Following the introduction of the General Data Protection Regulations (GDPR) and the Data Protection Act 2018, we are required to explain how we collect and use your information, how it is stored and for how long.

What information do we collect about you?

Whenever you see one of our care professionals they will make a record of their visit. They will also make a note about what happened at the visit and the support you were given.

We make every effort to ensure that the information we collect is up to date and accurate. If you have any concerns about the accuracy of the information that we hold, then please speak to your care professional(s) in the first instance.

Why do we keep this information?

We need to keep this information in order for the care professionals to see what advice, support or treatment you have had and to ensure that it is appropriate. We are also legally required to keep certain information about you. This information may also be used, in an anonymised form, for the purposes of service delivery and audits.

Why we collect information and how your information helps us is explained in our leaflet What happens to the information you collect about me.

Lawful basis for using your personal data

Where Bromley Healthcare is contracted either by Clinical Commissioning Groups (CCG) or local authority to provide Healthcare services, we will process your information under the Public Interest basis. However, in certain circumstances, e.g. Adult safeguarding, then we will be processing information as a Legal obligation.

How long do you keep my information for?

Bromley Healthcare keeps records in accordance with the Records Management Code of Practice for Health and Social Care 2016 retention schedules.

Do you share my information?

As a Data Controller, Bromley Healthcare has a number of sharing agreements with other organisations to share information for the legitimate interest of providing direct care, or to protect the vital interests of individuals; in order to prevent serious harm either to them or others. Where we do share information with other organisations, we only share the minimum amount of information necessary.

We have teamed up with Guy’s and St Thomas’ NHS Foundation Trust, South London and Maudsley NHS Foundation Trust and Kings College Hospital NHS Foundation Trust to share information through the Local Care Record. This allows the clinicians who are treating you, to be able to view clinical information from the other organisations. If you do not want your information to be shared in this way, then please contact Guy’s Patient Advice and Liaison Service (PALS), who will be able to assist you.

We also have a sharing agreement with a number of GP practices within Bromley. This allows Bromley Healthcare and the GP practice, to be able to see what treatment is being carried out, or due to be carried out, by the other organisation.

We may also share information with professionals from other organisations, e.g. Local Council, where we are working with them to provide a service to you.

There may also be times when we have to share information with other organisations when there is a statutory duty to do so, e.g. a court order.

Who can see my information?

Only staff who are involved in your treatment can view your information. This may include staff who, in the course of their duties, provide administrative support to clinicians, e.g. writing letters or arranging appointments.

In addition to legal requirements, such as the Data Protection Act, all staff are subject to the Common Law Duty of Confidentiality and the NHS Confidentiality Code of Conduct.

You can request to see this information

To request a copy of your records, you will need to approach the organisation who made the notes in the first place. They are not all held in one place. So, for example, to see notes made by your Bromley Healthcare district nurse, please contact us. To see notes made by your GP, please contact your surgery, and to see notes made by your hospital consultant, please contact the hospital.

To protect your confidentiality there are a few steps to go through so that we know we are providing information to the right person and we don’t compromise your right to privacy.

If you would like to see your health care records from Bromley Healthcare services, please email: or write to:

Access to Records
Bromley Healthcare CIC Ltd
Central Court
1 Knoll Rise
Orpington BR6 0JA

Is my information held securely?

Under Data Protection legislation, information relating to an individuals’ health is classed as a ‘Special Category of personal data’ and as such require us to ensure that appropriate security is in place to protect your information. Where we provide information to other organisations, we will also ensure that they hold your information to the same standard of security. We do not hold or process service user's information outside the UK.

Data Privacy Impact Assessments

In order to meet our requirements under the General Data Protection Regulations, Bromley Healthcare has, under certain circumstances to complete a Data Privacy Impact Assessments (DPIA). This is a process which helps assess privacy risks to individuals and identifies the legal basis for the collection, use and disclosure of information, known as processing. This helps us to ensure that the information we hold, or plan to hold, will be secure and lawful.

All new projects, initiatives and processes that involve using or sharing personal information require a Data Protection Impact Assessment to be completed at the initial stages and prior to any procurement decision being made. Once completed, all DPIA’s when are submitted to the Data Protection Officer and the Information Governance Steering Group for approval.

Objections and complaints

If you have a complaint about the way your personal data has been handled; believe it is inaccurate, held for too long or it is not secure you can contact our Data Protection Officer (DPO) who will investigate the matter. They can be contacted by e-mail at:

If you are not satisfied with the response or believe your data is not being processed in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

The ICO is the regulator for data protection and upholds information rights. More information is available on the ICO website


How we use cookies 

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work more efficiently, and sometimes provide useful information to the owners of the site. 

There are some cookies necessary to this site functioning, such as interacting with our accessibility toolbar. These cookies will usually remove themselves when you close your browsing session. More information can be found in the ‘Necessary cookies’ section. 

We use some additional cookies, such as Google Analytics, to help us gather information and improve the website. You have the option to deny use of these cookies; more information can be found in the ‘Additional cookies’ section. 

You can find more information on managing and deleting cookies on About Cookies


The following cookies are necessary to our site functioning. 

Cookie Purpose Expiry
cookieconsent_status  Persistently records your option regarding additional cookies.  1 year


Necessary accessibility cookies 

The following necessary cookies allow the functions within our accessibility toolbar to work optimally. 

Cookie Purpose Expiry
accessibility-controls  Records option regarding additional cookies.  End of browsing session
saveFontSize  Allows the website (CMS) to record if the user’s font size selection.  End of browsing session
contrast-mode Allows the website (CMS) to record the user’s contrast mode selection.  End of browsing session
googtrans  Allows the language of page content to be changed and records the language selected.  End of browsing session


The following third-party cookies are used for analytical and media purposes. 

If you do not accept use of these additional cookies, some third-party media content – such as YouTube, Vimeo or Google Maps – may not load on this website. 

Analytics cookies 

In order to help us to improve the content, format and structure of this website we record and analyse how visitors use the using Google Analytics. 

You can read Google’s extensive information on data practices in Google Analytics

You can opt-out of Google Analytics on our website by denying additional cookies or by using the Google Analytics Opt-out Browser Add-on

Cookie Purpose Expiry
_ga Distinguishes user for Google Analytics.  2 years
_gid Distinguishes user for Google Analytics.  1 day
_gat Throttles request rate for Google Analytics.  1 minute
_ga_{ID}  Persists session state for newer versions of Google Analytics.  2 years
_gat_gtag_UA_{ID}  Persists session state for older versions of Google Analytics.  1 minute
__utma  Distinguishes user and session for Google Analytics.  2 years
__utmb Determines new session or visit for Google Analytics.  30 minutes
__utmc Determines new session or visit for Google Analytics.  End of browsing session
__utmz Stores traffic source for Google Analytics.  6 months


Embed cookies 

We may use embeds from YouTube, Google Maps or Vimeo on our site to display content. That content uses the following third-party cookies. Where possible, we will use privacy-oriented settings to ensure as few cookies as possible require consent. 

These additional cookies that remain, and the content from which they stem, will not display on the site unless you choose to ‘Accept additional cookies’. 

Cookie Source Purpose Expiry
CONSENT YouTube ( Google cookie tracking consent with analytics and/or ad integration.  2 years
CONSENT Google Maps ( Google cookie tracking consent with analytics and/or ad integration.  2 years
__cf_bm  Vimeo ( Vimeo ClouldFlare layer which filters out requests from bots.  30 minutes


Captcha cookies 

We use Google reCAPTCHA in order to verify whether or not you are a human when submitting data to the website. Most of the time, this will only be present on pages containing forms. 

Cookie Source Path Purpose Expiry
Google ( /recaptcha Provides risk analysis to Google spam protection.  6 months