Data Protection at NLFT

The information below will provide you with information on the Trust's procedures in relation to the day-to-day handling of personal data/information.

We want you to have confidence in the way we handle your personal data/information and provide you with assurance that we will manage your personal information fairly, lawfully and transparently.

We do this by:

Having open and transparent information on how we handle your data through our privacy notices, webpages, and policies
Having a dedicated team of Information Governance/Data Protection professionals who handle requests for patient information
Employing a Data Protection Officer and Caldicott Guardian who ensure data is handled lawfully

We welcome any feedback or queries about the way in which we handle information. The Information Governance Team can be contacted at nlft.information.request@nhs.net or on 0208 3317 7100

This page will explain how we use and protect the information that you provide to us and that we collect about you.

If you wish to access information we hold about you, please click here

What personal data do you collect about me?

We collect data/information about you, the people who are involved in your care and essential information we need to know in order to give you the best care.

Some data/information we collect is essential in order to provide you with health care, such as:

Your name
Your date of birth
Details of your health
Names of medication you are taking
Your address
Your NHS number

We may also need data/information about people involved in your care, for example:

Your next of kin
Details of social workers
Contact telephone numbers of personal representatives
The name of your solicitor

Special Category Data

Due to the services we provide, we are also required to collect additional information about you which is more sensitive and is known as "special category data." This can include details about:

Your religion
Your mental health
Your racial or ethnic origins

We will only collect information that is relevant to your individual needs and we ensure safeguards in place to make sure your information is handled securely and confidentially at all times.

How do you collect my personal data?

We primarily collect your data/information when you use our services, for example if you have been referred to us by your GP or another hospital.

We also collect your data/information by asking you to provide it, for example information on your next of kin, or who we should contact in an emergency.

Why do you need my personal data?

Under GDPR, we must have a reason for needing your personal data/information. This is known as a "legal basis," without one we cannot collect or process your personal data/information.

The lawful bases for processing personal data are set out in Article 6 of the UK GDPR. At least one of these must apply whenever we process personal data/information. For example:

(a) Consent: you have given us clear consent for us to process your personal data for a specific purpose. We may rely on this where you have consented for us to provide you with medical care.

(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations). This applies when we have a legal duty to collect data, for example to comply with employment law.

(d) Vital interests: the processing is necessary to protect someone’s life. This is engaged when a persons life is at risk.

(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law. We rely on this basis to carry out our essential services of providing health care.

More information on why we require your personal data/information can be found in our privacy notice.

Special Category Data

Where we have collected information about you which is "special category data" (for example your religion) we must have additional legal basis to process this information. Processing of this data must only be done where we have a legitimate legal basis to do so under Article 9 of GDPR:

(a) Explicit consent

(b) Employment, social security and social protection law

(c) Vital interests

(d) Not-for-profit bodies

(e) Made public by the data subject

(f) Legal claims and judicial acts

(g) Substantial public interest conditions

(h) Health or social care

(i) Public health

(j) Archiving, research and statistics

What rights do I have?

You have rights under GDPR as to how we manage the information we hold about you. These rights are explained in detail here

What do I do if I have a complaint or concern?

If you have concerns or complaints about how your information is being processed, please see the below information.

To make a complaint please email: nlft.patient.experience@nhs.net
For concerns or questions about how your information is being managed please email: nlft.information.request@nhs.net

How long do you keep my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

To determine the appropriate retention period for personal data, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements have been considered.

All records held by the Trust will be kept for the duration specified by national guidance from the Department of Health and Social Care found in the Records management: Records Management Code of Practice - NHS Transformation Directorate (england.nhs.uk) and is supplemented by our Records Management policy and Retention schedule.

Can I opt-out of the Trust using my personal data?

The national data opt out allows patients to opt out of their confidential information being used for research and planning. You can read more about it on the NHS website.

Patients can find out more and set their opt-out choice on the NHS data matters section of the NHS website.

Health and care staff can download leaflets, posters and other resources to use when informing patients. Staff can also read overview of the policy - Understanding the national data opt-out.

Who can I contact for more information?

The Information Governance Team is available to help you with any queries you have regarding how information is processed in the Trust. We can also assist with any individual rights requests, such as getting a copy of your information. We would encourage you to ensure you are sending your query to the correct email address below:

For Freedom of Information Requests: nlft.freedom.information@nhs.net
For Individual Rights Requests/Subject Access Requests: nlft.information.request@nhs.net
For complaints/feedback: nlft.patient.experience@nhs.net
To contact the Data Protection Officer: nlft.information.request@nhs.net
To contact the Caldicott Guardian: nlft.information.request@nhs.net

Data Protection at NLFT