What is a privacy notice?

The EU General Data Protection Regulation (GDPR) requires that Controllers provide certain information to people whose information (personal data) they hold and use. A privacy notice is one way of providing this information.

A privacy notice should identify who the Controller is, including contact details for the Data Protection Officer. It should also explain the purposes for which personal data are collected and used, how the data are used and disclosed, how long the data is kept, and the Controller’s legal basis for processing.

Why we collect information about you

In carrying out our role and responsibilities as a commissioner of services for people living in Richmond it is essential that the CCG has an understanding of the health and social care needs of our community.  The only way that we can achieve this is by using information that your GP, your clinician or your social worker has entered into your care record, as well as some information that is provided via external public sources such as, hospitals. This information may exist on paper or in electronic format and Richmond CCG ensures that these are kept safe and secure in an appropriate way.

We do not however, need to have and use all the information that is provided.  Where this is identified, information is de-identified by the Data Services for Commissioners Regional Offices (DSCRO) prior to being shared with the rest of the CCG for its use. Further information regarding this, can be provided on request.

We may keep your information in written form and / or in digital form. The records may include basic details about you, such as your name and address or may also contain more sensitive information about your health and social care usage and also information such as outcomes of needs assessments.

Richmond CCG may collect information about you which helps us to respond to your queries and help us to design services to improve the health needs and outcomes of local people.

How we use your information

Please select the information that is relevant to you from the list below for full details on how your information is used.

CCG oversight and responsibility

Richmond CCG is supported by a number of key roles within the CCG led by the Senior Information Risk Owner, who is accountable for information risk management within the CCG; The Caldicott Guardian who advises the CCG on specific issues relating to the use of patient confidential data and the Data Protection Officer who provides advice and support to the CCG on Data Protection compliance and monitoring obligation. These roles have oversight of the handling of information within the CCG or by any support organisations we may buy services from.

For more information on these roles please contact

NEL Commissioning Support Unit
3rd Floor
1 Lower Marsh, Waterloo, London SE1 7NT