What information do we collect about you?
- Details about you, such as your address and next of kin
- Any contact the Trust has had with you, such as appointments, clinic visits, emergency appointments, etc.
- Notes and reports about your health
- Details about your treatment and care
- Results of investigations, such as laboratory tests, x-rays, etc.
- Relevant information from other health professionals, relatives or those who care for you
Why do we collect your information?
We collect your information to enable us to provide you with health and social care services. However, your information may also be collected for other purposes that you should be aware of, such as CCTV recordings used for crime prevention, or if you make a complaint/enquiry or if you complete a survey. We will also use your information to contact you to see if you would like to be involved in medical research trials that might be relevant to you. In all situations the Trust is required to comply with data protection law.
Our staff may check your details with you to ensure they are up-to-date and correct. This is important to avoid errors in your care or treatment. So, if your details have changed (such as your name or address) you need to let us know.
For more information click here.
Who might we share information with?
At the SARC our lawful reason for processing your data in consent, from yourself, we therefore will not process or share your data without your consent.
The Trust may with your consent share your information with other organisations or professionals so that you receive good quality care and to prevent you being assessed again or being asked the same questions. Ordinarily information kept by the Trust will be made available to your GP. The Trust works with many partner organisations such as social care services, educational bodies, housing associations, voluntary and community organisations. Staff should discuss with you what information they are sharing, why and with whom.
We will only consider the need to share your information with other organisations or professionals where we consider it an important part of delivering effective care.
You have a right to object/withdraw consent to your information being shared, at any time.
There are exceptional circumstances whereby the Trust may share information about you without your knowledge, for example, in an emergency where you or someone else might suffer substantial harm or distress, where it relates to a ‘communicable disease’ (such as cholera, plague, smallpox, etc) or if information is required by law (such as a court order).
What other information about you do we hold?
As well as information that you provide to us directly, we also use information from other sources to help us provide you with safe and effective health and social care. This may include, for example:
- information from another NHS Trust, or your GP Surgery about health care that you have received previously
- information from other partner organisations such as Social Care services, housing associations, and voluntary and community organisations.
How long do we keep your information?
There is a requirement for the Trust to hold a record of your information for a set length of time (which varies according to the type of information that it is). You can find further information on the rules that the Trust must follow here.
Where is my information stored?
Some health records are held in paper form but most are now electronic as the NHS strives to become paperless.
Almost all electronic records are stored in the UK. However, for a very small minority of services some information is stored abroad, such as Functional Family Therapy information which is stored electronically in the USA. We make sure that where information is stored abroad, it has the same level of legal protection as it would if it were stored here.
What are my rights?
The Data Protection Act gives you certain rights in respect of the information we hold about you:
The right to be informed
You have a right to be informed if we use your personal data, this should include:
- why we are using your data;
- what type(s) of data is being used;
- how long we keep it for;
- who we share it with;
- if we transfer the data overseas;
- your rights;
- how to contact us about your data, and,
- your right to complain to the Information Commissionaires Office (ICO).
We do this by way of our privacy notice.
The right of access
You are entitled to a free-of-charge copy of information that we hold about you. However, the Trust may charge a ‘reasonable fee’ for particularly bulky, complex or repetitive requests (for the same information) based on the administrative cost of providing the information.
The Trust must provide you with the requested information (where it is appropriate to provide) within 30 calendar days once it has sufficient details to be able to process the request. However, the Trust may extend this period up to 90 calendar days or refuse to respond for bulky, complex or repetitive requests.
The right to rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete.
The Trust must respond within 30 calendar days. However, the Trust may extend this period up to 60 calendar days for complex requests.
The Trust may refuse the request if it believes the information is accurate/complete or there is a legal basis to refuse and you will be notified of this. You have the right to complain to the Information Commissioner’s Office and to seek correction by order of a Court.
The right to erasure
This is more commonly known as the ‘right to be forgotten’. You may request to have your data erased where:
- It no longer needs to be kept by the Trust (it has surpassed the minimum retention period);
- Where you withdraw your consent or object to the use of your data and there is no requirement for the Trust to retain the data;
- It has been used unlawfully;
- The Trust must comply with a legal obligation; or,
- You are under 16 and data has been stored electronically by the Trust at your request.
The Trust may refuse your request (in full or part) where there is a legal basis to refuse and you will be notified of this.
The right to restrict processing
You can limit the way an organisation uses your personal data if you are concerned about the accuracy of the data or how it is being used. If necessary, you can also stop an organisation deleting your data. Together, these opportunities are known as your ‘right to restriction’.
This right is closely linked to your rights to challenge the accuracy of your data and to object to its use.
The right to data portability
You have the right to get your personal data from an organisation in a way that is accessible and machine-readable, for example as a csv file.
You also have the right to ask an organisation to transfer your data to another organisation. They must do this if the transfer is, as the regulation says, “technically feasible”.
By its very nature, that right should not be exercised against controllers processing personal data in the exercise of their public duties.
It should therefore not apply where the processing of the personal data is necessary for compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of an official authority vested in the controller.
Gloucester Care Services NHS Trust is a controller that is exercising their public duties with official authority vested in it to provide NHS Services.
The right to object
You have the right to object to the processing (use) of your personal data in some circumstances. If an organisation agrees to your objection, it must stop using your data for that purpose, unless it can give strong and legitimate reasons to continue using your data despite your objections.
You have an absolute right to object to an GCS using your data for direct marketing
Rights in relation to automated decision making and profiling
When decisions are made about you without people being involved, this is called ‘automated individual decision-making and profiling’ or ‘automated processing’, for short.
In many circumstances, you have a right to prevent automated processing.
This guidance describes your rights under two kinds of automated processing:
- automated individual decision-making; and,
To exercise any of these rights
Submit your request in writing by either:
Gloucestershire Care Services NHS Trust
Edward Jenner Court
1010 Pioneer Avenue
How the Trust ensures information is used appropriately
The Trust is required to provide evidence of the steps it takes to ensure information is used appropriately. Click here to find out more.
What to do if you have concerns about the use of your information
You can contact the Trust’s Information Governance Manager or Data Protection Officer: firstname.lastname@example.org
If we can’t resolve your concern, you have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details can be found here.
Gloucestershire Care Services NHS Trust is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. Our log files do not contain any personal information (other than that freely given by you) or information about other sites you have visited.
Any personal details provided by you to the Gloucestershire Care Services NHS Trust website must be true, correct and complete. Personal information attached to our website will not be passed on to third parties without the person’s prior consent.
We use Google Analytics software to collect information to help make sure the website is meeting the needs of its users and to help us make improvements.
Google Analytics stores information about:
- The pages you visit on www.HopeHouseSARC.nhs.uk
- How long you spend on each www.HopeHouseSARC.nhs.uk page
- How you got to the site
- What you click on while you’re visiting the site
We don’t collect or store your personal information and we don’t allow Google to use or share our analytics data.
What are Cookies?
A cookie is a small amount of data that is sent to your computer or mobile device from a particular website. This enables the website to recognise your specific computer or mobile device if you should return to the same site.
Cookies are used to improve services for you through, for example:
- enabling a service to recognise your device so you don’t have to give the same information during one task
- recognising that you have already given a username and password so you don’t need to enter it for every web page requested
- measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast
A cookie often includes a unique identifier, which is a randomly generated number. This is stored on your device’s hard drive. Many cookies are automatically deleted after you finish using a website. Cookies are not programs and do not collect information from your device.
What are log files?
Every time the website is accessed an entry is made in the web server’s log file. This tells us broadly where an access is coming from, when it was made, which file was requested and whether the request was successful or not. It usually does not allow us to identify individual users. The data is used to assess usage levels and spot technical problems (such as broken pages or web server errors).