Data protection

In order to provide the right level of care, we are required to hold personal information about you on our computer systems and in paper records to help us to look after your health needs, and your doctor is responsible for their accuracy and safe-keeping. Please help to keep your record up to date by informing us of any changes to your circumstances.

Confidentiality and Personal Information

Doctors and staff in the practice have access to your medical records to enable them to do their jobs. From time to time information may be shared with others involved in your care if it is necessary. Anyone with access to your record is properly trained in confidentiality issues and is governed by both a legal and contractual duty to keep your details private.

All information about you is held securely and appropriate safeguards are in place to prevent accidental loss.

In some circumstances we may be required by law to release your details to statutory or other official bodies, for example if a court order is presented, or in the case of public health issues. In other circumstances you may be required to give written consent before information is released – such as for medical reports for insurance, solicitors etc.

To ensure your privacy, we will not disclose information over the telephone unless we are sure that we are talking to you. Information will not be disclosed to family, friends or spouses unless we have prior written consent and we do not leave messages with others.

You have a right to see your records if you wish. Please e-mail your request to enquiries.w93049@wales.nhs.uk

How We Handle Data & Information

St Julian's Medical Centre manages patient information in accordance with existing laws and with guidance from organisations that govern the provision of healthcare in Wales such as the Department of Health and the General Medical Council.

We are committed to protecting your privacy and will only use information collected lawfully in accordance with:

  • General Data Protection Regulations (GDPR) 2018;
  • Human Rights Act 1998;
  • Common Law Duty of Confidentiality;
  • Health and Social Care Act 2012;
  • NHS Codes of Confidentiality and Information Security.

As data controllers, GPs have fair processing responsibilities under the General Data Protection Regulations 2018. In practice, this means ensuring that your personal confidential data (PCD) is handled clearly and transparently, and in a reasonably expected way.

Who is the Data Controller?

The Data Controller, responsible for keeping your information secure and confidential is St Julian's Medical Centre. Any changes to this notice will be published on our website and displayed in prominent notices in the surgery.

Who is the Data Protection Officer?

DHCW GMP DPO Support Service
DHCWGMPDPO@wales.nhs.uk 
Cardiff Office: Information Governance, Ty Glan-yr-Afon, 21 Cowbridge Road East, Cardiff, CF11 9AD
Mold Office: Media Point, Unit 3, Mold Business Park, Mold, CH7 1XY

The Partnership is registered as a data controller under the General Data Protection Regulations (GDPR) 2018. Our registration can be viewed on-line in the public register at www.ico.org.uk.

Page last reviewed: 29 May 2026
Page created: 24 March 2026