This Data Protection Compliance Policy sets out the steps taken by GP-Plus Limited to ensure that its data processing practices are in accordance with UK data protection law. GP-Plus acknowledges that the personal data it processes is, and shall remain, the property of the Client/Patient. Upon termination of the contractual relationship with the Client/Patient, GP-Plus (or other properly appointed responsible agent) will continue to hold the personal data on behalf of the Client/Patient. The Client/Patient reserves the right to access their personal data in accordance with this data protection statement at any time. Personal data will not be given to any other third parties for any purpose. GP-Plus has in place appropriate technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, loss, damage or disclosure of personal data and adequate security programmes and procedures to ensure that unauthorised persons do not have access to personal data or to any equipment used to process personal data. GP-Plus provides individuals (including the Client/Patient HR) with the right of access, rectification, blocking, erasure and/or destruction available to such individuals under the applicable data protection laws in the UK. GP-Plus acknowledges that the personal data it processes is, and shall remain; the property of the Client/Patient and it will return to the Client/Patient all copies of the relevant data upon termination of the contractual relationship with them as and when requested.

The EU General Data Protection Regulation (GDPR) becomes enacted on the 25th May 2018 and will standardise data privacy and protection laws across Europe. The UK government is equally committed to this process. As a result, there may be some further fine tuning of this process following on from the Brexit transition. It will also affect companies outside of Europe as it applies to any entity that processes personal data tied to offering goods and services to, or monitoring behaviour of, European data subjects. The GDPR has implications for all healthcare service operators; within the National Health Service and Private sectors.GP-Plus is very much aware of its obligations as a data processor under the GDPR and we are committed to discharging these obligations in a robust and professional manner. All the activities here at GP-Plus remain underpinned by the same ongoing obligations regarding patient and client confidentiality and always remain an essential part of the core “duties of a doctor” and there are high expectations which are also enforceable by our professional body (General Medical Council) and this will continue in the same vein. This applies to Occupational Health (business to business) related activities just as much as it does to ordinary private GP services. As part and parcel of our ongoing GDPR compliance efforts we will continue to review, improve, refine and document our security measures to protect any of our patients and clients against any unauthorised access, use or disclosure of the content we protect. As well as providing direct private patient care, GP-Plus also provides occupational and Company medical services on behalf of third party employers and it is important that all service users and agents have confidence in all aspects of our service and the data that we must process to effectively do so. The medical director (Dr Peter Copp) has always been the Data Controller for GP-Plus and will remain so and he will also be primarily responsible for dealing with any of the measures required to facilitate best practice and all related data/GDPR matters, taking full cognisance of the newly emerging legislation. Dr Copp also welcomes any informal or other feedback about any of these statements and how they are interpreted by others (peter@gpplus.com). We have (as per legislation) produced a privacy notice which is available on our website (www.gpplus.com): Please go to the foot of any web page to click on the “data compliance policy” option. Furthermore, as part of our extensive obligations to the inspectorate here in Scotland (Healthcare Improvement Scotland) all policies (including those relating to data processing and the GDPR) are assessed and monitored by them for appropriate compliance.

Further information on the Privacy Notice for Patients can be found here.

Our consultation charges are made clear at the time of appointment booking and are clearly listed on our website (gpplus.com) and within the building itself. Please do not proceed with the appointment until you are aware of these. The GP who sees you will remind you of this before the appointment begins and ensure you have signed the registration form and have agreed to the standard operational terms and conditions.‘I have been informed of the standard service (consultation) charges and that these are exclusive of additional costs such as referrals, casework, blood tests, vaccinations, additional casework needed for more complex situations such as medical records provided or obtained on my behalf and other warranted investigations. Any necessary added casework will be discussed with me at the time of the appointment or as soon as possible thereafter’For those individuals who are not the bill payers, and it turns out that more testing (and unforeseen additional cost) is required than had been anticipated, we urge you to ask the GP to hold off while you contact that person to explain the situation. That may be during the consultation if preferred or else the session can be terminated until further clarification is sought and agreement is provided. These terms and conditions, together with any notification of schedule of costs, constitute the whole agreement between us. If you are now clear about that we ask you to sign and date the registration form and bring it with you to your appointment. This page will be checked at Reception and again by the GP before the consultation commences. It is only the actions of a very tiny minority which has made this a necessary step in our standard operational procedures.

GP-Plus Limited has in place and undertakes to maintain appropriate technical and organisational measures against the accidental, unauthorised or unlawful processing, destruction, loss, damage or disclosure of data. Likewise, adequate security programs and procedures are in place to ensure that unauthorised persons do not have access to the data or to any equipment used to process the data.

All suggestions for improvement of the practice are welcomed. If patients have a complaint concerning any matter relating to the practice, they are recommended to contact Reception in the first instance (newpatient@gpplus.com), who will pass this on to the Medical Director Dr Peter Copp. In the event that you feel dissatisfied with the outcome of your complaint, you can request a review by writing to the Independent Doctors Federation.  Alternatively, you may also contact Healthcare Improvement Scotland. Further information on this procedure can be found here.