Privacy Notice

Primary Care Support Services (PCSS)

Last updated

October 2025

  1. Who We Are

Primary Care Support Services Ltd (PCSS)
Registered office: The Joiners Shop, The Historic Dockyard, Chatham, Kent ME4 4TZ
ICO Registration Number: ZB434585
Email: info@primarycaresupportservices.com

PCSS provides primary-care workforce, medicines optimisation and clinical-system support services to GP practices and Primary Care Networks (PCNs) across England.

  1. Purpose of This Notice

This privacy notice explains how PCSS collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

It applies to:
- Visitors to our website
- Our staff and applicants
- GP practices, PCNs, and patients whose data we process under contract

  1. What Data We Collect

Depending on your relationship with us, we may collect:

Contact details – name, email address, phone number, postal address
Employment information – CVs, references, DBS checks, HR records
Client information – practice/PCN contact details, service communications
Patient data – name, NHS number, date of birth, address, medications, conditions (accessed only under written instruction from the Data Controller)
Technical data (website) – IP address, browser type, analytics and cookie data

  1. Lawful Bases for Processing

We process data only when one or more of the following lawful bases apply:

Article 6(1)(b) – Performance of a contract
Article 6(1)(c) – Legal obligation
Article 6(1)(e) – Public task / exercise of official authority
Article 6(1)(f) – Legitimate interests (for website analytics and business operations)

Where we process special category data (such as health information), this is under:
Article 9(2)(h) – Provision or management of health or social-care services
Schedule 1 Part 1 Para 2 of the Data Protection Act 2018

  1. How We Use Your Data

We use personal data to:
- Deliver contracted support services to GP practices and PCNs
- Manage staff, HR, payroll, and training records
- Respond to enquiries and maintain client relationships
- Ensure clinical-system access, audit trails, and quality improvement
- Meet legal, regulatory, and security obligations

We never sell or share data for marketing purposes.

  1. Data Sharing

We share data only:
- With the Data Controller (e.g. GP practice or PCN) under our Data Processing Agreement;
- With authorised NHS bodies (e.g. ICBs, NHS England) where lawfully required;
- With contracted IT providers for secure data storage and communication.

All third parties are bound by written agreements ensuring UK GDPR compliance.

  1. Data Retention

We retain personal data only for as long as necessary to fulfil our contractual or legal obligations, or as instructed by the Data Controller. When data are no longer required, they are securely destroyed in accordance with EN 15713 and NCSC standards.

  1. International Transfers

PCSS does not routinely transfer personal data outside the UK. If a transfer becomes necessary, it will be protected using an ICO-approved International Data Transfer Agreement or adequacy decision.

  1. Data Security

We maintain appropriate organisational and technical measures, including:
- NHS Digital Data Security and Protection Toolkit (DSPT) compliance
- Encryption of all devices and portable media (minimum AES-256)
- Secure, audited access to clinical systems
- Annual staff data-security training
- Documented breach-reporting and incident-management procedures

  1. Your Rights

Under UK GDPR you have the right to:
- Access your personal data (Subject Access Request)
- Rectify inaccurate data
- Erase data ('right to be forgotten') where applicable
- Restrict or object to processing
- Data portability (where relevant)

To exercise your rights, contact info@primarycaresupportservices.com. We will respond within one month.

  1. Cookies and Website Analytics

Our website may use cookies or analytics tools (such as Google Analytics) to improve performance and user experience. You can manage or disable cookies in your browser settings.

  1. Data Protection and Breach Reporting

If you believe your data have been misused or handled inappropriately:
1. Contact the Data Protection Lead at PCSS – info@primarycaresupportservices.com
2. If you are not satisfied, you have the right to complain to the Information Commissioner’s Office (ICO): www.ico.org.uk/concerns

  1. Updates to This Notice

We review this notice annually or whenever there are significant changes to our data-processing activities.

If you’d like to know more about the business

LET'S TALK
© 2025 by Primary Care Support Services  |   Privacy Notice