Privacy Policy

This is the privacy notice of Highgate Group Practice. In this document, “we”, “our”, or “us” refers to Highgate Group Practice, 44 North Hill, Highgate, London, N6 4QA. Other practice policy documents are also available online.

Telephone number: 020 8340 6628

This website collects some personal data from users, as stated in our website provider’s Privacy Policy.

Our Practice aims to ensure the highest standard of medical care for our patients and we are committed to protecting and respecting your privacy. To do this we keep records about you, your health and the care we have provided, or plan to provide, to you. This Privacy Policy does not provide exhaustive details of all aspect of the collection and use of personal information by the practice. However, we are happy to provide any additional information or explanation needed.


Data Controller
Highgate Group Practice is the data controller for your information. We are contracted by NHS England under a General Medical Service (GMS) contract to provide Primary Healthcare services to local residents & other individuals registered with the Practice.

Data Protection Officer
You can contact the data protection officer by post at the practice address, addressed for the attention of the Data Protection Officer, or by email to
Name: Steve Durbin
Email: [email protected]

Purpose of processing your data

  • We use your information to provide you with the best possible direct care services.
  • Your information is also used for indirect care, planning, research, auditing and population health management. A national opt-out from some of these purposes is available.

Lawful basis for processing your data
We process your data in the public interest for purposes focused on delivering healthcare – UK GDPR article 6 1(e). For special category personal data (e.g. health) our lawful basis is UK GDPR article 9 2(h) – processing necessary for medical/social care or management of same. For some information we process your data to fulfil our legal obligations – UK GDPR Article 6 1(c).

The categories of personal data concerned
We use name, address, date of birth, postcode, NHS number to identify you. We also keep data on your medical/health status which may include other sensitive data where relevant to your health e.g. your racial or ethnic origin, religious or philosophical beliefs, genetic data, sexual life and sexual orientation data.

Potential recipients of your data
We share data with other healthcare providers (e.g. hospitals) for delivery of your care. We also share with organisations for the management of health and care, and for indirect purposes as noted above. NHS England require us to supply data to them under Data Provision Notices, which is used for a variety of purposes including the NHS App.

How long your data will be retained
We only keep your data as long as is required by law. Data is retained following national records management practice, available in the full notice.

Your rights
You have the right to receive information on our uses of your information (this notice is part of that). The right to access, view or request copies of your records; request rectification of inaccuracies in your record, restrict or object to processing of your information. These rights are not absolute and are qualified in certain circumstances. You also have the right to complaint to our Data Protection Officer or the Information Commissioner if you are dissatisfied with out use of data

Safeguards if data is transferred to a country outside the UK.
When we use suppliers outside the UK, we ensure that the suppliers we use had full safeguards for your data and your legal rights are protected. We do not transmit data elsewhere except where legally required to (e.g. if you move to another country and ask us to share your data with local healthcare). When we do so, we insist on secure transmission.

The London Care Record – Your Data, Your Health
The Health Information Exchange has joined with the London Care Record.
This means your information will be available at any care setting within London, making sure those providing care to you have the best information

What does this mean for me?
When you visit a care setting such as a hospital, an urgent care centre or another GP in the London area, they will have access to your health data for the purposes of providing you with care.

Can I see who has accessed my data?
Yes, any access to your data is visible in the NHS App. It will tell you which organisation accessed your data, so you can check if this is appropriate.
If you have concerns about any accesses, please inform the practice.

Where can I get answers to my questions?
Details for OneLondon’s full programme, including this sharing are at:

Details for North Central London and the frequently asked questions are at NCL Health and Care

If you don’t have online access, please ask in the practice and they can provide information.

Can I opt out of this sharing?
Yes, you can – but bear in mind this is for your care, so opting out may mean that those treating you may not have the best and latest information about your health.
To opt out, please visit the North Central London website above, or ask in the practice.

I have questions not answered. Can I contact the Data Protection Officer?
Our Data Protection Officer is contactable via the following methods:
By mail:
Address your letter to the Data Protection Officer at this practice.

By email:
Send an email to [email protected], and mention “Highgate Group Practice” in the subject line.


Fair proccessing notice for patients

Your Information, Your Rights

Our Fair Processing Notice explains why we collect information about you and how that information may be used to deliver your direct care and manage the local health and social care system.

The notice reflects:

  • What information we collect about you;
  • How and why we use that information;
  • How we retain your information and keep it secure;
  • Who we share your information with and why we do this.

The notice also explains your rights in relation to consent to use your information, the right to control who can see your data and how to seek advice and support if you feel that your information has not been used appropriately.

A patient leaflet and/or a full copy of the Fair Processing Notice is available via our website at or from Reception.

Access to Medical Records

The UK General Data Protection Regulation (UK GDPR), which was implemented in the UK through the Data Protection Act 2018, gives individuals the right of access to their personal data from any health and care organisation that holds records on them.  This right is commonly referred to as ‘subject access’.

Patients can complete and submit an online subject access request form or download and send this paper form:

The Practice will normally respond to a Subject Access Request within one calendar month of receipt but it might take longer if there is a need to copy paper records. This period will not commence until the Practice is satisfied as to the identity and authority of the applicant.

Solicitors applying are advised that they should provide evidence that they are acting for the data subject although a signed authority is NOT required if the solicitor is in good standing and registered as practicing by the Law Society. The practice is aware of the code of practice on use of medical information for insurance requests and will ensure that this guidance is followed; solicitors not following it will be reported to the regulatory bodies.
The Practice may seek further information from the applicant as to the specific information requested. Any request for clarification may suspend the one calendar month period until the required information is received.

We can only process Subject Access Requests from active patients or Access to Health Care Records Act 1990 for individuals who have passed away and were registered in our practice at the time of death.

PCSE will process the Access to Health Records request if: the deceased patient was unregistered at the time of death.

PCSE stores NHS GP medical records for people who are no longer registered with a GP, for example, patients who move abroad or are registered with a private GP.  Please follow the link to contact Primary Care Support England