Privacy Policy

The policy: This privacy policy notice is served by Northern Healthcare Man Ltd, trading as Summerhill Health, of registered address Marshall House Suite 21-25 124 Middleton Road Morden SM4 6RW, under the website; www.summerhillhealth.co.uk The purpose of this policy is to explain to you how we control, process, handle and protect your personal information through the business and while you browse or use this website. If you do not agree to the following policy you may wish to cease viewing / using this website, and or refrain from submitting your personal data to us.

Policy key definitions:

  • “I”, “our”, “us”, or “we” refer to the business, Summerhill Health.
  • “you”, “the user” refer to the person(s) using this website.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner’s Office.
  • Cookies mean small files stored on a user’s computer or device.

Key principles of GDPR:

Our privacy policy embodies the following key principles; (a) Lawfulness, fairness and transparency, (b) Purpose limitation, (c) Data minimisation, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.

Processing of your personal data:

This practice keeps medical records confidential and complies with the General Data Protection Regulation.

We hold your medical record so that we can provide you with safe care and treatment.

We will also use your information so that this practice can check and review the quality of the care we provide. This helps us to improve our services to you.

Under the GDPR (General Data Protection Regulation) we are required to provide you with the following information about how we handle your information.

We are registered with the ICO under the Data Protection Register, our registration number is: A8470649.

Data Controller
Summerhill Health
Data Protection Officer Mr Anthony Kiantos
Purpose of the processing To give direct health or social care to individual patients.,·,For example, when a patient agrees to a referral for direct care, such as to a hospital, relevant information about the patient will be shared with
the other healthcare staff to enable them to give appropriate advice, investigations, treatments and/or care.,To check and review the quality of care. (This is called audit and
clinical governance).
Lawful basis for processing These purposes are supported under the following sections of the GDPR:,Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; and,Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services...”,Healthcare staff will also respect and comply with their obligations under the common law duty of confidence.,If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
Recipient or categories of recipients of the processed data The data will be shared with:,healthcare professionals and staff in this surgery, diagnostic and treatment centres, or other organisations involved in the provision of direct care to individual patients; WriteUpp (a cloud-based medical notes system).
Rights to object You have the right to object to information being shared between those who are providing you with direct care.,This may affect the care you receive – please speak to Dr Summerhill. You are not able to object to your name, address and other demographic information being sent to NHS Digital.,This is necessary if you wish to be registered to receive NHS care.,You are not able to object when information is legitimately shared for safeguarding reasons. In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
Right to access and correct You have the right to access your medical record and have any errors or mistakes corrected. Please contact our Data Protection Officer should you wish to submit a ‘subject access request’.,We are not aware of any circumstances in which you will have the right to delete correct information from your medical record; although you are free to obtain your own legal advice if you believe there is no lawful purpose for which we hold the information and contact us if you hold a different view.
Retention period Medical records will be kept in line with the law and national guidance. Information on how long records are kept can be found at: https://digital.nhs.uk/article/1202/Records-Management-Code-of-Practice-for-Health-and-Social-Care-2016
Right to complain You have the right to complain to the Information Commissioner’s Office. If you wish to complain follow this link https://ico.org.uk/global/contact-us/


You can see more about these rights at:



Internet cookies

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device / computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.


Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Ltd. If the responsible body for the data processing that occurs via this website has their basis outside of the European Economic area and Switzerland, then the associated Google Analytics data processing is carried out by Google LLC. Google Ireland Limited and Google LLC. will hereinafter be referred to as “Google”.

Google Analytics uses “cookies”, which are text files saved on the site visitor’s computer, to help the website analyse their use of the site. The information generated by the cookie (including the truncated IP address) about the use of the website will normally be transmitted to and stored by Google.

Google Analytics is used exclusively with the extension “_anonymizeIp ()” on this website. This extension ensures an anonymization of the IP address by truncation and excludes a direct personal reference. Via this extension Google truncates the site visitor’s IP address within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional situations will the site visitor’s full IP address be transmitted to Google servers in the United States and truncated there. The IP address, that is provided by your browser in using Google Analytics will not be merged by Google with other data from Google.

On behalf of Summerhill Health, Google will use the information collected to evaluate the use of our website, to compile reports on website activity and to provide other website and internet related services to us (Art. 6 (1)( f) GDPR). The legitimate interest in data processing lies in the optimization of this website, the analysis of the use of the website and the adaptation of the content. The interests of the users are adequately protected by the pseudonymization of their data.

Google LLC. has certified their compliance with the EU-U.S. Privacy Shield Framework and on that basis, they provide a guarantee to comply with European data protection law. The data sent and linked to the Google Analytics cookies, e.g. user IDs or advertising IDs will be automatically deleted after 50 months. The deletion of data whose retention period has been reached is done automatically once a month.

You may refuse the use of cookies by selecting the appropriate settings in their browser. You can also prevent Google from collecting information (including your IP address) via cookies and processing this information by downloading this browser plugin and installing it: http://tools.google.com/dlpage/gaoptout

Further information concerning the terms and conditions of use and data privacy can be found at https://www.google.com/analytics/terms/us.html or https://www.google.com/analytics/learn/privacy.html.

Data security and protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.



Summerhill Health utilises WriteUpp, a cloud-based practice management programme, to manage patient information and data.

Where Summerhill Health and its staff are responsible for the input of Patient Data which may be collected, stored and processed as a result of our use of WriteUpp, we will be the Data Controller. WriteUpp will be a Data Processor only.

This is information we enter into WriteUpp about Patients when using WriteUpp may include, but is not limited to:



Email address;

Landline & Mobile Number

Insurer details

GP details

Medical records

Treatment plans

Letters & documentation

Communications with other healthcare professionals: and

Other information necessary for the operation of the Services and/or WriteUpp.


For more information concerning WriteUpp, its privacy policy and conditions for processing your information please click the following link https://www.writeupp.com/privacy-policy/.