Privacy, GDPR and Cookies

What is a Privacy Notice?

A privacy notice is a statement that discloses some or all of the ways in which the practice gathers, uses, discloses and manages a patient’s data. It fulfils a legal requirement to protect a patient’s privacy.

Why do we need one?

To ensure compliance with the General Data Protection Regulation (GDPR) the Lunesdale Surgery must ensure that information is provided to patients about how their personal data is processed in a manner which is:

Concise, transparent, intelligible and easily accessible

Written in a clear and plain language, particularly if addressed to a child

Free of charge

What is the GDPR and how do we communicate our privacy notice:

The GDPR replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way in which organisations across the region approach data privacy. The GDPR came into effect on the 25th May 2018.

At the Lunesdale Surgery the practice privacy notice is available from reception and on the website. We will:

Inform patients how their data will be used and for what purpose

Allow patients to opt out of sharing their data should they wish to

Risk Stratification

Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions e.g. cancer. Your information is collected by a number of sources, including the Lunesdale Surgery; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.

What information do we collect about you?

We will collect information such as your personal details, including name, address, next of kin, records of appointments, visits, telephone calls, your health records, treatment and medications, test results, x-rays etc. and any other relevant information to enable us to deliver effective medical care.

How do we use your information?

Your data is collected for the purpose of providing direct patient care; however, we can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research, however, we will always gain your consent before sharing your information with medical research databases or other when the law allows. Information will not be disclosed to family, friends or spouses unless we have your prior written consent.

How we keep your records confidential

Everyone working for the NHS has a legal duty to keep information about you confidential.

The Lunesdale Surgery is committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security as well as guidance issued by the Information Commissioner’s Office (ICO).

Accessing your records

You have the right to access the information we hold about you; if you would like to access your information you will need to complete a Subject Access Request (SAR) form, please ask at Reception for further information. Should you identify any inaccuracies, you have the right for this to be corrected.

Who are our partner organisations?

We may share information with the following main partner organisations:

NHS Trusts (Hospitals)

Ambulance Service

NHS England

NHS out of hours service

NHS Digital

Western Dales Primary Care Network


You have the right to object to your information being shared, should you wish to opt out of the data collection, please contact a member of staff who will be able to explain how you can opt out and prevent the sharing of your information outside of the practice.

What to do if you have any question

Should you have any questions about our privacy policy or the information we hold about you, you can contact:

The Practice Data Controller,
The Lunesdale Surgery,
Wellington Court,
Kirkby Lonsdale,

Telephone: 01539 720241

The Data Protection Officer for the Lunesdale Surgery is:

Yvonne Selkeld
Information Governance Officer
Cumbria Partnership NHS Foundation Trust
Maglona House
Kingstown Broadway
Carlisle     CA3 0HA

Telephone: 01228 603961


In the unlikely event that you are unhappy with any element of our data-processing methods, you have the right to lodge a complaint with the ICO, for further details visit and select ‘Raising a concern’.

Medical Records – From September 2020

Lancashire and South Cumbria has been chosen by NHS England to be a national pilot for the digitisation of Medical Records.  Scanning these paper based records and making them digital will enable better utilisation of space, creating more clinical space, staff areas, multi team space and video hubs, removing the need for some practices to build extensions. In addition it will also make your record more easily and speedily accessible to clinical staff within your practice.

Your complete GP medical record will be digital and stored in a secure cloud based clinical system (only accessible by your GP practice) with the paper based records being securely destroyed following BS EN 15713:2009 Secure destruction of confidential material.  Your GP will still be able to access your records easily within this system. The scanning and destruction of the paper records will follow strict data protection guidelines adhered to by the NHS.  As with paper based records, digital records are stored for the durations specified in the Records Management Codes of Practice for Health and Social Care. For GP patient records, this states that they may be destroyed 10 years after the patient’s death if they are no longer needed.

If you wish to discuss the scheme, please inform the Practice direct either by letter or via e-mail

Cookie Policy

Cookies are files saved on your phone, tablet or computer when you visit a website. They store information about how you use the website, such as the pages you visit. This website does not collect any cookies.