Privacy Notice

We understand how important it is to keep your personal data safe and secure and we take this very seriously. We have taken steps to make sure your personal data is looked after in the best possible way and we review this regularly.

Please read this privacy notice (‘Privacy Notice’) carefully, as it contains important information about who we are and how we collect, store, use and share your personal data. This privacy Notice also explains your rights in respect of your personal data.



We are required to provide you with this Privacy Notice by Law. It explains how we use any personal data we may collect, store and hold about you. If you are unclear about how we process or use your personal data, or you have any questions about this Privacy Notice or any other issue regarding your personal data then please contact:

Data Protection Officer: Felicia Ayo-Ajala

Address: NHS North West London CCG, Ferguson House 15 Marylebone Road London NW1 5JD.

The Law says:

  • We must let you know why we collect personal data about you;

  • We must let you know how we use any personal data we hold on you;

  • We need to inform you in respect of what we do with it;

  • We need to tell you about who we share it with or pass it on to and why; and

  • We need to let you know how long we can keep it for.



Kilburn Primary Care Co-Op Limited is a not-for-profit social enterprise that specialises in the provision of high-quality primary care services. Founded in 2009 by general practices in south Brent, Kilburn Primary Care Co-Op Limited’s ethos is about improving the health and wellbeing of local communities and putting patients at the centre of care. Our email address is:

As part of our function as a GP federation we hold contracts and funding awarded to us by NHS North West London CCG in order to support the delivery of primary and community care services that are equitably and consistently accessible to patients.

We are the Data Controller of your personal data. This means we are responsible for collecting, storing and handling your personal data.

There may be times where we also process your personal data. That means we use it for a particular purpose and, therefore, on those occasions we may also be Data Processors.


  • We, Us, Our means Kilburn Primary Care Co-op Ltd

  • Personal data means any information that relates to an identified or identifiable individual



When you deal with us by telephone or email or when you contact us via our website, we may collect information from you which will include:

  • Your name

  • Your Practice name/address

  • Your role/job description

  • Your personal mobile number

  • Your email address


Where we hold contracts and funding awarded to us by NHS North West London CCG, we will enter into arrangements with a sub-contractor whereby they will access collect, store, use, disclose, maintain or process any patient identifiable data on our behalf. In these circumstances, although we will not have access to your personal data we will ensure that we have the right data sharing agreements in place to ensure that your information is secure and protected and only used for the purposes of the contracted services.

In the event that a sub-contractor wishes to appoint another sub-contractor, then it shall not be permitted to do so without our consent. In these circumstances, we will ensure that any further sub- contractor is obliged to meet the same compliance conditions in order to safeguard your information.


The data we collect about you is added to a contact list held on domain and we will only use this personal data when we send out email communications about the services (including training and events) we provide to you.


Where we use third parties to process or use your personal data (i. e where that third party performs services on our behalf), we will ensure we have a robust agreement in place which makes it clear that the third party must comply with Regulation (EU) 2016/679 (The General Data Protection Regulation) 2016 (GDPR), the Data protection Act 2018 and any other data protection legislation.

Any personal data that a third party may receive about you from us will only be used in a manner that is consistent with the aims of Kilburn Primary Care Co-op Ltd.

Sometimes, we are required to provide information to the commissioners (CCG or NHSE). This means that although we do not deliver on any commissioned services we may have to audit the services provided on our behalf. We always ensure we have appropriate arrangements and agreements in place to audit and we ensure that we only use the information for the purposes of that audit. Any information we pass to the commissioners is anonymised or pseudo-anonymised.

We do not share your personal data with any other third parties unless we have obtained your consent.


Under data protection legislation we can only collect and use your personal data if we have a proper reason in law to do so.

We have a legal basis to collect and use your personal data where either:

  • You have given us your consent. You are able to remove your consent at any time by contacting us via email:

  • We have a legitimate interest to do so, that is to say, where we have an expected business or commercial reason to use your personal data bearing in mind the role we are engaged to perform on your behalf. Irrespective of this, we still make sure we only use your information for the purposes of fulfilling our obligations as your GP Federation as long as this is not overridden by your rights and interests.

  • We have a contract with you

  • Where the Law obliges us to provide your information to an organisation



You have the following rights, which you can exercise free of charge:

Access and Subject Access Requests

You have the right to see what personal data we hold about you and to request a copy of this information.

If you would like a copy of the personal data we hold about you, please email We will provide this information free of charge however, we may in some limited and exceptional circumstances have to make an administrative charge for any extra copies if the information requested is excessive, complex or repetitive.

We have one month to reply to you and give you the information that you require. We would ask, therefore, that any requests you make are in writing and it is made clear to us what and how much information you require. 


 We want to make sure that your personal data is accurate and up to date. You have the right to require us to correct any mistakes in any personal data we hold about you.


You have the right to ask us to delete your personal data, in certain situations.


You have the right to object in certain circumstances to our continued use of your personal data and you have the right to object at any time to your personal data being processed.

Restriction of processing

You may ask us to restrict the use of your personal data in certain circumstances such as when you are contesting the accuracy of the personal data we hold about you.

Data Portability

 You have the right to receive from us the personal data you provided in a structured and commonly used and machine-readable format and you usually have the right to ask us to transmit your personal data to a third party.



We carefully consider any personal data we store about you, and we will not keep your personal data for longer than is necessary for the purposes as set out in this Privacy Notice.


If you have a concern about the way we handle your personal data or you have a complaint about what we are doing, or how we have used or handled your personal data, then please contact us in the first instance via email:

However, you have a right to raise any concern or complaint with the UK information regulator, at the Information Commissioner’s Office:


The only website this Privacy Notice applies to is If you use a link to any other website from our website then you will need to read their respective privacy notice. We take no responsibility (legal or otherwise) for the content of other websites.


We take the security of your personal data very seriously and we do everything we can to ensure that your data is always protected and secure. We regularly update our processes and systems and we also ensure that our staff are properly trained. This includes any passwords we use which we change on a regular basis. We also carry out assessments and audits of the information that we hold about you and make sure that if we provide any other services, we carry out proper assessments and security reviews.


We regularly review and update our Privacy Notice and when we do, we will inform you on the home page of our website. This Privacy Notice was last updated on 01/04/2021.