Privacy Policy

Updated 16th October 2023

Use of this website, and all engagements are subject to these terms and conditions which reflect and are subject to the Data Protection Act 2018 ("DPA") and the General Data Protection Regulation 2018 (GDPR).


Updated on Monday 16th October 2023.

This privacy policy applies between you, the User of this Website and the Lingfield PPG. The PPG takes the privacy of your information very seriously. This policy covers use of this website and privacy issues to any engagements you have within the PPG. As a result, this privacy policy applies to all data processed by us or provided by you in relation to your use of this website and any communication. This policy does not cover third party contracts between you and third-party services providers such as NHS and Lingfield Surgery.

Definitions and interpretation

For the purposes of this privacy policy, the following definitions are used.

Lingfield Patients’ Participation Group (PPG) is a group of private individuals whose aim is to help the Surgery and patients mutually to achieve the best patient outcomes from the resources available.

Personal information is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal information. This includes, for example, the number of users of a website.

Data Protection Laws: any applicable law relating to the processing of Personal Information. Personal Information but including but not limited or the GDPR and DPA.

User, you or yours, for the purpose of this policy refers to any party that accesses the Website.

Principles of Data Processing

We will always endeavour to treat your personal data sensitively, but by submitting information on this web site, you are agreeing that we cannot be held liable for its accidental misuse. Specifically:

  • Why we collect personal data: This is to enable us to receive opinions and experiences from patients regarding Lingfield Surgery and to respond where requested and appropriate.
  • What information do we collect: We will store the contact details provided by you (typically email and telephone number). We will also store the content of the email you send us, for our own internal use and analysis.
  • What we do with that information: We collect information to advise the surgery about general opinions and trends relating to their service.
  • What we do not do with that information:. We will not discuss personal details relating to individuals with the Surgery or any other parties. All personal contact with the Surgery must be handled by you/the individual directly.
  • What would happen if information received from you falls out of this scope: Any information which falls outside of this scope will be deleted from our records unless the person to which it relates has specifically requested, for whatever reason, that we retain it.

We process users' personal information only in compliance with the DPA and the GDPR. As such User data is only processed if the following legal permissions exist:

  • in order to engage on relevant issues as pertains to the PPG’s Terms of Reference
  • with your consent
  • on the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic and security of our Platform within the meaning of Art. 6 para. 1 lit. f) GDPR, in particular in measuring reach and marketing purposes, and collecting access data and using third-party services).
  • The above legal bases are set out as follows:

    • Consent (Art. 6 para. 1 lit. a. and Art. 7 GDPR)
    • Processing for the fulfilment of our services and implementation of contractual measures (Art. 6 para. 1 lit. b) GDPR)
    • Processing for the fulfilment of our legal obligations (Art. 6 para. 1 lit. c) GDPR)
    • Processing to protect our legitimate interests (Art. 6 para. 1 lit. f) GDPR)

    Categories of data subjects and types of data processed.

    During the course of using engagement with the community and service providers, we process the following types of data from visitors and users:

    • personal data (e.g., names, addresses),
    • contact data (e.g., e-mail, telephone numbers),
    • content data (e.g., information shared with the PPG).

    Cooperation with processors and third parties

    If, in the course of our processing, we disclose data to other persons and companies, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, is necessary for the performance of our duties, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

    Your rights

    These rights are standardised in both the DPA and GDPR. This includes:

    • the right to information (Art. 15 GDPR),
    • the right to rectification (Article 16 GDPR),
    • the right to erasure (Article 17 GDPR),
    • the right to restriction of data processing (Article 18 GDPR),
    • the right to data portability (Article 20 GDPR),
    • the right to object to data processing (Article 21 GDPR),
    • the right to revoke any consent you have given (Art. 7 (3) GDPR), and
    • the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR).

    Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

    The Information Commissioner`s Office (ICO) is the relevant data protection supervisory authority in the UK. The ICO is located at Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO.


    We have a commitment to taking reasonable steps to ensure the security of your information. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of information, we use appropriate technical, organisational, and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration and destruction.


    Please note that no data transmission over the Internet is 100% secure. As a result, we cannot guarantee the security of the information that you transmit via our online services. Please note that we reserve the right to access and/or disclose the user information discussed herein (including personal information) as required by courts and/or administrative agencies and to the extent required to permit us to investigate suspected fraud, harassment, or other violations of law.

    Data Breaches/Notification

    Databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage because of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.