Let's talk

What would you like to do?


Privacy Policy

Privacy Notice

This Privacy Notice tells you what to expect when Total Billing Solutions (trading as GP Billing) collects your personal data.

We act as data processors, acting on the instructions of your GP Practices, who remains the data controller.

We are committed to compliance with data protection legislation, as well as your rights to confidentiality and respect for privacy. Total Billing Solutions will ensure that it keeps your personal data accurate and secure to provide you with efficient services.

We will only use the data it holds about you in accordance with the law. We will also only collect the minimum data necessary, and when it no longer has a need to keep your data, it will be disposed of in a secure manner.

We have a Data Protection Officer who makes sure we respect your rights and comply with the law. If you have any concerns about how we look after your personal data, please contact the Data Protection Officer:


or writing to us at Total Billing Solutions, PO BOX 522, St Helier, Jersey, JE4 5LF.

Do you know what personal data is?

Personal data is any information that relates to an identifiable living individual directly or indirectly. This includes data that when combined with other data can then identify a person. For example, your name and contact details.

A separate category of personal data is “special category”, which includes:

  • Sexuality or sexual health
  • Religious or philosophical beliefs
  • Ethnicity
  • Race
  • Physical or mental health
  • Trade union membership
  • Political opinion
  • Genetic or biometric data
  • Criminal history

Total Billing Solutions does not process any of your special category personal data, however we do process:

  • Your name
  • Your email address or addresses
  • Your address
  • Your phone number or numbers, including mobile phone
  • Your date of birth and gender
  • NHS number
  • Your financial details, in so far as they relate to the services you us at your GP Practice 

Why do we need your personal data?

We may need to use some information about you to:

  • Process payment data on behalf of GP Practices.

This data may include your name, address, and contact details, so that we may send you invoices and statements of your account.

We also process information on the names users of our systems within GP practices, as part of our authentication and audit processes.

This processing allows your GP Practice to accurately bill you for any non-NHS services that you have used. Your GP Practice will be able to provide you more details on what these services may include.

When processing your personal data, we must have legal reason to do so. Your GP is the data controller and Total Billing Solutions is the data processor, meaning that our legal basis for processing your information is:

  • Public Interest – necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, in this case, your GP Practice.

Who do we share your information with?

We do not share your personal data with anyone, except the GP Practice that you have used for your services, and who are the data controller.

Transferring data outside the European Economic Area (EEA)

All personal data is stored within the United Kingdom and is not transferred outside of the UK.

How does the Total Billing Solutions keep your personal data secure?

Total Billing Solutions secures your personal information from unauthorised access, use or disclosure. This is achieved by applying privacy and security by design principles, understanding of our information assets and risks, which we manage with carefully selected security controls, which may be based in technology, people and their skills, or consistent processes.

Individuals Rights

Individuals have certain rights in respect of their own personal data:

  1. The right to be informed

This emphasises the need for transparency over how Total Billing Solutions uses your personal data, this will be done typically through a privacy notice at the time your data is obtained.

  1. The right of access

Individuals have the right to obtain confirmation that their data is being processed and access to their personal data held by the Total Billing Solutions

  1. The right to rectification

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.

  1. The right to erasure

The right to erasure is also known as ‘the right to be forgotten’. This enables an individual to request that the Total Billing Solutions deletes or removes their personal data where there is no compelling reason for its continued processing.

  1. The right to restrict processing

Individuals have the right to block or supress processing of personal data where there is no compelling reason for the processing. When processing is restricted the organisation will be permitted to store the personal data, but not further process it, and will retain just enough data about you to ensure that the restriction is respected in future.

  1. The right to data portability

Individuals has the right to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

  1. The right to object

Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercises of official authority, direct marketing (including profiling) and processing for purposes of scientific/historical research and statistics.

  1. Rights in relation to automated decision making and profiling

This provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.

Further information on your rights can be found at:


If you wish to exercise any of the rights set out above, please email us at danny.bannister@gpbilling.co.uk.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive or refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO) https://www.oicjersey.org or the UK supervisory authority for data protection issues (www.ico.org.uk).

We appreciate that people wish to ensure that their personal data is appropriately protected and handled lawfully, therefore we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.