Contact Information for UHNM, Data Controller:

Royal Stoke University Hospital

Newcastle Road

Stoke-on-Trent

Staffordshire

ST4 6QG

Tel: 01782 715444

UHNM is registered to process personal and sensitive information under the Data Protection Act 2018

registration number is Z7476085

Page version control - v2 - 19/03/21

Covid-19 – Notice under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002
The Secretary of State for Health and Social Care has directed NHS Digital to collect and analyse data from providers and other organisations involved in managing the COVID-19 response. 

This will help to manage and mitigate the spread and impact of the current outbreak of Covid-19.  Sharing information more widely with other organisations will help to support planning and management of the response.

Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002 (COPI) 
 
Organisations are required to process confidential patient information.  If this is COVID 19 related, it will only be processed solely for COVID 19 in accordance with the Regulation 7 of COPI (which remains in force until March 2022)

• A Covid-19 Purpose includes:  
• Understanding Covid-19 and risks to public health.
• Understanding the trends in Covid-19 and any risks.
• Controlling and preventing the spread of Covid-19 and any risks.
• Identifying and understanding information about patients or potential patients with or at risk of Covid-19.
• Understanding information about incidents of patient exposure to Covid-19.
• Management of patients with or at risk of Covid-19 including:
   
• Monitoring patients and collecting information including providing services in relation to:
• Self-isolation.
• Fitness to work.
• Medical and social interventions.
• Recovery from Covid-19.
   
• Understanding information about patient access to health services and adult social care services and the need for wider care of patients and vulnerable groups as a direct or indirect result of Covid-19. This would include the availability and capacity of those services or that care.
   
• Monitoring and managing the response to Covid-19 by health and social care bodies and the Government including providing information to the public about Covid-19 and its effectiveness.
   
• Information about:
• Supplies and services including the workforce within the health services.
• Adult social care services.
   

Delivering services and providing information in connection with Covid-19 to patients, clinicians, health services, adult social care services workforce and the public. This includes fit notes, the provision of health care and adult social care services and research and planning.
This notice is effective until 30th September 2021 and then may be extended further.

A Supplementary Privacy Notice has been drafted to cover the fair processing of data (including staff data in respect of COVID-19 testing) during COVID-19 and it can be found here.

 In-Patient Communications

As a result of COVID 19, UHNM have made arrangements to allow in-patients and their relatives to be able to communicate through a ‘face time’ option from the ward.  Relatives and patients will also be given the opportunity to pass on messages through the PALS team by clicking on this link. Contact the PALs team.

Clinicians may use digital technology to conduct patient consultations and ward rounds.  All technology is secure. Patient confidentiality will be maintained throughout.

Page version control - v5 - 23/09/21

• Consent – To process your personal data, we need to obtain your consent.  Where consent is the legal basis for processing, patients should be aware that they are able to withdraw that consent at any time.
• Contract – This is required to be in place with an individual, for example, a member of staff. 
• Legal Obligation – This is necessary for UHNM to comply with the law.
• Vital Interest – This is necessary to protect someone's life.
• Public Task – This is necessary to perform a task in the public interest or for official functions. The task or function has a clear basis in law.
• Safeguarding concern, If there is a safeguarding concern, data may need to be shared.

Below are your rights as identified by the Data Protection Act 2018 in relation to the personal data that we hold. 

If you wish to exercise any of these rights, please contact the Data Security & Protection Team at dspuhnm.uhnm@nhs.uk or by telephoning: 01782 676441. 

The Trust will acknowledge your request within 2 days of receipt, explaining the process and projected timescale for completion. 

UHNM will advise of any updates to this timescale if required.

As data subjects (both patients and staff), you have the right to:

• Access – You have the right to ask UHNM for copies of the personal information that is held about you. Details about how to do this are included in the section ‘How to Access your Information’.
• Rectification – You have the right to ask UHNM to correct any information you think is inaccurate or incomplete. This is subject to certain safeguards however, for more information please click here
• Erasure – You have the right to ask UHNM to erase your information in special circumstances. For more information about this please click here
• Restrict processing – You have the right to limit the way UHNM uses your personal data. If you are concerned about the accuracy of the data or how it is being used where appropriate, click here for more information here
• Object to processing – You have the right to object to the use of your information in certain circumstances. For more information please click here
• Data portability – You have the right to ask that UHNM to transfer any electronic information you have given to another organisation in certain circumstances. 
• Automated processing - You have the right NOT to be subject to decision-making on the basis of any automated processing and you have the right to withdraw your consent to the processing/sharing of your information.

UHNM has appointed a Data Protection Officer who is responsible for information and advising on data protection regulations and national law.  The Data Protection Officer can be contacted by email at DPO.UHNM@uhnm.nhs.uk

Version Control - v2 - 19/03/21

The Trust undertakes Data Protection Impact Assessments (DPIA) on any projects which require the use of identifiable information.

These are available to view via the Freedom of Information process by contacting FOI@uhnm.nhs.uk

Version Control - v2 - 19/03/21

UHNM holds personal information on you in a variety of formats.  These include paper records, electronic records and video/audio files.  Patients who access from their own devices via secure Apps is also held.

For Patients:

Data is collected for patients as listed below, however any further data which may be of a more sensitive nature is called special category data.  

• Names, including preferred or maiden name.
• Telephone number(s).
• Date of birth.
• NHS number.
• Email address.
• Your next of kin contact details.
• GP details.
• Power of Attorney status.
• Financial details, where we provide healthcare to private patients.
• Visual images, personal appearance and behaviour, for example CCTV images, images captured from drones and body-worn cameras are used as part of building security.
• Whether you are subject to any protection orders regarding your health, well-being and human rights (safeguarding status).
• Emergency Department Appointment Data, taken from NHS Digital's Emergency Department Digital Integration system (further details on this system can be found here).
• Healthcare records which include:
• Notes and reports about treatments and care.
• Details regarding any contact we have had through appointments, telephone calls and home visits.
• Details regarding medical conditions (physical and mental health) for both our patients and, on occasions and subject to patient consent, patients from other Trusts.
• Results of investigations, for example x-rays and laboratory tests.
• Future / current care needs.
• Details regarding agencies, healthcare professionals and relatives involved in your care.
• Racial or Ethnic origin.
• Sexual orientation.
• Genetic and biometric information.
• Sex life information.
• AV files, for internal and external use for both training and marketing purposes.  This information will ONLY be shared with the data subject's EXPLICIT consent.
• Summary Care Record
  • Prior to your appointment, your NHS Summary Care Record (SCR) will be available to view by the hospital staff involved in your care, unless you have previously opted out of having an SCR.  Your SCR contains important information from your GP record including Health & Social Care Information Centre medications, allergies and any bad reactions to medicines.  This information may also be added to the information held within the Integrated Care Record (One Health & Care) and further details of that can be found here
• Personal Demographic Service (PDS)
  • The PDS is a tracing service which helps healthcare professionals to identify patients and match them to their health records. It also allows them to contact and communicate with patients in a number of ways, including by text and email.  Further information about PDS can be found here

On occasions the Trust is required to place an Alert on a patient's record to advise staff of any issues that they may need to be aware of when treating the patient, such as any access difficulties for example.   These Alerts are part of a rigorous review procedure which includes the proportionality of the alert to comply with the requirements of the Human Rights Act (Article 8). 

Information we hold and process for staff, volunteers, job applicants and others:

• Employee details, job applicants, apprentices, complainants, enquirers, survey respondents, suppliers, professional experts, consultants, people captured in closed circuit television images.
• Staff details to allow for the on-line processing of staff COVID vaccination appointments, utilising current technology to facilitate the appointment for example QR Code
• Information for job applicants for the purposes of processing their application and ensuring equality and patient safety.
• In order to comply with statutory requirements and to facilitate the running of the UHNM, staff, volunteers and apprentices information may be shared with third parties that provide services to the UHNM.
• Staff, Volunteers and apprentices information will be processed as part of their contract / agreement with the Trust. This will be fully explained by The Human Resources team and / or your manager.
• Staff, volunteers and job applicants can contact the Trust Human Resources department for further information on how their information is processed.

Personal and confidential information is collected to help us provide you with the best possible care.  This information can come from your GP, referrals, healthcare professionals involved in your care and yourself.

If you apply for a job or are employed at UHNM, we will collect your personal information.

The information provided may be used to:

• Provide healthcare services and treatment.
• Provide chaplaincy and pastoral care services.
• Ensure that money is used properly to pay for the services it provides.
• Investigate complaints, legal claims or important incidents.
• Make sure services are planned to meet patients' needs in the future.
• Review the care given to make sure it is of highest possible standard.
• Manage specialised services.
• Improve the efficiency of healthcare services by sharing information with other organisations (sometimes non-NHS/Social care). These include Age UK, Revival and/or Vast, for example, for a specific, justified purpose which is approved by UHNM's Caldicott Guardian.
• Check and report to our regulators on how well we are performing.
• Provide patient survey's for service improvements.
• Research (consent will always be sought to use your data for this purpose).
• Manage service workload by e-mailing appointment reminders, for example (where we have been provided with an e-mail address).
• Access to the National Summary Care Record (SCR) - staff may often access SCR to review patient records prior to a patient presenting for an outpatient appointment. 

Page version control - v3 - 03.12.21

Your health records may be held in both paper and / or electronic format.  UHNM will keep your health records for specified periods of time in accordance with the Records Management Code of Practice for Health and Social Care 2016.

Although there are exceptions and certain conditions affecting the length of time, UHNM will keep a health record for an adult for a period of 8 years after the last entry.  A child’s record is kept until he/she reaches the age of 26 years old.

Page version control - v2 - 19/03/21

In order to provide you with the best possible healthcare, your personal information may be shared with:

1. Other NHS organisations, including other NHS Trusts, Ambulance Service, GPs, etc.
2. Other NHS organisations who UHNM are collaborating with to provide joint services, for example, with NHSE for the Wayfinder App to enable all UHNM patients to see their outpatients appointment from the NHS App and the Integrated Care Record where UHNM is working collaboratively with other partners in the region (GP Practices, Local Authorities, other Hospital Trusts – Acute, Community and Mental Health) as well as Commissioning Groups to create an integrated care record which will contain data about all patients seen and treated at either of the UHNM Hospitals.  This is not the full record but a snapshot of the data held to help clinicians to provide the most appropriate care.  Also, the West Midlands Digital Pathology Network or the initiative developed by Stoke CCG to manage the healthcare of the city's Homeless.  For further information, see the 'One Health & Care' link
3. Non-NHS organisations that are involved in your care, for example: Social Services, Private Care Homes, Local Councils, Voluntary and Private Sector Providers, Charities, community pharmacies etc.
4. Non-NHS organisations, with whom we have robust contractual arrangements who undertake services on our behalf for example Remote Monitoring of patients for the purposes of providing direct healthcare
5. Non-NHS Organisations that we are mandated to share with for example Cancer Registries, Public Health Notifications, Renal Disease Registries
6. Non-NHS organisations who may contact you if we feel that you will benefit from the services they offer - you are under no obligation to accept and any refusal will not affect future treatment or care by UHNM.

As part of a legal requirement, the Trust has a duty to share your information and includes, but is not limited to:

• Disclosure to the Police for the prevention and detection of crime.
• Prevention and detection of fraud.
• Disclosure under a Court Order.
• Disclosure & Barring Service – for employment/recruitment purposes.
• In the public interest to prevent abuse or serious harm to others.
• Our obligation under a Duty of Contract with:
  • Clinical Commissioning Groups.
  • NHS Digital.
  • Public Health England.
  • Care Quality Commission.
  • Third parties contracted via NHS England.
  • Other Commissioning Support Providers.
  • National Immunisation Vaccination Service for Healthcare Workers (NIVs) - this is a NHS England initiative and further information can be found here.
  • NHS111 (via a System called EDDI) which allows a patient to call to make an appointment at A&E.  You can find out more information about NHS111 here.
  • Evidence for External Accreditations (for example DSP Toolkit)
  • National Congenital Anomaly & Rare Disease Registration Service - national survey managed by Public Health England

Sharing your personal information with other organisations is always governed by specific legislation and transferred in accordance with the requirements of the legislation and the NHS Confidentiality Code of Conduct, including the use of a Secure Portal.  

If you choose to share your personal information with a third party this will not be processed by UHNM

If you have any questions regarding the sharing of your data please contact DPO.UHNM@uhnm.nhs.uk

COVID-19

As part of the treatment pathway for patients being treated for COVID within the Community, an agreement has been reached with Staffordshire Fire & Rescue Service whereby we share patient demographic details to allow the service to deliver medication to patients at home.  This is to reduce the numbers of patients who have to attend the hospital.

In addition, due to the current Covid-19 restrictions on patient visiting, a process for patients' relatives and carers has been put in place so that you are able to receive up to date information.   

The patient will be required to provide staff with a 'password' which friends and relatives can quote when ringing for updates.  This will be explained to the patient on admission.

Alternatively, patients can contact the PALs team who will be able to provide the patient information update.

Page version control - v11 - 07.09.22

The Information Commissioners Office (ICO) is an independent body which regulates the Trust under Data Protection and Freedom of Information legislation.

The Trust is registered with the ICO

Registration Number - Z6476085.

Contact details for the ICO:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF
Telephone: 0303 123 1113

Changes to this Privacy Notice

We will keep this privacy notice under regular review. Each page has its own version control identifying when the page was last updated.

COVID19

The Information Commissioner's Office has made a statement about their working arrangements as a result of the COVID-19 Epidemic.  You can read their updated information here.

Page version control - v2 - 19/03/21

How the NHS and care services use your information

UHNM is one of many organisations working in the health and care system to improve care for patients and the public. 

Important information about you is collected in a patient record for that the service you are using, for example, Accident and Emergency or Services in the Community.   Collecting this information helps to ensure you get the best possible care and treatment and can also be used and to provide other organisations with data for the purposes of your individual care.  These include:

• Research into the development of new treatments.
• Preventing illness and diseases.
• Monitoring safety.
• Planning services.

This information and any patient confidential information will only be used when there is a clear legal basis to use it. 

Most of the time, anonymised Data is used for research and planning is usually anonymised so that you cannot be identified and therefore your confidential patient information is not required. 

You have a choice about whether you want your confidential patient information to be used in this way, and if you are happy with this,  you do not need to do anything.  If you do choose to opt out, your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.  

This web page includes: 

• Explaining what is meant by confidential patient information.
• Examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care.
• Benefits of sharing data.
• Understanding more about who uses the data.
• Finding out how your data is protected.
• Being able to access the system to view, set or change your opt-out setting.
• Details of contact telephone number(s and if you want to set/change your opt-out by phone.
• Situations where the opt-out will not apply.

Further details of how patient information is used is at:

• https://www.hra.nhs.uk/information-about-patients/This covers health and care research.
• https://understandingpatientdata.org.uk/what-you-need-know This covers how and why patient information is used, the safeguards and how decisions are made.

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes.   Data is only used in this way with your specific agreement.

Health and care organisations have until 2020 to put systems and processes in place to enable compliance with the national opt out scheme which allows you to choose how your confidential patient information is used and shared for the purposes beyond your individual care.

Page version control - v2 - 19/03/21

UHNM is working collaboratively with other partners in the region (GP Practices, Local Authorities, other Hospital Trusts – Acute, Community and Mental Health) as well as Commissioning Groups to create an integrated care record which will contain data about all patients seen and treated at either of the UHNM Hospitals.  Further information about One Health & Care can be found here. This is not the full record but a snapshot of the data held to help clinicians to provide the most appropriate care.

This will be a central library of information that each organisation can access (for their own patients only) so that clinicians will have a complete picture of a patients' needs, medications etc.

More information on this initiative can be found by reviewing the information leaflet which can be accessed by clicking the link here.

Page version control - v4 - 03.11.22

In some circumstances it may be necessary to transfer your personal information overseas.  If this is required, information will only be shared within the European Economic Area (EEA) unless additional safeguards have been put in place to protect your information.

Any transfers that do take place will be made in full compliance with all aspects of Data Protection legislation and you will be informed by the Trust beforehand.

Page version control - v2 - 19/03/21

UHNM makes use of CCTV systems, including body worn cameras and images captured from drones.   These are used as part of building security for crime prevention in line with the Information Commissioners CCTV code of practice.  You have a right of access if you wish to request your data captured on CCTV.

Page version control - v2 - 19/03/21

If you have any questions about our Privacy Notice or information we hold about you, please contact:

Data Security & Protection Team,  DSPUHNM@uhnm.nhs.uk

or alternatively

the Trust’s Data Protection Officer  DPO.UHNM@uhnm.nhs.uk

If you would like to make a complaint about how your information is being used you can discuss your concerns with our Patient Advice and Liaison Service (PALS)   Email: patientadvice.uhnm@nhs.net) or you can contact our Complaints Department, email: complaints.department@nhs.net)

Royal Stoke PALS office, situated inside the main building entrance

Monday to Friday between 9.00am and 4.00pm (excluding bank holidays).

Tel: 01782 676450 / 01782 676455 / 676435

County Hospital PALS office situated inside the main entrance is open

 Monday to Friday 9:00am to 5:00pm  (excluding bank holidays).

Tel: 08000 407060 / 08000 721 646

If you want to contact us in writing please use the below address:

Chief Executive OR Chief Nurse

University Hospitals of North Midlands

Trust Headquarters

Royal Stoke University Hospital

Newcastle Road

The University Hospitals of North Midlands Trust is committed to the Freedom of Information Act 2000.

The NHS is facing unprecedented challenges relating to the COVID-19 at the current time and understandably our resources have been diverted to support our front-line colleagues who are working tremendously hard to provide care for our patients and to those in need of our services.  During this time it is likely that responses to some requests for information may be delayed.  We will endeavour to provide you with as much information as we can as soon as we can.  UHNM continues to strive to be transparent and to work with an open culture.  The Information Commissioner's Office has recognised the current situation in the NHS.

Page version Control - v3 - 07/09/23

UHNM will engage with other organisations on projects which may involve sharing patient data.  Such sharing is always undertaken in a lawful way, according to the Data Protection Act (2018). 

We include below links to the projects currently approved:

One Health & Care (an Integrated Care Record) - https://www.twbstaffsandstoke.org.uk/about-us/our-work/one-health-and-care

Patient Health Record (PHR) - This is part of the One Health & Care Integrated Care Record and allows the patient to access elements of their own record via an App - https://www.twbstaffsandstoke.org.uk/about-us/our-work/one-health-and-care/personal-health-record-privacy-notice

Team Prevent (for staff Occupational Health) - https://www.teamprevent.co.uk/storage/user/Privacy_Statement_TEAM_PREVENT.pdf​

COVID-19 – Supplementary Privacy Notice - http://www.uhnm.nhs.uk/media/3369/supplementary-privacy-note-on-covid-19-for-patients.docx

Keele University - https://www.keele.ac.uk/privacynotices/privacynotice-students/

Smart with your Heart (NHS Test Bed project for Heart Failure patients; Cardiac Re-hab patients and Community Heart patients):

Florence 'FLO' - https://legal.mediaburst.co.uk/

Recap Health - https://health2works.com/privacy-policy/ 

Fair Processing - Research 

Fair Processing Notice for Staff

Fair Processing Notice for Children

NHS Secure Boundary - a service managed by NHS Digital to improve the detection of cyber security threats to NHS organisations' internet breakout traffic. -

https://digital.nhs.uk/about-nhs-digital/our-work/keeping-patient-data-safe/gdpr/gdpr-register/nhs-secure-boundary​

Page Version Control - v7 - 09/06/22

UHNM uses a number of different methods to communicate with our patients which have been reviewed by the Data Security & Protection team.   UHNM can assure patients that the most secure methods are used you will be made aware of which method before making contact.  

These include:

• Writing to you.
• Text message. This may be used if a clinic appointment needs to be rescheduled and we need to contact you quickly.
• Telephone.
• Email. This may be as part of the One Health and Care Project (see further information on this above) and Electronic appointment letters may be sent.
• Video conferencing. This is sometimes advantageous when staff are working remotely.
• Video Diagnosis - We may use video conferencing to help clinicians when making a diagnosis if the patient is not able to attend Clinic
• Secure App. You may be offered the opportunity to provide updated information via a secure app.

We may send electronic appointment letters or, on occasions, we may contact you by video conferencing.  We may even offer you the opportunity to make contact with us to provide updated information via a Secure App which allows you to provide us with updated information.

If you have any questions about how we contact our patients, please contact that Data Security & Protection Team (DSPUHNM@uhnm.nhs.uk)

Page version control - v4 - 18/06/21

Now that the UK has formally left the EU, this has had an effect on the Trust's practices in terms of data being transferred to and from the  EU.

The Trust's Data Security & Protection team have been following the Government's guidance (together with the guidance provided by the Information Commissioner's Office and NHS Digital) and has taken steps to assure itself that any data held off-shore (most usually via a Supplier's Cloud Storage arrangements) can be retrieved at any time.

Along these lines, the Trust is also making appropriate arrangements to provide assurance of data security for any information which may held (or processed) in the United States.  Such processing is most usually an element of our contractual arrangements with Suppliers which may include maintenance support by those suppliers.

Page Version Control - v1 - 28.1.21

UHNM are pleased to offer patients the opportunity to sign up for Patients Know Best (PKB) - our patient information portal that gives you secure access to your medical information from any smartphone, tablet or computer. 

It is intended that you will be able to:

• view all your hospital letters and appointments online 
• see your test or radiology results

with other applications becoming available over time.

The service is provided in partnership with Patients Know Best (PKB). 

You can find answers to some Common Questions, or learn more about the features of the PKB Patient System at Patients Know Best

Page Version Control - v1 - 15.11.22

UHNM NHS Trust - Staff Privacy Notice August 2024

September 2023

University Hospitals of North Midlands (UHNM) is required to provide you with details on the type of personal information which we collect and process.  In addition to any other privacy notice which we may have provided to you, this notice relates to the information collected and processed in relation to the FPPT.

The FPPT in ESR is commissioned by NHS England.

Contact:                  Nicola Hassall

Address:                 Ground Floor, Springfield, Royal Stoke, Newcastle Road, ST4 6QG

Phone Number        01782 676625

Email:                     nicola.hassall@uhnm.nhs.uk  

The type of personal information we collect is in relation to the FPPT for board members and is described below, much of which is already collected and processed for other purposes than the FPPT:

1. Name and position title
2. Employment history – this includes details of all job titles, organisations, departments, dates, and role descriptions
3. References
4. Job description and person specification in previous role
5. Date of medical clearance
6. Qualifications
7. Record of training and development in application/CV
8. Training and development in the last year
9. Appraisal, incorporating the completion of Leadership Competency Framework
10. Record of any upheld, ongoing or discontinued disciplinary, complaint, grievance, adverse employee behaviour or whistleblowing findings
11. DBS status
12. Registration/revalidation status (where required)
13. Insolvency check
14. A search of the Companies House register to ensure that no board member is disqualified as a Director
15. A search of the Charity Commission’s register of removed Trustees
16. A check with the CQC, NHS England and relevant professional bodies where appropriate
17. Social media check
18. Employment tribunal judgement check
19. Exit reference completed (where applicable)
20. Annual self-attestation signed, including confirmation (as appropriate) that there have been no changes

Processing of this data is necessary on the lawful basis set out in Article 6(1)(e) UK GDPR as the foundation for the database.  This is because it relates to the processing of personal data which is necessary for the performance of the FPPT which is carried out in the public interest and/or in the exercise of official authority vested in the controller.

For Care Quality Commission (CQC) registered providers, ensuring directors are fit and proper is a legal requirement for the purposes of the Health and Social Care Act 2008 (Regulated Activities) Regulations 2014, and organisations are required to make information available connected with compliance to the CQC.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you as part of your application form and recruitment to satisfy recruitment checks and the FPPT requirements.  We may also receive personal information indirectly, from the following sources in the following scenarios:

• References when we have made a conditional offer to you
• Publicly accessible registers and websites for our FPPT
• Professional bodies for FPPT to test registration and or any other ‘fitness’ matters shared between organisations
• Regulatory bodies, eg CQC and NHS England

We use the information that you have given us to:

• conclude whether or not you are fit and proper to carry out the role of board director
• inform the regulators of our assessment outcome.

We may share this information with NHS England, CQC, future employers (particularly where they themselves are subject to the FPP requirements), and professional bodies.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

• We need it to perform a public task.

How we store your personal information

Your information is securely stored.  We keep the ESR FPPT information including the board member reference, for a career long period. We will then dispose of your information in accordance with our policies and procedures regarding retention periods as set out in Policy DSP16 Information Lifecycle & Records Management and the Records Management: NHS Code of Practice.

Your data protection rights

Under data protection law, you have rights including:

• Your right of access – You have the right to ask us for copies of your personal information
• Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete
• Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances
• Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances
• Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances
• Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances
• You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you

Please contact DSPUHNM@uhnm.nhs.uk

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at DPOUHNM@uhnm.nhs.uk  You can also complain to the Information Commissioner’s Officer (ICO) if you are unhappy with how we have used your data.

The ICO’s address

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk

Cookies are text files containing small amounts of information that some websites leave on your computer. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow websites to recognise a user's device, let users navigate between pages efficiently, remember user's preferences, and generally improve the user experience.

We use cookies to remember your accessibility preferences and for sending website usage data to Google Analytics, in order for use to better understand how our website is being used and whether we should make changes to improve the experience of our visitors.

By using this website, you consent to the processing of data by UHS in the manner and for the purposes set out above. ​You can find out more information about cookies at www.allaboutcookies.org.

Page version Control - v1 - 07/09/23