How we use your data

Note: For information about how website users’ information is used when browsing this website, please see the website Privacy Statement

Your information, your rights (fair processing notice)

(Fair Processing Notice is also known as Privacy Notice)
As we process personal data, we are legally obliged to be on the Data Protection Register held by the Information Commissioner’s Office (ICO). Our registration number is XXX XXXX XXX

This Data Privacy Notice is to assure you of our compliance with the General Data Protection Regulation (EU) 2016/679 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

All individuals for whom we hold data have the same rights under the General Data Protection Regulation, although the legal basis for processing the data and the retention periods for individual records may vary depending on the reason we hold the data — i.e. whether you are a patient or member of staff.

What information do we keep about you?

Patients

For patients collectively, all the information we hold about you is called your health record. It includes general personal information (such as your name, address, next of kin and GP) and Special Category Personal Data relating to health (such as reports, test results, operations and other treatments), ethnicity, religion and, where appropriate, genetic, sexual orientation etc.

These records exist in either paper or electronic formats or both. They are secured by appropriate security measures to comply with UK legislation, eg Computer Misuse Act 1990. We obtain and hold this data under GDPR Article 6 (1) (e), (b), (c) and in special cases (d). For Special Category Personal Data, under Article 9 (2) (h).

Carers/next of kin

As part of a patient’s health record, we record next of kin and, where relevant, carers’ details.

Staff

If you are a member of staff, then the information we hold is about your employment and related information—this is known as your staff record. We hold this information mainly in electronic formats, though for older records it may be in paper formats at this time. We obtain and hold your information under Article 6 (1) (b) “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract” and (c) “processing is necessary for compliance with a legal obligation to which the controller is subject”—and Article 9 (2) (b) “processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.”

If you are both a member of staff and a patient, then two sets of records are maintained.

How is information about you used?

Records about you are used by those caring for you to:

  • Provide a good basis for all healthcare decisions by you and healthcare professionals
  • Enable you to work in partnership with those providing care
  • Make sure the care we provide is safe and effective
  • Work effectively with others providing you with care
  • Remind you about appointments

If we need to use information that identifies you for more than your direct care, or to check the quality of that care, we will always seek your consent beforehand.

Who do we share your information with?

The above uses of your data will involve sharing your information with other health and social care professionals involved in your care, such as doctors, nurses, therapists and your GP as well as some administrative staff.

We are also required by law to report certain information to the appropriate authorities—for example notification of new births and incidences of certain communicable diseases, crimes or suspicion of terrorist acts to the police or other UK bodies, for example General Medical Council, Healthcare Safety Investigation Branch of NHS investigations.

Whenever we share information with other organisations we do this in line with the Data Protection Act and the NHS Confidentiality Code of Practice (2003) and relevant legislation or court order and we share the minimum amount of information.

We do not share information, in the ways described above, regarding treatment you may have received in the specialities of sexually transmitted infections and human fertilisation and embryology (not withstanding any legal requirements imposed on the Trust).