Resize text Make the text bigger Make the text smaller

Fair Collection / Privacy Notice

You are here: Home \ Trust \ Information Governance \ Fair Collection - Privacy Notice

 

Fair Collection/Privacy Notice - Data Protection Act 1998
This page provides you with information about how the Royal Devon & Exeter NHS Foundation Trust uses and manages the personal data we hold about you, including how we share it with NHS and non-NHS organisations, and how we maintain confidentiality.

 

What is personal data?

Personal data is information about a living, identifiable individual. Therefore, your personal data is any information that can be attributed to you personally, including your name, weight, height, date of birth, health conditions and treatments you receive. So long as you can be identified from that information, it becomes your personal data.

 

Organisations that use personal data must do so in line with the provisions of the Data Protection Act 1998. The Act applies to personal data held in both electronic and physical media.

 

An example of the types of personal data that the Trust uses are:

  • Name, address, date of birth, NHS Number and next of kin
  • Contact information i.e. telephone number
  • Contacts we have had with you such as clinic visits
  • Details of diagnosis and treatment
  • Allergies and physical or mental health conditions
  • Racial or Ethnic Origin
  • Religious or other beliefs of a similar nature
  • Offences, criminal proceedings, outcomes and sentences.
  • Family, lifestyle and social circumstances
  • Education and training details
  • Employment details
  • Financial details

Why we collect information about you

We may need to keep records about the health care and treatment you receive as one of our patients. This helps to ensure that you receive the best possible care from us and that full information is readily available if you see another doctor, or are referred to a specialist or another part of the NHS.

 

We also keep records relating to staff, for the purpose of appointments or removals, pay, discipline, superannuation, work management or other personnel matters. This is to ensure that employment at the Trust is managed to a high standard and that staff are provided with the information and training required to carry out their role.

 

We may use personal data for the following purposes:

  • To prepare statistics on NHS performance
  • To audit NHS Services
  • To monitor how we spend public money
  • To plan and manage the health service
  • To teach and train healthcare professionals and NHS employees
  • To conduct health research and development

 

Data Protection Act 1998

 

All of the personal data that we collect and use is handled in accordance with the Data Protection Act principles. These state that:

  • We must satisfy lawful conditions in order to use personal data. (These conditions include, but are not limited to, obtaining consent from the individual to use their personal data; and/or needing the personal data to protect someone from serious harm; and/or using the personal data in order to exercise one of our statutory duties)
  • We must let individuals know why we are using their personal data. This webpage helps us to do that.
  • We must use the personal data in a manner compatible with that purpose.
  • We must only use the personal data that is relevant to the purpose; i.e., not obtain or use more than we need to.
  • We must keep your personal data accurate and up-to-date.
  • We must not keep your personal data longer than is necessary
  • We must use in line with your Data Protection rights; for example, the right to obtain a copy of the personal data we hold about you.
  • We must keep your personal data safe and secure.
  • We must only transfer your personal data outside of the European Economic Area if we have ensure that adequate safeguards are in place.

Who do we share personal data with?

Royal Devon and Exeter NHS Foundation Trust shares data with a range of organisations.  We will always endeavour to share the minimum amount of personal data required, even anonymising data where we possible. However, there will be some instances where personal data will need to be shared with other organisations for the purposes of caring for a patient. In such instances we will need to ensure that the information shared is adequate so that the patient is properly cared for.

 

We may share personal data with the following organisations for the purposes of delivering or improving healthcare, or where there is a legal requirement for us to do so:

  • Clinical commissioning groups
  • Health authorities
  • Other NHS Trusts
  • General practitioners (GPs)
  • Ambulance services
  • Other NHS common services agencies such as primary care agencies
  • Social services
  • Education services
  • Local authorities
  • Police
  • Department for Work & Pensions
  • Voluntary sector providers and private sector providers.

How long do we retain your records?

All our records are destroyed in accordance with the NHS Retention Schedule, which sets out the appropriate length of time each type of NHS records is retained. We do not keep your records for longer than necessary.

 

All records are destroyed confidentially once their retention period has been met, and the Trust has made the decision that the records are no longer required.

 

How do we keep your personal data safe and secure?

Royal Devon and Exeter NHS Foundation Trust is committed to securing your personal information from unauthorised access, use or disclosure. We secure the personal data you provide on computer servers in a controlled, secure environment. We also train our staff and have policies and procedures in place so that everyone working in the Trust is aware of the high standards we expect them to adhere to when handling your personal data.

How do I obtain a copy of my personal data?

Please refer to our Access Your Personal Data / Health Records page.

Raising a concern

If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, please contact the Trust’s Patient Advice and Liaison Service (PALS).

 

Additionally, you have a right to complain to the Data Protection regulator, the Information Commissioner, if you are dissatisfied with the way the Trust has handled or shared your personal information:

 

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
https://ico.org.uk/


Tel: 0303 123 1113 (or 01625 545745 or 44 1625 545745 if calling from overseas)
Fax: 01625 524510

Changes to this Statement

We will occasionally update this Privacy and Fair Collection webpage to reflect company and customer feedback. We therefore encourage you to periodically review this webpage in case of any changes.

Further information

To learn more about how we use, manage and maintain confidentiality of your information, please speak to the health professionals concerned with your care.

 

 

 

 

Call 111 when its less than urgent