Why do we collect information about you?
Your doctor and the team of Health Professionals caring for you keep records about your health and any care or treatment you receive from the NHS. These records help to ensure that you receive the best possible care.
They will need to keep records, which may be written or held on computer, about your health and the care and treatment that you are receiving from them.

Do we have a lawful basis for processing your information?
Yes; The Trust has the following Lawful basis for processing your information under Article 6 of the UK-General Data Protection Regulation (UK-GDPR);
1 (e) the use of your information is necessary for The Trust to perform its task in the public interest or for us to provide health care to you.
In addition to this the Trust also uses special category data in line with Article 9 as follows:
2 (h) the use of information is necessary medical diagnosis, the provision of health care or treatment or the management of health care services

What will we collect?
The records that we keep about you will include:

  • Personal details about you, such as name, address, date of birth, next of kin and telephone numbers.
  • Sensitive details about you such as ethnicity, gender, what you are doing at the moment and what problems, if any, you may have.
  • Any contact that we have had with you previously.
  • Notes and reports about your health and any treatment you have and may receive.
  • Results of investigations and tests.
  • Relevant information from people who care for you and know you well such as other health professionals and relatives.

It is essential that we have your correct details to ensure the appropriate care and treatment is provided to you, if your details change please inform us as soon as possible.

What will we do with it?
Our staff will use this information to enable them to assess your health and to decide what care and treatment you will need. To maintain the accuracy of this information it will be regularly up dated and kept securely.

Your information can also be used for statistical purposes, including for reasons such as research, service planning and analysis; in these cases we take strict confidentiality measures to ensure that the information is anonymous so individual patients cannot be identified. Patient records can also be used within audit and for teaching purposes; in these cases we use anonymous information when possible.

Do we share your information?
Yes the Trust does share information. We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it.

You may be receiving care from other people as well as the NHS (e.g. Social Services). We may need to share information about you with them so we can all work together for your benefit. We will only ever pass this information about you if:

  • They have a genuine need for it such as where there is a danger of harm to a child or vulnerable adult or to aid the prevention and detection of serious crime
  • There is a court order
  • We have your consent

We will not disclose your information to a third party without your consent unless there are exceptional circumstances, such as when the health and safety of others is at risk or if the law requires us to.

Data Protection Rights
To be informed

You should know what information is collected, how it is used, how long it is held for, who it is shared with. This is available within Privacy Notices.

Subject access
Right of access to information held about you.

To rectification
Right to have information corrected if inaccurate

To erasure
Known as ‘Right to be forgotten’.
Right to have information deleted.

Restrict processing
To limit what organisations can do with your information, including who to share it with.

Data portability
The right to data portability allows you to obtain and reuse your information for your own reasons across different services. It allows you to move, copy or transfer your information easily from one IT environment to another in a safe and secure way, without affecting its usability.

To object
To stop an organisation processing your data.


Rights relating to automatic decision making
There are provisions on:

  • automated individual decision-making; making a decision solely by automated means without any human involvement.
  • profiling; automated processing of personal data to evaluate certain things about an individual.

Data Protection Officer
The Data Protection Officer operates independently on how to deal with data protection matters putting patient rights at the heart of their decision making process.

The Data Protection Officer will be the first point of call for individuals, such as patients, whose information is held by the Trust, but will also be the person for staff to turn to relating to any data protection queries. The Trust’s Data Protection Officer’s contact details are:
Katie Sparrow,
Head of IG and Data Protection Officer
Tel: 0121 612 8017
Email: Katie.sparrow@nhs.net