Privacy Notice
How we collect and use your
information and how you can access it
What is a privacy noce?
A Privacy Noce is a statement by the Trust to
paents, service users, visitors, carers, the public and
sta that describes how we collect, use, retain and
disclose personal informaon which we hold. It is
somemes also referred to as a Privacy Statement,
Fair Processing Statement or Privacy Policy. This
privacy noce is part of our commitment to ensure
that we process your personal informaon/data fairly
and lawfully.
Condenal informaon about you
Doncaster & Bassetlaw Teaching Hospitals NHS
Foundaon Trust (DBTH) collects, stores and
processes large amounts of personal data every day,
such as medical records, personal records and
computerised informaon.
This makes the DBTH a Data Controller. As a Data
Controller, the Trust is registered with the
Informaon Commissioners Oce (ICO). Details of
our registraon can be found on: hps://ico.org.uk/
esdwebpages/search Enter our registraon number
(Z5372151) and click ‘search register’.
We take our duty to protect your personal
informaon and condenality very seriously and we
are commied to taking all reasonable measures to
ensure the condenality and security of all of the
personal and sensive informaon for which we are
responsible whether it is on a computer system or on
paper.
At board level, we have a Senior Informaon Risk
Owner who is accountable for the management of
all of our informaon assets and any associated risks
and incidents. We also have a Caldico Guardian
who is responsible for advising on all aspects of the
management of your personal informaon and its
use. To comply with GDPR, we have appointed a
Data Protecon Ocer (DPO) who ensures that the
Trust is accountable and complies with the EU’s
General Data Protecon Regulaon (GDPR) and the
UK’s Data Protecon Legislaon.
Why issue a privacy noce?
Doncaster & Bassetlaw Teaching Hospitals NHS
Foundaon Trust recognises the importance of
protecng personal and condenal informaon in
all that we do, and takes care to meet its legal and
regulatory dues.
This noce is one of the ways in which we can
demonstrate our commitment to our values, being
transparent and open, and our commitment to our
values of Respecng Diversity, Acng with Integrity,
Demonstrang Compassion, Striving for Excellence
and Listening and Supporng Others.
This noce also explains what rights you have to
control how we use your informaon.
Our data protecon ocer is:
Roy Underwood
Doncaster Royal Inrmary
Armthorpe Road
Doncaster
DN2 5LT
email: [email protected]
What are we governed by?
The key pieces of legislaon/guidance we are gov-
erned by are:
• Data Protecon Legislaon
• UK General Data Protecon Regulaons (GDPR)
2021
• Human Rights Act 1998 (Arcle 8)
• Access to Health Records Act 1990
• Freedom of Informaon Act 2000
• Health and Social Care Act 2012, 2015
• Public Records Act 1958
• Copyright Design and Patents Act 1988
• The Re-Use of Public Sector Informaon
Regulaons 2015
• The Environmental Informaon Regulaons 2004
• Computer Misuse Act 1990
• The Common Law Duty of Condenality
• The Care Record Guarantee for England
• The Social Care Record Guarantee for England
• Internaonal Organisaon for Standardisaon
(ISO) – Informaon Security Management
Standards (ISMS)
• Informaon Security Management – NHS Code of
Pracce
• Records Management – Code of Pracce for
Health and Social Care 2016
• Accessible Informaon Standards (AIS)
• Data Protecon Act 2018
Who are we governed by?
• NHS Improvement
• Department of Health
• Informaon Commissioner’s Oce
• Care Quality Commission
• NHS England
Our consultants, doctors, nurses, healthcare
professionals and registered support sta are also
regulated and governed by professional bodies
including numerous royal colleges.
Why and how we collect informaon
We may ask for or hold personal condenal
informaon about you which will be used to support
delivery of appropriate care and treatment. This is
to support the provision of high quality care. These
records may include:
• Basic details such as name, address, date of birth,
and next of kin.
• Contact we have had, such as appointments and
home visits.
• Details and records of treatment and care,
including notes and health reports
• Results of medical imaging, x-rays, blood tests,
etc.
• Informaon from people who care for you and
know you well, such as health professionals and
relaves.
It may also include personal sensive informaon
such as sexuality, race, your religion or beliefs, and
whether you have a disability, allergies or health
condions. It is important for us to have a complete
picture, as this informaon assists sta involved in
your care to deliver and provide improved care,
deliver appropriate treatment and care plans, to
meet your needs.
Informaon is collected in a number of ways; via your
healthcare professional, referral details from your GP,
or directly given by you.
How your informaon helps
Your informaon can help:
• To help inform decisions that we make about
your care.
• To ensure that your treatment is safe and
eecve.
• To work eecvely with other organisaons who
may be involved in your care.
• To support the health of the general public.
• To ensure our services can meet future needs.
• To review care provided to ensure it is of the
highest standard possible.
• To train healthcare professionals.
• For research and audit.
• To prepare stascs on NHS performance.
• To monitor how we spend public money.
There is also potenal to use your informaon to
deliver care and improve health and care services
across the NHS and social care.
Where we need to have your explicit consent we will
ask you for it, and you will be properly informed.
This is parcularly important where the paent is a
child, here you will nd that we have provided
Privacy Noces and informaon on our website to
help you and your child, and children over 13, to
make properly informed decisions about their
treatment and their personal informaon.
Informaon can be further used to help:
• Improve individual care.
• Understand more about disease risks and causes.
• Improve diagnosis.
• Develop new treatments and prevent disease.
• Plan services.
• Improve paent safety.
• Evaluate Government, NHS and Social Care policy.
Your rights
The GDPR provides the following rights for
individuals:
1. The right to be informed – we will tell you what
we do with your informaon. We do this through
noces like this one, through service informaon
leaets, and though our trust website: www.
dbth.nhs.uk
2. The right of access – see secon on Subject
Access Rights below
3. The right to reccaon – we will correct any
personal informaon that is inaccurate or recfy
and data that is incomplete
4. The right to erasure; the right to be forgoen
might not apply to your health data (see UK Data
Protecon Legislaon)
5. The right to restrict processing – we will only re-
strict the processing of your personal data where
it is clinically safe to do so
6. The right to data portability – we will provide
copy notes and copy images however, any oth-
er copy eData will only be provided where and
when our eData Systems allow us to extract a full
and accurate copy of the data held which is about
you
7. The right to object - your objecon will be con-
sidered in relaon to your parcular situaon
8. Rights in relaon to automated decision making
and proling
Our lawful basis for processing
Accurate and up-to-date informaon assists us in
providing you with the best possible care. If you see
another healthcare professional, specialist or an-
other part of the NHS, they can readily access the
informaon they need to provide you with the best
possible care.
Everyone working within the NHS has a legal duty to
keep informaon about you condenal, including
anyone in the NHS who receives condenal infor-
maon from us.
This includes:
• Public task: the data processing is necessary
to perform a task in the public interest, or our
ocial funcons, which have a clear basis in Law.
Arcle 6 (e) - GDPR/DPA 18
• The processing is necessary for the purpose of
preventave or occupaonal medicine, the
assessment of the working capacity of
employees, medical diagnosis, the providion of
health or social care or treatment or
management of health or social care system.
Arcle 9 (2) (h) ) - GDPR/DPA 18
• The processing is necessary for the purposes of
carrying out the obligaons and exercising
specic rights of the controller or of the data
subject in the eld of employment and social
security and social protecon Law. Arcle 9 (2)
(b) ) - GDPR/DPA 18
Personal data are used lawfully by many people in
the course of their work. We employ over 6,500 sta
covering a considerable range of clinical experse
and specialisms, with 3 Main Hospital sites and a
number of local Outpaent Service clinics:
• Doncaster Royal Inrmary (DRI)
• Bassetlaw Hospital (BH)
• Mexborough Montagu Hospital (MMH)
• Outpaent Services at Reord Hospital
• Tri-health GUM services on East Laith Gate,
Doncaster
• Tri-health GUM services on Ryton Street,
Worksop
• Outpaent Services at our Chequer Road Clinic,
Doncaster
Where possible, when using informaon to inform
future services and provision, non-idenable
informaon will be used.
How informaon is retained and kept
safe
Informaon is retained in secure electronic and
paper records and access is restricted to only those
who need to know. It is important that informaon is
kept safe and secure, to protect your condenality.
There are a number of ways in which your privacy is
shielded; by removing your idenfying informaon,
using an independent review process, adhering to
strict contractual condions and ensuring strict
sharing or processing agreements are in place.
GDPR and Data Protecon Legislaon regulates the
processing of personal informaon. Strict principles
govern our use of informaon and our duty to ensure
it is kept safe and secure. We will always carry out a
Data Privacy Impact Assessment (DPIA) whenever a
new informaon system or data ow is being
considered.
Technology allows us to protect informaon in a
number of ways, in the main by restricng access.
Our guiding principle is that we are holding your
informaon in strict condence. How do we keep
informaon condenal? Everyone working for the
Trust is subject to the Common Law Duty of
Condenality and Data Protecon Legislaon
Informaon provided in condence will only be used
for the purposes to which you are aware, unless
there are other circumstances covered by the law.
Under the NHS Condenality Code of Conduct, all
sta are required to protect informaon, inform you
of how your informaon will be used and allow you
to decide if and how your informaon can be shared.
This will be noted in your records. All Trust sta are
required to undertake annual training in data
protecon, condenality, IT/cyber security, with
addional training for specialist, such as healthcare
records, and IT sta.
If clinical sta would like a student to be present,
they will always ask for your permission before that
meeng or episode of care. The treatment or care
you receive will not be aected if you refuse to
have a student present during your episode of care.
Occasionally, for assessment purposes, students may
request that their supervisor be present. You may
refuse this if it makes you feel uncomfortable.
Who will the informaon be shared
with?
To provide best care possible, somemes we will
need to share informaon about you with others. We
may share your informaon with a range of Health
and Social Care organisaons and regulatory bodies.
You may be contacted by any one of these
organisaons for a specic reason; they will have a
duty to tell you why they have contacted you.
Informaon sharing is governed by specic rules and
law and this will be strengthened under GDPR.
Sharing with non-NHS organisaons
For your benet, we may also need to share
informaon from your records with non-NHS
organisaons, from whom you are also receiving
care, such as social services or private healthcare
organisaons. We will not disclose any health infor-
maon to third pares without your explicit consent,
unless there are exceponal circumstances, such
as when the health or safety of others is at risk or
where the law requires the disclosure of informaon.
We may also be asked to share basic informaon
about you, such as your name and parts of your
address, which does not include sensive
informaon from your health records. Generally,
we would only do this to assist them to carry out
their statutory dues (such as usages of healthcare
services, public health or naonal audits). In these
circumstances, where it is not praccal to obtain your
explicit consent, we are informing you through this
noce, which is referred to as a Privacy Noce, under
the GDPR & Data Protecon Legislaon. Where
paent informaon is shared with other non-NHS
Roy Underwood
Doncaster Royal Inrmary
Armthorpe Road
Doncaster
DN2 5LT
email: [email protected]
Roy Underwood,
Data Protecon Ocer
(DBTH and Bassetlaw CCG)
organisaons, an informaon sharing agreement may
be drawn up to ensure informaon is shared in a way
that complies with relevant legislaon.
Non-NHS organisaons may include, but are not
restricted to: social services, educaon services,
local authories, the police, voluntary sector provid-
ers and private sector providers. You have the right
to withdraw consent for us to share your personal
informaon You have the right to refuse/withdraw
consent to informaon sharing at any me. We will
fully explain the possible consequences to you, which
could include delays in you receiving care.
Data breaches
In spite of our best eorts and structured data
security and protecon training for all trust sta,
somemes things do go wrong. We will always report
these breaches in line with GDPR and Data Protec-
on Legislaon.
Contacing us about your informaon
You can contact the Doncaster & Bassetlaw Teaching
Hospitals NHS Foundaon Trust, Data Protecon Of-
cer by using the Contact Us secon of our website:
www.dbth.nhs.uk
If you have any quesons or concerns regarding the
informaon we hold on you, or the use of your infor-
maon please contact the Informaon Governance
team. Email: [email protected]
Can I access my informaon?
Under the GDPR & Data Protecon Legislaon, an
individual may request access to informaon (with
some exempons) that is held about them by an
organisaon.
Your NHS number. Keep it safe
Every person registered with the NHS in England and
Wales has their own unique NHS number. It is made
up of 10 digits for example 123 456 7890. Your NHS
Number is used by healthcare sta and service pro-
viders to idenfy you correctly. It is an important step
towards improving the safety of your healthcare.
Always bring your NHS number with you to all hospi-
tal appointments if you can, or quote it if you need
to telephone the hospital for any enquires. This will
allow sta to check that they have the right paent
details by checking this against your NHS number. To
improve safety and accuracy always check your NHS
number on correspondence the NHS sends to you.
If you do not know your NHS number, contact your
GP. You may be asked for proof of identy, for ex-
ample a passport or other form of identy. This is to
protect your privacy. Once you have obtained your
NHS Number, write it down and keep it safe.
SMS text messaging
Your contact details are important to us; ensuring
that we can contact you in regard to appointment
bookings, appointment cancellaons, and as a means
of reminding you of your forthcoming appointments
and treatment. The contact informaon we store
will only be used by us in relaon to trust business,
we will not pass on your contact details to any other
party other than the third party company used to
deliver our appointment reminder service. As a data
controller themselves, they also have a duty to keep
your informaon safe and secure and only to use for
the contracted purpose.
Sending to other countries
Somemes your data may be processed outside the
UK. In most circumstances it will remain within the
European Economic Area (EEA) and it will be aorded
the same protecon as in the UK through the GDPR.
Whenever processing has to take place outside the
EEA, we will ensure that lawful data protecon and
security measures are in place within the contracng
process.
How long we keep your informaon
for
All personal informaon will be kept in line with the
retenon periods detailed in the Heath Records Code
of Pracce for Health & Social Care Records 2016.
For more informaon on how
to access the informaon we
hold about you please contact:
dbth.casenot[email protected]
Further informaon
Further informaon can be found on the NHS
Choices website.
Where any contact details are given for members of
Trust sta, noce is hereby given, under the GDPR &
Data Protecon Legislaon on behalf of the individ-
ual or individuals that this personal informaon may
not be used for the purposes of direct markeng.
Contacng us if you have a complaint
or concern
We try to meet the highest standards when collecng
and using personal informaon. We encourage peo-
ple to bring concerns to our aenon and we take
any complaints we receive very seriously. You can
submit a complaint through the Trust’s Complaints
Procedure, which is available on our web site, or you
can write to: Paent Advice and Liaison Service, Don-
caster Royal Inrmary, Armthorpe Road, Doncaster.
DN2 5LT / Email: [email protected]
If you remain dissased with the Trust’s decision
following your complaint, you may wish to
contact: Informaon Commissioner’s Oce, Wyclie
House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Their web site is at www.ico.gov.uk
The Informaon Commissioner will not normally con-
sider an appeal unl you have exhausted your rights
of redress and complaint with the Trust.
Copyright
Our copyright and database right material is licensed
for use and re-use under the Open Government
Licence (OGL). To view this license, visit www.na-
onalarchives.gov.uk/doc/open-government-licence
or write to: Informaon Policy Team, The Naonal
Archives, Kew, Richmond, Surrey. TW9 4DU
Use of informaon expressly made available under
this license indicates your acceptance of the terms
and condions as set out in the OGL. When you use
our informaon under the OGL, you should include
the following aribuon: [Insert name of informaon
resource, Doncaster & Bassetlaw Teaching Hospitals
NHS Foundaon Trust, date of publicaon], licensed
under the Open Government License www.naonal-
archives.gov.uk/doc/open-governmentlicence
For informaon: where the copyright is owned by
another person or organisaon, you must apply to
the copyright owner to obtain their permission to
use/re-use.
Doncaster & Bassetlaw Teaching Hospitals NHS Foundaon Trust is registered with the Informaon Commissioners
Oce (ICO). Details of our registraon can be found on: hps://ico.org.uk/esdwebpages/search. Enter our registraon
number (Z5372151) and click ‘search register’. You can contact our Data Protecon Ocer by emailing:
Document designed by the Trust’s Communicaons Team © 2018
This privacy noce was developed following the 12 step guidance from the Informaon Commissioners Oce.
