Privacy Policy
Last updated: 08/04/2026
Who we are
Aspri Medical Centre is an NHS GP practice providing primary care services under contract with NHS England.
Address: 1-3 Long Elmes Harrow Weald HA3 5LE
Phone:0208 427 9623
We are the data controller for your personal information.
How we use your information
We collect and use your information to:
- Provide safe and effective healthcare
- Manage appointments, prescriptions, and recalls
- Respond to online consultation requests
- Communicate with you about your care
- Refer you to other healthcare providers
- Support NHS planning and public health
- Comply with legal and regulatory requirements
What information we collect
Personal information
- Name, date of birth, NHS number
- Address, telephone number, email
Health information (special category data)
- Medical records and history
- Consultation details
- Test results and diagnoses
- Prescription information
Online consultation data
When you use our online services (such as PATCHS or Accurx), we may collect:
- Symptoms and medical queries
- Uploaded photos or documents
- Responses to clinical questionnaires
Website usage data
- IP address
- Browser type
- Pages visited (via cookies)
Legal basis for processing
We process your data under UK GDPR:
- Article 6(1)(e) – Public task (providing NHS healthcare)
- Article 9(2)(h) – Health and social care provision
Where applicable, we may also rely on:
- Legal obligations
- Your consent (for optional services)
Systems we use
We use secure NHS-approved systems to manage your information:
- EMIS Web – for maintaining your electronic patient record
- Accurx – for communication (e.g. SMS, online forms, messages)
- PATCHS – for online consultations and triage
These providers act as data processors on our behalf and comply with UK data protection law.
Sharing your information
We may share your data with:
- NHS hospitals and community services
- Integrated Care Boards (ICBs)
- NHS England and NHS Digital
- Laboratories and diagnostic services
- Other healthcare professionals involved in your care
We only share the minimum necessary information and always in line with confidentiality rules.
Online services
If you use our online services (such as PATCHS or Accurx), your data is transmitted securely and stored within approved NHS systems.
Please ensure you provide accurate information and avoid using shared devices where possible.
Keeping your data safe
We protect your information by:
- Using secure NHS IT systems
- Restricting access to authorised staff only
- Encrypting data where appropriate
- Training staff in data protection and confidentiality
- Complying with the NHS Data Security and Protection Toolkit
How long we keep your data
We follow the NHS Records Management Code of Practice.
Your medical records are normally kept for:
- At least 10 years after you leave the practice, or
- 10 years after death
Your rights
You have the right to:
- Access your personal data (Subject Access Request)
- Request correction of inaccurate data
- Object to or restrict processing
- Request data portability (where applicable)
Please note: we cannot usually delete medical records due to legal requirements.
Cookies
Our website uses cookies to:
- Ensure the site functions correctly
- Understand how visitors use the site
- Improve user experience
You can manage cookies through your browser settings.
Complaints
If you have concerns about how your data is handled, please contact us first.
You also have the right to complain to the Information Commissioner’s Office (ICO):
https://www.ico.org.uk