Privacy Notice
Why we need your personal data
In order to provide your Medical treatment and ensure you are treated effectively we must hold sufficient data so you can be personally identified. This includes NHS Number, First Name, Last Name, Date of Birth, Address, email address and phone number.
We will not collect any personal data from you that we do not need to provide and oversee the services we have agreed to provide you with.
Your doctor will provide us a clinical summary of the diagnostic examination required and the underlying medical condition along with who they want the report to go to, this may include requests for reviews.
If we do not have this information we may be unable to perform your diagnostic examination and medical treatment.
What we will do with your personal data
All personal data held by us as part of your care pathway, will only be viewed by East Sussex Outpatients (ESOPS) staff in the European Economic Area that are actively involved in your care. This information will never be passed to any outside source other than:
- where requested by the clinician who has referred you to our
service for treatment.
- where requested by any sponsor or payor of your care ie. Private
health insurer.
- where requested by you, the owner of the information.
As part of your treatment we collect and process data from the following channels:
- Information passed to us from healthcare professionals
(Consultants, General Practitioners and Allied Health Professionals) providing
your treatment.
- Information collected via telephone conversations with you as
part of your care pathway. Please note telephone calls may be recorded for
quality and training purposes.
- Any written letters we may send or receive with regards to your
care.
- Information collected via our online referral system and website
including completed web forms.
Decisions about your care will always be taken by the clinician treating you and not on any automated process using the data we have collected about you.
Storage of personal data
We take all reasonable steps to ensure your personal data is processed and stored securely. We do not store any personal data outside of the European Economic Area. By submitting personal data you agree to the transfer of information to us and the subsequent storage of this data.
We will take all necessary steps to ensure that your data is transmitted and stored in compliance with the current data protection laws and regulations.
How long will we keep your personal data
We will keep your personal information in line with the NHS Records Management Code of Practice (the ‘Code’). Depending upon the condition diagnosed, data may be stored for up to 30 years for Cancer diagnosis and illness that may reoccur. At the end of the Code’s prescribed period personal information will destroyed if it is no longer required for the lawful purpose(s) for which it was obtained.
How else would we like to use your personal data
Where we have had your consent, we may contact you to learn about the quality of your experience with us and how satisfied you are with the care we have provided.
As part of our contractual requirements to deliver your care pathway we may invite you to take part in a survey for quality purposes.
This information will not be shared with any third party and will not include your medical data or medical history.
The legal basis for processing and storing your personal data
We’ll process your personal data:
Your Rights under GDPR
To meet the requirement that we are fair and transparent with your data, you have the following rights under GDPR (noting that these rights don’t apply in all circumstances):
- The right to request access to your personal data and
information about how we process it;
- The right to be informed about our processing of your personal
data;
- The right to have your personal data corrected if it’s
inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be
forgotten”);
- The right to move, copy or transfer your personal data (“data
portability”);
- Rights in relation to automated decision making including
profiling
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
If you wish to exercise any of your rights above please email ehsccg.esops-admin@nhs.net with the subject: GDPR Update.
Please note each request will be considered upon merit and actioned in line with the necessary requirements/exemptions.