This website uses cookies to function correctly.
You may delete cookies at any time but doing so may result in some parts of the site not working correctly.

Privacy Notice

Privacy Notice

Crickhowell Group Practice is committed to protecting your personal information in accordance with the law. We will ensure that your information is safe and only used for the legal purposes for which we can use it. This privacy notice explains how your personal information is processed and our purpose for processing.

What information do we hold and where does it come from?

Crickhowell Group Practice holds records about you which may include the following:

  • Personal identifiers and demographic information consisting of such things as your name, date of birth, title, gender, address, email address, phone number.
  • Your family, spouse and partner details.
  • Sensitive data (special category):- racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health/medical data, civil / criminal proceedings or actions, genetics and biometrics.
  • Any contact the Practice has had with you such as appointments, clinic visits, emergency appointments etc.
  • Notes and reports about your health.
  • Details about your treatment and care, including medication.
  • Results of investigations, such as laboratory tests, x-rays etc.
  • Relevant information from other health and social care professionals from relatives or those who care for you.


How do we keep your information confidential?

Your Medical records maybe held on a computer, on paper or a mixture of both and we use a combination of sound working practices and technology to ensure that your information is kept confidential and secure. We will protect your information through:

  • Training – staff are trained to understand their duty of confidentiality and their responsibilities regarding the security of your information when on our premises and in the community, such as, at your home.
  • Access controls – all staff using computer systems will be given their own username and password to access your information; much like you do when using your computer at home to access your bank account or online utility bills.
  • Audit trails – we will keep a record of staff who has accessed your health record or added to your record. We use this to show who has accessed your information.
  • Records storage – all healthcare records are stored in secure locations. Our data centres where we hold your information on computer are in secure places with very tight entry controls.


How do we use your information?

Healthcare professionals who provide you with care maintain records about your health and any treatment or care you receive. These records help our staff to provide you with the best possible health care. This may include your medical records, complaint files, job applicants etc. We will also use your information to help us manage the Practice and for statistical purposes. There will be times when it is appropriate for us to share information about you and your healthcare with others such as secondary care, other healthcare providers, social care and others. The need to share relevant information is to help us work together for your benefit.

How long do we keep your information for?

We will hold your data in accordance with the law and the Practice uses national guidelines to determine when your records can be destroyed.

Accessing or amending your information?

Under the law, you have a number of rights about your information including.


  • Being able to request copies or to view what information the Practice holds about you. This is known as a Subject Access Request.
  • You also have the right to have information about you amended should it be inaccurate.


If you require further information about your rights please click HERE.

If you wish to make a Subject Access Request or to request that your record is amended please contact us in writing.


How to contact us

If you have any concerns about how your information is managed within the Practice please check this website for details on how you can complain or report a concern.

If you would like further information about how we use your information, or if you do not want us to use your information in this way, please contact the Practice Manager.

Should you have any other queries, please contact the Practice’s Data Protection Officer (TO BE APPOINTED) or email:

Crickhowell Group Practice is classified as a Data Controller for the purposes of data protection and is required to register with the regulator, the Information Commissioner’s Office (ICO).

If you wish to escalate your concerns, you should contact the Information Commissioner’s Office via

Click here for our Privacy leaflet.


NHS WalesThis site is brought to you by My Surgery Website