How we keep your personal information safe and secure
We understand how important it is to keep your personal information safe and secure and we take this very seriously. We have taken steps to make sure your personal information is looked after in the best possible way. We review our procedures regularly.
As data controllers, GPs have fair processing responsibilities under the UK GDPR/Data Protection Act 2018. This means ensuring that your personal confidential data (PCD) is handled in ways that are safe, transparent and what you would reasonably expect.
Please read our Privacy Poster and Privacy Policy carefully, as it contains important information about how we use the personal and healthcare information we collect on your behalf.
Mereside Medical Privacy Poster, April 2026 (see here)
- This practice handles medical records in-line with laws on data protection and confidentiality.
- We share medical records with those who are involved in providing you with care and treatment.
- In some circumstances we will also share medical records for medical research, for example to find out more about why people get ill.
- We share information when the law requires us to do so, for example, to prevent infectious diseases from spreading or to check the care being provided to you is safe.
- You have the right to be given a copy of your medical record.
- You have the right to object to your medical records being shared with those who provide you with care.
- You have the right to object to your information being used for medical research and to plan health services.
- You have the right to have any mistakes corrected and to complain to the Information Commissioner’s Office. Please see the practice Privacy Notice on the website or speak to a member of staff for more information about your rights.
- For more information please visit the practice.
My Care Record
Mereside Medical is part of My Care Record, an approach to improving care by joining up health and care information. Health and care professionals from other services will be able to view information from the records we hold about you when it is needed for your care. Please see the Fair Processing Notice (easy read version here) or visit www.mycarerecord.org.uk for more information.
Data Subject Access Request Policy, April 2026 (see policy here)
You have a right under the Data Protection legislation to request access to view or to obtain copies of what information the surgery holds about you and to have it amended should it be inaccurate. To request this, you need to do the following:
- Your request should be made to the Practice – for information from the hospital or other healthcare providers, you should write direct to them
- There is no charge to have a copy of the information held about you
- We are required to respond to you within one month, unless the request is ‘complex’, based on ICO guidance.
- You will need to give adequate information (for example full name, address, date of birth, NHS number and details of your request) so that your identity can be verified, and your records located information we hold about you at any time.
Privacy Policy (Notice), April 2026
Privacy-Policy-Notice-for-Patients-and-Staff-April 2026
ICO (Information Commissioner Office) Data Protection Registration Number
- Z8406116 (Mereside Medical)
Data Controller contact details
The Practice Manager, Haddenham Surgery, The Green, Haddenham, CB6 3TA
The Practice Manager, Staploe Medical Centre, Brewhouse Lane, Soham, CB7 5JD
The Practice Manager, Cathedral Medical Centre, Lynn Road, Ely, CB6 1DN
Email address for all Practices: [email protected]
Email address to submit Subject Access Requests to, according to the policy above: [email protected]
Data Protection Officer
Data Protection Officer, Cambridgeshire and Peterborough ICB, Gemini House, Bartholomews Walk, Cambridgeshire Business Park, Ely, CB7 4EA
Email address: [email protected]
