Pan fyddwch yn cyflwyno eich cais, bydd yr hysbysiad preifatrwydd canlynol yn berthnasol:
Mae eich data yn cael eu casglu gan Barts Health NHS Trust, y gellir dod o hyd i'w hysbysiad preifatrwydd yma.
Y rheolydd data ar gyfer yr wybodaeth hon yw Barts Health NHS Trust. Darperir y system tracio ceisiadau hon gan Civica UK Ltd (https://www.civica.com/en-gb/product-pages/trac/) fel prosesydd data.
I wneud ymholiad, cais am yr wybodaeth bersonol a gedwir amdanoch yn rhan o'r broses hon, neu i drefnu i gywiro unrhyw gamgymeriadau, gallwch gysylltu naill ai â'r tîm sy'n ymdrin â'ch cais neu â'r Swyddog Diogelu Data ([email protected]).
Who we are Barts Health NHS Trust was established by the merger of the former Barts and the London NHS Trust with the former Newham University Hospital NHS Trust and the former Whipps Cross University Hospital NHS Trust. It is an acute trust, serving a population of over a million in East London, with a workforce of over 14,000 staff. Barts Health is committed to protecting your privacy when you use our services. This privacy notice explains how we use information about you and how we protect your privacy. Do you know what personal information is? Personal information can be anything that identifies and relates to a living person. This can include information that when put together with other information can then identify a person. For example, this could be your name and contact details. Why the Trust collects information about you? Your doctor and other health professionals caring for you keep records about your health and treatment from the National Health Services (NHS). It is in your interest for a full record to be collected. We may also need to use some information about you to: • to enable us to provide healthcare services for patients; • manage those services we provide to you; • help investigate any worries or complaints you have about your services; • check the quality of services • data matching under the national fraud initiative; • to help with research and planning of new services; • supporting, training and managing our employees who deliver those services; • keep track of spending on services; and • the use of CCTV systems for crime prevention. How the law allows us to use your personal information There are a number of legal reasons why we need to collect and use your personal information. Generally we collect and use personal information in the where: • it is necessary to perform our statutory duties • it is necessary to protect someone in an emergency • it is required by law • it is necessary for employment purposes • it is necessary to deliver health or social care services • you have made your information publicly available • it is necessary for legal cases • it is to the benefit of society as a whole • it is necessary to protect public health • it is necessary for archiving, research or statistical purposes • you, or your local representative, have given consent • you have entered into a contract with us For further details please see the section on individual’s rights (have hyperlink) Type/classes of information processed GDPR defines ‘processing’ as meaning any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction The Trust process information relevant to the above reasons. The information is either written down (manual records), or held on a computer (electronic records). This may include the following but not all items will be relevant to all individuals: • personal details; • family details; • ethnicity; • education, training and employment details; • financial details; • goods and services; • lifestyle and social circumstances; • visual images, personal appearance and behaviour; • details held in the patients record; • responses to surveys. Some information is ‘special’ and need as more protection due to its sensitivity. It is often information you would not want widely known and is very personal to you. This is likely to include anything that can reveal your: • racial and ethnic origin; • offences and alleged offences; • criminal proceedings, outcomes and sentences; • trade union membership; • political opinion; • physical or mental health details; • religious or similar beliefs; • sexual life; • Genetic/biometric data Who the information is processed about The Trust process personal information about: • patients; • next of kin; • suppliers; • employees (including students, apprentices, potential employees and volunteers); • complainants, enquirers; • survey respondents; • professional experts and consultants; • individuals captured by CCTV images Where the personal data originates form The personal data the Trust processes may have been provided by: • you • your parents, relatives or carers • GPs • Other hospitals/ NHS Trusts/hospices • Ambulance Trust • Local authorities • Private healthcare • Other third parties (including education providers and previous employers) How long do we keep your personal information There’s often a legal reason for keeping your personal information for a set period of time, we try to include all of these in our retention schedule. The Trust policy is based on the Records retention and disposal in line with the NHS Code of Practice on Records Management. (hyperlink to NHS Code of Practice) How do your records help you? Your records are used to guide and administer the care you receive. They help us to make sure that: • We have accurate, up to date information about your health; • You receive the best quality of care; • Information is easily accessible within the Trust, because this helps us to make decisions about your future healthcare needs; • Any concerns you may have about your health are properly investigated; Who the information may be shared with Everyone working for the NHS has a legal duty to maintain the highest level of confidentiality. Your manual healthcare records are kept in secure areas and the electronic records are kept securely with the necessary controls. Generally these records will only be seen by those involved in providing or administering your care. A few administration processes require information that may identify you; however most processes will use anonymous information The Trust sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the General Data Protection Regulations (GDPR). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where necessary or required we share information with: • patients; • family, associates and representatives of the person whose personal data we are processing; • staff; • current, past or potential employers; • healthcare, social and welfare organisations; • suppliers, service providers, legal representatives; • auditors and audit bodies; • educators and examining bodies; • survey and research organisations; • people making an enquiry or complaint; • financial organisations; • professional advisers and consultants; • business associates; • police forces; • security organisations; • central and local government; • voluntary and charitable organisations. The Trust will discuss with you before information is shared to ensure we act with your consent. If you are unable to consent for any reason, we will only share information where it is clearly in your best interests to do so or it is required by law. This includes: • Notification of new births or deaths; • If infectious diseases will endanger the safety of others, such as meningitis, tuberculosis or measles (but not HIV or AIDS); • For child protection reasons; • When a formal court order is issued. • In an emergency when there is risk of loss of life or limb • For the prevention or detection of a crime Information will not be passed to your friends, relatives or careers without your signed consent. How do your records help the NHS? Your information helps us: • Monitor your quality of care; • Meet the general public’s health needs; • Make sure our services meet future needs; • Teach and train healthcare professionals; • Conduct health research, development and audit; • Transfer to other providers to improve care; • Investigate a complaint you have made; • Prepare statistics on NHS performance. Access to your health information used for these purposes is controlled and monitored. When information is used for statistical purposes, we do not identify individual patients’ details. Some information may also be passed on to other organisations with a legitimate interest (i.e. planning services with other organisations outside the NHS). Transfers It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the GDPR. Your rights Under the GDPR you as a data subject have the following rights • the right to be informed; • the right of access; • the right to accuracy and making changes (rectification); • the right to erasure; • the right to restrict processing; • the right to data portability; • the right to object; and • the right not to be subject to automated decision-making including profiling Not all rights will apply depending on the lawful basis chosen by the Trust for that processing Right to erasure Right to portability Right to object Consent X Contract x Legal obligation x x x Vital interests x x Public task x x Legitimate interests x You can ask for access to the information we hold on you We would normally expect to share what we record about you with you whenever we assess your needs or provide you with services. However, you also have the right to ask for all the information we have about you and the services you receive from us. When we receive a request from you in writing, we must give you access to everything we’ve recorded about you. However, we can’t let you see any parts of your record which contain: • Confidential information about other people; or • Data a professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing; or • If we think that giving you the information may stop us from preventing or detecting a crime This applies to personal information that is in both paper and electronic records. If you ask us, we’ll also let others see your record (except if one of the points above applies). If you can’t ask for your records in writing, we’ll make sure there are other ways that you can. If you have any queries about access to your information please contact [email protected] You can ask to change information you think is inaccurate You should let us know if you disagree with something written on your file. We may not always be able to change or remove that information but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it You can ask to delete information (right to be forgotten) In some circumstances you can ask for your personal information to be deleted, for example: • Where your personal information is no longer needed for the reason why it was collected in the first place • Where you have removed your consent for us to use your information (where there is no other legal reason us to use it) • Where there is no legal reason for the use of your information • Where deleting the information is a legal requirement Where your personal information has been shared with others, we’ll do what we can to make sure those using your personal information comply with your request for erasure. Please note that we can’t delete your information where: • we’re required to have it by law • it is used for freedom of expression • it is used for public health purposes • it is for, scientific or historical research, or statistical purposes where it would make information unusable • it is necessary for legal claims You can ask to limit what we use your personal data for You have the right to ask us to restrict what we use your personal information for where: • you have identified inaccurate information, and have told us of it • where we have no legal reason to use that information but you want us to restrict what we use it for rather than erase the information altogether When information is restricted it can’t be used other than to securely store the data and with your consent to handle legal claims and protect others, or where it’s for important public interests of the UK. Where restriction of use has been granted, we’ll inform you before we carry on using your personal information. You have the right to ask us to stop using your personal information for any council service. However, if this request is approved this may cause delays or prevent us delivering that service. Where possible we’ll seek to comply with your request, but we may need to hold or use information because we are required to by law. You can ask to have your information moved to another provider (data portability) You have the right to ask for your personal information to be given back to you or another service provider of your choice in a commonly used format. This is called data portability. However this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer and not a human being. It’s likely that data portability won’t apply to most of the services you receive from Barts Health. You can ask to have any computer made decisions explained to you, and details of how we may have ‘risk profiled’ you. You have the right to question decisions made about you by a computer, unless it’s required for any contract you have entered into, required by law, or you’ve consented to it. You also have the right to object if you are being ‘profiled’. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions. If and when ECC uses your personal information to profile you, in order to deliver the most appropriate service to you, you will be informed. If you have concerns regarding automated decision making, or profiling, please contact the Data Protection Officer who’ll be able to advise you about how we using your information. How do we protect your information? We’ll do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include: • Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code or what’s called a ‘cypher’. The hidden information is said to then be ‘encrypted’. • Pseudonymisation, meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours • Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it • Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong • Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches) You can find more details of our Information Security expectations on our online policy. Where can I get advice The Trust has a Data Protection Officer who makes sure we respect your rights and follow the law. If you have any concerns or questions about how we look after your personal information, please contact the Data protection Officer, Matthew Hall (temporary), at [email protected] or by calling 020 3594 6027 and asking to speak to the Data Protection Officer. Alternatively, you could write to Data Protection Officer Barts Health NHS Trust The Royal London Hospital Room 701, 7th Floor, John Harrison House, Philpot Street, London. E1 2DR Telephone: 02035946027 Email: [email protected] If you have any worries or questions about how your personal information is handled please contact our Data protection Officer at [email protected] or by calling 020 3594 6027 For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire. SK9 5AF Telephone: 03031231113 (local rate) or 01625 545 745 if you prefer to use a national rate number Alternatively, visit ico.org.uk or email [email protected] Website: www.ico.org.uk