East Sussex Outpatient Services
Please make your enquiry here

Privacy Notice

Why we need your personal data

In order to provide your Medical treatment and ensure you are treated effectively we must hold sufficient data so you can be personally identified. This includes NHS Number, First Name, Last Name, Date of Birth, Address, email address and phone number.

We will not collect any personal data from you that we do not need to provide and oversee the services we have agreed to provide you with.

Your doctor will provide us a clinical summary of the diagnostic examination required and the underlying medical condition along with who they want the report to go to, this may include requests for reviews.

If we do not have this information we may be unable to perform your diagnostic examination and medical treatment.

What we will do with your personal data

All personal data held by us as part of your care pathway, will only be viewed by East Sussex Outpatients (ESOPS) staff in the European Economic Area that are actively involved in your care. This information will never be passed to any outside source other than:

  • where requested by the clinician who has referred you to our service for treatment.
  • where requested by any sponsor or payor of your care ie. Private health insurer.
  • where requested by you, the owner of the information.

As part of your treatment we collect and process data from the following channels:

  • Information passed to us from healthcare professionals (Consultants, General Practitioners and Allied Health Professionals) providing your treatment.
  • Information collected via telephone conversations with you as part of your care pathway. Please note telephone calls may be recorded for quality and training purposes.
  • Any written letters we may send or receive with regards to your care.
  • Information collected via our online referral system and website including completed web forms.

Decisions about your care will always be taken by the clinician treating you and not on any automated process using the data we have collected about you.

Storage of personal data

We take all reasonable steps to ensure your personal data is processed and stored securely. We do not store any personal data outside of the European Economic Area. By submitting personal data you agree to the transfer of information to us and the subsequent storage of this data.

We will take all necessary steps to ensure that your data is transmitted and stored in compliance with the current data protection laws and regulations.

How long will we keep your personal data

We will keep your personal information in line with the NHS Records Management Code of Practice (the ‘Code’). Depending upon the condition diagnosed, data may be stored for up to 30 years for Cancer diagnosis and illness that may reoccur. At the end of the Code’s prescribed period personal information will destroyed if it is no longer required for the lawful purpose(s) for which it was obtained.

How else would we like to use your personal data

Where we have had your consent, we may contact you to learn about the quality of your experience with us and how satisfied you are with the care we have provided.

As part of our contractual requirements to deliver your care pathway we may invite you to take part in a survey for quality purposes.

This information will not be shared with any third party and will not include your medical data or medical history.

The legal basis for processing and storing your personal data

We’ll process your personal data:

  • As necessary to fulfil the request of the doctor or clinician who referred you to our service.
  • As necessary to comply with all current legal obligations placed upon us.
  • Based on your consent.
  • Your Rights under GDPR

    To meet the requirement that we are fair and transparent with your data, you have the following rights under GDPR (noting that these rights don’t apply in all circumstances):

    • The right to request access to your personal data and information about how we process it;
    • The right to be informed about our processing of your personal data;
    • The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
    • The right to object to processing of your personal data;
    • The right to restrict processing of your personal data;
    • The right to have your personal data erased (the “right to be forgotten”);
    • The right to move, copy or transfer your personal data (“data portability”);
    • Rights in relation to automated decision making including profiling

    You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.

    If you wish to exercise any of your rights above please email ehsccg.esops-admin@nhs.net with the subject: GDPR Update.

    Please note each request will be considered upon merit and actioned in line with the necessary requirements/exemptions.