Privacy – Drs Mirza & Partners (Luton)

Privacy Policy

Dr Mirza and Partners
Last updated: 14/10/25

Introduction

This Privacy Policy explains how Dr Mirza and Partners (“we”, “our”, “us”) collect, use, and protect your personal information.

We are committed to maintaining your confidentiality and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the NHS Confidentiality Code of Practice.

Data Controller:
Dr Mirza and Partners
The Surgery, 30 The Green, Hockwell Ring, Luton, LU4 9NN
Telephone: 01582 505355
Email: mirza.practice@nhs.net

If you have any concerns or questions about this policy or how we use your information, please contact the ICB (Integrated Care Board) NHS Bedfordshire, Luton and Milton Keynes (BLMK).

Information we collect

We may collect and process the following types of personal data about you:

Personal identifiers: name, date of birth, NHS number, address, contact details
Health and medical data: medical history, diagnoses, treatments, test results, medications, and referrals
Demographic details: gender, ethnicity, preferred language (to support equality and accessibility)
Next of kin / emergency contact information
Records of communications: appointment bookings, correspondence, online consultations
CCTV footage (if installed at the premises)

How we obtain your information

We collect your information directly from you and from other healthcare providers involved in your care, including:

NHS hospitals and clinics
Other GP surgeries (when you transfer or share care)
Pharmacies, laboratories, and diagnostic services
Community, mental health, and social care providers
National systems such as the NHS Spine and Summary Care Record

Why we collect and use your information

Your information is used to:

Provide you with safe, effective, and personalised healthcare
Manage your care and referrals
Communicate with you about appointments, test results, and treatment
Support public health, research, and service planning
Comply with legal and NHS contractual requirements
Prevent and detect fraud or serious harm

We only use the minimum amount of information necessary to achieve these purposes.

Legal basis for processing

Under the UK GDPR, we process your data because:

It is necessary for the performance of a public task (Article 6(1)(e)) — the provision of NHS healthcare services;
It is necessary for the purposes of medical diagnosis and treatment (Article 9(2)(h)) — processing special category health data.

In some situations, we may rely on your explicit consent (for example, participation in research or sharing data with third-party services). You may withdraw consent at any time.

Sharing your information

We share information only when necessary and appropriate for your care, or when required by law.

We may share your information with:

Other NHS and healthcare providers
Local authorities and social care services
NHS England and your Integrated Care Board (ICB)
Public Health England / UK Health Security Agency (UKHSA)
Approved research bodies (with appropriate safeguards)
IT system and clinical software providers under strict contracts
Police or safeguarding authorities (only when legally obliged)

We never sell or use your data for marketing purposes.

7. Health data analysis and research. (OpenSAFELY)

NHS England has been directed by the government to establish and operate the OpenSAFELY COVID-19 Service and the OpenSAFELY Data Analytics Service. These services provide a secure environment that supports research, clinical audit, service evaluation and health surveillance for COVID-19 and other purposes.

Each GP practice remains the controller of its own GP patient data but is required to let approved users run queries on pseudonymised patient data. This means identifiers are removed and replaced with a pseudonym.

Only approved users are allowed to run these queries, and they will not be able to access information that directly or indirectly identifies individuals.

Patients who do not wish for their data to be used as part of this process can register type 1 opt out with their GP.

Find additional information about OpenSAFELY.

8. How we protect your information

Your information is stored securely using NHS-accredited systems and protected by strong technical and organisational safeguards, including encryption and access controls.

We comply with the NHS Data Security and Protection Toolkit and regularly review our processes.

Records are kept in line with the NHS Records Management Code of Practice, typically retained for 10 years after death or after you leave the practice, whichever is longer.

9.Your rights

You have the right to:

Access your information (a Subject Access Request)
Request correction of any inaccuracies
Request deletion (where legally applicable)
Object to or restrict processing of your information
Request transfer of your data (data portability)
Complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we use your data

ICO contact details:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://ico.org.uk
Telephone: 0303 123 111

10.Use of our website and online services

If you use our website or digital services (e.g., online consultations or appointment booking), we may collect limited information such as IP addresses or cookies to improve site functionality and security.
You can manage cookies via your browser settings.

11. Updates to this policy

We may update this policy periodically to reflect changes in regulations or practice procedures. The latest version will always be available at reception or on our website.

Contact us

For questions or requests relating to your data, please contact:
Dr Mirza and Partners
The Surgery, 30 The Green, Hockwell Ring, Luton, LU4 9NN
Telephone: 01582 505355
Email: mirza.practice@nhs.net

Cookie Policy

Dr Mirza and Partners
Last updated: 14/10/25

Introduction

This Cookie Policy explains how Dr Mirza and Partners (“we”, “our”, “us”) use cookies and similar technologies on our website.

We are committed to protecting your privacy and ensuring transparency about how we collect and use data when you visit our site.

For information about how we handle your personal data more generally, please see our [Privacy Policy].

What are cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website.
They help websites work properly and can also be used to collect information about how visitors use the site.

Cookies can be:

Session cookies – deleted when you close your browser; or
Persistent cookies – remain on your device until they expire or are deleted manually.

How we use cookies

We use cookies on our website to:

Ensure the site works correctly and securely
Improve accessibility and performance
Remember your preferences (such as accessibility settings)
Collect anonymous statistics about site usage (to help us improve content and usability)

We do not use cookies to collect or store any personal health information, or to identify individual users.

Types of cookies we use

Type of Cookie	Purpose	Example
Strictly Necessary Cookies	Required for the website to function properly. These enable core features such as page navigation and access to secure areas.	Session cookies, security tokens
Performance / Analytics Cookies	Help us understand how visitors use our site so we can improve functionality. Data is collected anonymously.	Google Analytics (if used)
Functionality Cookies	Remember your preferences, such as text size or accessibility options.	Accessibility setting cookies
Third-Party Cookies	Some external tools (like NHS service widgets or maps) may set their own cookies.	NHS.UK services, embedded Google Maps

Managing your cookie preferences

When you first visit our website, you will see a cookie banner asking you to accept or reject optional cookies.
You can change your preferences at any time by adjusting your browser settings or visiting our cookie control panel (if available).

How to disable cookies in your browser

You can control or delete cookies through your web browser settings.
For example:

Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/help/4027947
Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac

If you choose to block all cookies, some parts of the website may not function as intended.

Cookies used by external services

Our website may include links to or embedded content from third-party websites (for example, NHS Digital services, online forms, or map widgets).
These third-party providers may set their own cookies when you interact with their content.
We recommend reviewing their privacy and cookie policies for more information.

Updates to this Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in law, technology, or our website services.
Please check this page periodically for updates.

Contact us

If you have any questions about our use of cookies, please contact:

Dr Mirza and Partners
The Surgery, 30 The Green, Hockwell Ring, Luton, LU4 9NN
Email: mirza.practice@nhs.net
Telephone: 01582 505355