Privacy Notice

As a data controller, Northamptonshire Healthcare NHS Foundation Trust (NHFT) process both personal data and special category personal data (sensitive).

Northamptonshire Healthcare NHS Foundation Trust,

St Mary’s Hospital
London Road
Kettering
NN15 7PW

Tel 01536 410141

Our Data Protection Registration number is Z6769102.

What is personal or special category data?

Personal data is information about an identifiable living person such as name, address, telephone number, date of birth, NHS Number, and information about that person held in records. Records can be in different formats e.g. written correspondence, emails, photographs, audio recordings and video recordings.

Information classed as special category (sensitive) personal data, can include details of ethnic origin, religious beliefs, sexual orientation, trade union membership, health data, biometric data and genetic data. 

Why we collect and store personal data?

We process personal data to enable us to provide healthcare services for patients, data matching under the national fraud initiative; research; supporting and managing our employees, maintaining our accounts and records and the use of CCTV systems for crime prevention.

The Trust has a duty to:

  • Process data lawfully, fairly and in an open manner
  • Only use data for a specific defined purpose
  • Only gather and record data that is relevant and limited to the defined purpose
  • Take every reasonable step to ensure data is kept accurately
  • Only hold data in an identifiable form for the minimum period necessary
  • Hold data securely and prevent any unlawful processing

How will we use information about you?

The Types of Information that we may collect and use include the following:

  • personal details
  • family details
  • education, training and employment details
  • financial details
  • goods and services
  • lifestyle and social circumstances
  • visual images, personal appearance and behaviour,
  • details held in the patients record
  • responses to surveys

What is the Legal Basis for processing data?

Under the terms of the General Data Protection Regulations, we are required to notify you of the legal basis for processing the data we handle.

Healthcare

Personal data provided to the Trust for the purpose of healthcare delivery, management and treatment:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

 

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

To manage our contractual obligations for the services we have been commissioned to deliver:

  • Ensure that money is used properly to pay for the services it provides
  • Investigate complaints, legal claims or important incidents
  • Make sure that services offered give value for money
  • Make sure services are planned to meet patients’ needs in the future
  • Review the care given to make sure it is of the highest possible standard 
  • To improve the efficiency of healthcare services                                                                                                                                                                                                                                                                                                                

Staff Data

If we are your employer we process your data to enable us to undertake our responsibilities under law.

Personal data provided by staff members for the purpose of employment:

6(1)(f) Necessary for the purposes of legitimate interests

Special category data provided by staff members for the purpose of employment:

This data is required to manage the operation of the organisation and to ensure compliance with the terms and conditions outlined in your contract, as part of your employment.  

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;

 

Staff Occupational Health Data

Special category data gathered by the Trust in relation to employee health is processed for the reasons of preventative or occupational medicine and for assessment of working capacity.

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

Students

The Trust works with partner academic organisations to support and mentor students and apprentices during their placements. Student and apprentice information is processed in accordance with the individual learning agreements in place with the academic institution.

This data is required to facilitate support and mentoring of individuals and to ensure compliance with the terms and conditions outlined via contract or learning agreement.

Personal data provided by students for the purpose of employment:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;

Trust Membership and Involvees

As Members or Involvees of the trust you will likely receive information that may be of interest as a patient, carer or member of the community that we serve.  In common with all other NHS foundation trusts we have a statutory duty to engage with our communities and encourage new Members and Involvees of the Trust.

Personal data provided by Members or Involvees for the purpose of engaging with communities:

6(1)(e) whereby processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller (Northamptonshire Healthcare).

Equality and Diversity Data

As a Trust we have a duty to eliminate unlawful discrimination, harassment or victimisation, to advance equality of opportunity and to foster good relations. All public bodies must treat people from different groups fairly and equally. Data on equality and diversity is captured in accordance with the Equality Act 2010.

Special Category Personal Data provided to the Trust for the purpose of compliance with Equality legislation :

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement.

Mental Health Act Data

Most people who receive treatment in hospitals or psychiatric units for mental health conditions are there voluntarily and have the same rights as people receiving treatment for physical illnesses. However, a small number of patients may need to be compulsorily detained under a section of the Mental Health Act 1983.

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement.

9(2)(c) Necessary to protect the vital interests of a data subject who is physically or legally incapable of giving consent

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

Use of Photographs

Photographs where an individual can be clearly identified will only be used as part of promotional materials and website where explicit consent has been given by the individual.

Personal data for the purpose of promoting the work of the Trust:

6(1)(a)Consent of the data subject

Recovery College

Recovery College NHFT supports individuals with experience of mental health difficulties to live the life they want to lead and become experts in their own self-care. The college supports individuals through courses designed to contribute towards wellbeing.

Data captured during enrolment is required to manage this service and to provide you details of available courses and resources.

Personal data provided by individuals for the purpose of enrolment:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(b) necessary for the carrying out of obligations under employment, social security or social protection law, or a collective agreement;

Research

Data is gathered for research with the same controls as for the collection and processing of data for healthcare purposes. Consent will be sought for participation in research trials under the common law duty of confidentiality.

Personal data provided by individuals for the purpose of research:

6(1)(e)Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

Special Category Personal Data provided to the Trust for the purpose of healthcare delivery, management and treatment:

9(2)(h) Necessary for the reasons of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

 

Data sharing with partner organisations

We hold a list of the information sharing agreements we currently have in place with our partner organisations.

Other ways your data may be shared

National Surveys

Your personal data may be used for the purposes of the NHS Patient Survey Programme, and this may include passing data to a CQC approved contractor. The anonymised reports produced by the survey programmes are used to help make service improvements.

The processing basis for the Trust to use your information for the NHS Patient Survey Programme is set out in Article 6(1)(e) of the General Data Protection Regulations which allows data to be processed where the “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”.

Safeguarding

There is a Duty of Care to report safeguarding concerns to partner organisations to support an individual’s welfare. There is useful information on the Trust’s Safeguarding Page on the importance of safeguarding for Adults and Children and how staff are supported to act in the best interests of the individual.

https://www.nhft.nhs.uk/safeguarding

Public security

Data may be shared with the Police or other national security agencies where it is necessary and proportionate to support the prevention, investigation and detection of crime.

Tuberculosis

Data may be provided to the Trust by partner agencies to support the management of patients with Tuberculosis or suspected Tuberculosis.

Infection Control

Data may be provided to the Trust by partner agencies to support the management of public health.

Is my data transferred overseas?

Your personal data may be transferred outside of the UK, for example, if the Trust uses a cloud service that has servers in another country. A Data Protection Impact Assessment will have been completed to ensure that data is held securely and within the requirements of the law.

If your data is transferred overseas there will be a contract in place, and a Data Processing Agreement that ensures responsibility for safeguarding data.

Is my data handled using automated decision processes?

The Trust does not currently use automated decision processes this privacy notice will be regularly reviewed and updated as necessary.

How do we store and safeguard your data?

We may introduce new technologies that capture and store personal data e.g. biometric scanners, body worn video cameras etc. A Data Protection Impact Assessment is carried out when such technologies, or new systems that capture personal data are implemented by the trust.


We keep your information in accordance with timescales set out in the Records Management Code of Practice for Health and Social Care. Personal data that does not have a national retention schedule in the Code of Practice is managed for as long as is necessary to fulfil the purpose of obtaining it or if we are required to keep it by law. A link to this document can be found below:

https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/codes-of-practice-for-handling-information-in-health-and-care/records-management-code-of-practice-for-health-and-social-care-2016

Can I opt out of processing?

If you wish to opt out of sharing your information with other healthcare settings please discuss with your healthcare team at your next appointment. They can discuss with you the impact to your individual health care.

If you wish to opt out of having your information used for the purpose of national surveys detailed in the section of the privacy notice called “Other ways data may be shared”, please complete the form below:

 

 

How do I make a request for Information or make a complaint?

If you wish to ask the Trust about a data protection issue, request information on data we process, request a copy of your data, make a request for data to be erased, rectified or you have concerns about the processing of your personal data by us you may contact our Information Governance Team at:


Information Governance Team
Information Governance Team Office,
1st Floor,
RCI Building,
Kettering Venture Park,
Kettering,
NN15 6EY

Telephone: 0300 0111133

Email: information.governance@nhft.nhs.uk

If you wish to contact our Data Protection Officer directly then please use the details below:

Sarah Ratcliffe
Data Protection Officer
Information Governance Team Office,
1st Floor,
RCI Building,
Kettering Venture Park,
Kettering,
NN15 6EY

Email: DPO@nhft.nhs.uk

If you wish to make a complaint then please contact the relevant team below:

You can call the patient advice and liaison service PALS free on 0800 917 8504 9am-4pm

You can call our complaints department free on 0800 917 7206, 9am-4pm

You can e-mail PALS pals@nhft.nhs.uk or the complaints team at complaints@nhft.nhs.uk

Care will not be adversely affected by any comments or complaints you make.

If you are not content with the outcome of your complaint, you may apply directly to the Information Commissioner for a decision.  Generally, the Information Commissioner cannot make a decision unless you have exhausted the complaints procedure provided by the Trust.  The Information Commissioner can be contacted at:

The Information Commissioner's Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Is this Privacy Notice regularly reviewed?

We keep our privacy notice under regular review. This privacy notice was last updated on: 05/06/18

Conditions of use of this site

Use of this site

Northamptonshire Healthcare NHS Foundation Trust provides this website for personal use. In using this website, the user agrees to use this site for lawful purposes only and in a manner that does not infringe the rights, or restrict or inhibit the use of this site by any third party.

Information collected through this website is for the sole use of Northamptonshire Healthcare NHS Foundation Trust.

Northamptonshire Healthcare NHS Foundation Trust cannot guarantee uninterrupted access to this website or the sites to which it links, and accepts no responsibility for any damages arising from the loss of use of this information.
 

Disclaimer

This website is intended simply to provide helpful advice and information about Northamptonshire Healthcare NHS Foundation Trust and the services we provide.

The Trust has taken every care in the preparation of the content of this website. Northamptonshire Healthcare NHS Foundation Trust is not liable for any loss or damage arising from the use of this site or the information contained in it.

Northamptonshire Healthcare NHS Foundation Trust is not responsible for the availability of access to and links from this site, or for the content on linked sites. The Trust is not responsible for any transmission received from any linked site. Links are provided solely to assist visitors to Northamptonshire Healthcare NHS Foundation Trust’s website and the inclusion of a link does not imply that the Trust endorses or has approved the linked site. Equally, the lack of a link does not imply lack of endorsement.
 

Copyright

Unless otherwise indicated, Northamptonshire Healthcare NHS Foundation Trust retains the copyright to information featured on this website.

The names and logos identifying Northamptonshire Healthcare NHS Foundation Trust are proprietary marks of the NHS. Copying our logos and any other third party logo via this website is not permitted without approval of the relevant copyright owner.
 

Re-use of information

You may re-use the information on this website free of charge in any format. Re-use includes copying, issuing copies to the public, publishing, broadcasting and translating into other languages. It also covers non-commercial research and study. Re-use is subject to the following conditions:

  • Use of material should include an acknowledgement of the source
  • Reproduction of material should be accurate and should not mislead
  • Information should not be used for the principal purpose of advertising or promoting a particular product or service or for commercial gain.

If you have any questions about reusing information please email commsteam@nhft.nhs.uk

 

Revisions

Northamptonshire Healthcare NHS Foundation Trust may at any time amend and update this website.