and your rights under the UK
General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA18), and
the Data Use and Access Act 2025 (DUAA 2025).
What Information Do We Collect About You?
NICS professionals who provide you with medical care maintain records about your health
and about any treatment or care you have or have received previously. These records help
to provide you with the best possible healthcare.
The information we hold is on secure, NHS-approved systems and part of your records.
NICS maintain records about your health and the treatment you receive in electronic format
on our EMIS System.
The information about you that we collect and use to provide healthcare and related services
may include:
• Personal details such as your name, date of birth, address, NHS number, and
contact details
• Medical information such as your medical history, test results, diagnoses, treatment
plans, and prescribed medications
• Details about your appointments, referrals, and correspondence with healthcare
professionals
• Information from other health and care providers involved in your care
• Next of kin or emergency contact information
How We Will Use Your Information
Your data is collected for the purpose of providing direct patient care and we will use your
information to;
• Provide you with safe and effective healthcare services
• Support your GP practice in delivering extended access appointments
• Manage our clinics, services, and quality of care
• Respond to incidents, complaints, or feedback
• Comply with legal and regulatory requirements
In addition to the above we can disclose this information if it is required by law, if you give
consent or if it is justified in the public interest. NICS may be requested to support research;
however, we will always gain your consent before sharing your information with medical
research databases or others when the law allows.
In order to comply with its legal obligations, NICS may send data to NHS Digital when
directed by the Secretary of State for Health under the Health and Social Care Act 2012.
Additionally, NICS contributes to national clinical audits and will send the data that is
required by NHS Digital when the law allows. This may include demographic data, such as
date of birth, and information about your health which is recorded in coded form; for
example, the clinical code for diabetes or high blood pressure.
We process your personal data under Articles 6(1)(e) (public task) and 9(2)(h) (health and
social care) of the UK GDPR.

Our Commitment To Data Privacy And Confidentiality
We are committed to protecting your privacy and will only process data in accordance with the
Data Protection Legislation. This includes the UK General Data Protection Regulation (UKGDPR), the Data Protection Act (DPA) 2018, the Data Use and Access Act 2025 (DUAA 2025)
and any applicable national Laws, implementing them as amended from time to time. The
legislation requires us to process personal data only if there is a legitimate basis for doing so
and that any processing must be fair and lawful.
In addition, consideration will also be given to all applicable Law concerning privacy,
confidentiality, the processing and sharing of personal data including the Human Rights Act
1998, the Health and Social Care Act 2012 as amended by the Health and Social Care (Safety
and Quality) Act 2015, the common law duty of confidentiality and the Privacy and Electronic
Communications (EC Directive) Regulations.
Your Personal Data Rights And Accessing Your Records
We adhere to the UK General Data Protection Regulation (UK-GDPR), the Data Use and
Access Act 2025 (DUAA), the NHS Codes of Confidentiality and Security, as well as
guidance issued by the Information Commissioner’s Office (ICO).
You have rights over your personal data, including the right to:
• Access the information we hold about you (Subject Access Request)
• Ask us to correct inaccurate or incomplete data
• Request deletion or restriction of your data (in certain cases)
• Object to how we use your data
• Withdraw your consent (if processing is based on consent)
• Complain to the Information Commissioner’s Office (ICO)
o ICO website: www.ico.org.uk | Telephone: 0303 123 1113
If you would like to access information NICS hold about you then you will need to complete a
Subject Access Request (SAR). Please send an email to nics.feedback@nhs.net to request
a SAR form and you will be given further information. Furthermore, should you identify any
inaccuracies, you have a right to have the inaccurate data corrected.
Surrey Care Record
The Surrey Care Record is an Electronic Health Record (EHR) linking system that brings
together patient/clients’ information across health and care systems in a secure manner,
giving a summary of your information which is held within a number of local records. For
more information see: www.surreyheartlands.uk/surrey-care-record-privacy-notice
You have the right to object to information being shared for your own care. Please speak to
the practice if you wish to object. You also have the right to have any mistakes or errors
corrected.
Opt-Outs
You have a right to object to your information being shared. Should you wish to opt out of
data collection, please contact a member of staff at your own GP surgery who will be able to
explain how you can opt out and prevent the sharing of your information; this is done by
registering to opt out online (national data opt-out programme) or if you are unable to do so
or do not wish to do so online, by speaking to a member of staff.
If you opt out you cannot be seen in any of the NICS clinics.
Complaints
In the unlikely event that you are unhappy with any element of our data-processing methods,
you have the right to lodge a complaint with NICS or the ICO.
To complain directly to NICS please complete an online form via our website:
https://www.nicsfed.co.uk, email us at nics.feedback@nhs.net, or write to our postal
address: Dr C Baker, C/O NICS, Hythe Medical Centre, Rochester Road, Staines- UponThames, England, TW18 3HN.
If you wish to contact the ICO directly, please visit www.ico.org.uk and select “Raising a
concern”.
What To Do If You Have Any Questions
The Data Protection Officer (DPO) for NICS is Richard Newell.
This Privacy Notice is also available on our website - www.nicsfed.co.uk
Should you have any questions about our Privacy Notice or the information we hold about
you, contact the NICS Quality and Governance team email at nics.feedback@nhs.net