Our core purpose is to work with people and lead communities in improving their mental and physical health and wellbeing for a better life; through delivering excellent and responsive prevention, diagnosis, early intervention, treatment and care.
Derbyshire Healthcare NHS Foundation Trust (the “Trust”) is committed to protecting the privacy of its users.
Coronavirus has been added as a notifiable disease under the Health Protection (Notification) Regulations 2010. Therefore, there is now a duty on the Trust and its staff to notify suspected coronavirus cases to the ‘proper officer’ of the local authority for where the practitioner attended on the patient (i.e. the local health protection team).
In urgent cases, this may be made orally. In all cases a written notification must be made within three working days of the suspicion arising. This then triggers duties on the local authority to notify PHE and the local authority where the patient resides (if different).
As there is a legal obligation to make the notification, there is no need to obtain consent from the patient. However, where possible we will continue to use good practice and inform the patient that the notification is being made.
In this instance, the Trust will disclose the information under Article 9(2)(j) of GDPR (processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health), and confidential patient information can be lawfully disclosed in the public interest, without consent, where the benefits to an individual or to society outweigh both the patient’s and the public interest in keeping the information confidential.
The Trust may contact staff and service users with public health messages relating to Coronavirus by text, phone, letter or e-mail. The Information Commissioners Office does not class this contact as direct marketing, therefore we do not need your Consent before contacting you. There is more information available here: ICO: Coronavirus and personal data
The Trust works with a number of authorised third-party partners, in order to deliver the services described on the Website and such authorised third-party partners are data processors (“Data Processors”) for the purposes of the Act.
Derbyshire Healthcare NHS Foundation Trust is the data controller (“Data Controller”) for the purposes of the Act and can be contacted at Ashbourne Centre, Kingsway Site, Derby, DE22 3LZ.
The Trust is registered with the ICO:
The Trust is committed to protecting your privacy. You can visit all pages on the website without asking for any information.
We do not automatically store or collect any personal information about our visitors, neither do we store nor collect personal information from other sources, such as public records or private organisations.
We do collect information from the technology that is used to view our site which we use to analyse trends and administer the site. The data collected to enable us to do this is anonymous and does not identify you as an individual.
But sometimes the Trust does need Information to provide the services that you request. This document is designed to give you a clear explanation of the Trust’s data processing policies. Please see below for further information. If you have any questions or concerns relating to the Trust’s use of your Information and/or data protection, please contact the Data Controller at our registered office address above.
You may send us, or we may ask you, or we are sent via a third party or we may create the following Information:
The Trust may also collect certain information about your computer hardware and software, this includes:
The Trust may, in limited circumstances, disclose your Information to third parties. These third parties may be other health care providers who will assist with patient care;
The Trust and/or our partners may use your Information in the following ways:
When your Information is used we will use one or more of the following legal bases:
We may use and process your personal information where you have consented for us to do so for the following purpose:
Your data will not be passed, sold or given to any third parties for the purposes of marketing. You may withdraw your consent for us to use your information in any of these ways at any time. Please see the “Withdrawing your consent” section.
We may use and process your personal Information where it is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract with you including for the following purposes:
We may use your personal information without your consent if we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.
We will use your personal information to comply with our legal obligations including: (i) to assist HMRC, to prevent and detect fraud, to secure the effective and efficient delivery of NHS and related services, for benefits and tax administration and as part of an appeal. (ii) to identify you when you contact us; and (iii) to verify the accuracy of data that we hold about you.
The Trust will not be using legitimate interest as a basis for using your personal information.
We will use your personal information as necessary for the performance of a task carried out in the public interest and in the exercise of official authority. The Trust may also use your personal information to conduct research. The official authority is the Health and Social care (Community health and Standards) Act 2003. Your health data will be processed by the Trust using this legal basis.
Personal data concerning health is a special category of personal data. The Trust will use your personal data under a special part of the new law: Article 9(2)(h) which includes “medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems”.
The Trust will also use your personal information containing health for reasons including:
The Trust might also use special categories of personal information for research. This might include medical data, ethnicity, faith, gender and biometric information. For this we will use part 9(2)(j) of the law which allows us to conduct proportionate research or statistical purposes.
When using your special categories of personal data we will use it in accordance with UK law and provide suitable and specific measures to safeguard your fundamental rights and interests.
We use your personal information to provide healthcare to you, and to help with that healthcare (for example, booking and managing your appointments). Your information may be used for clinical audit, where the team involved in your care will check the quality and results of the treatment provided. Your information may also be used to investigate incidents and complaints.
We may use information about you, and the healthcare that you have received, to improve the care that we provide to all patients. This includes medical research, monitoring and improving our services, and for medical purposes where we believe the public will benefit. We also take part in national schemes which collect data from NHS organisations all over the country. The department where you are being treated will give you information about any local or national schemes for the type of care that you are receiving.
When information is shared outside the team that cared for you, we take out any details that would identify you, unless we have your permission or specific authority from the Secretary of State for Health or the Health Research Authority.
Without medical research there would be no new medicines or tests, improved treatments, or better ways of providing healthcare. Sometimes research takes place in the laboratory and sometimes we need you to get involved.
The aim of research is to:
There is also evidence to suggest that when healthcare organisations engage in research, it is likely to have a positive impact on their performance and patient outcomes. As such, the Trust is proud to be a research-active organisation and it is dedicated to supporting clinical research. Its staff may view health records in order to offer new research opportunities to patients and carers, to support the development of treatments and improve the way the Trust delivers healthcare.
This Trust only participates in research where there is an agreed, clearly defined reason for the research that is likely to benefit healthcare and patients. Such proposals will normally have a consent process, ethics committee approval and be in line with the principles of Article 89(1). Identifiable data will be shared with researchers either with explicit consent – Article 6.1(e) and 9(2)(h) – or, where the law allows, without consent – Articles 6.1(e) and 9(2)(j) and 9(2)(h). For further information please see our Data Protection or Research parts of the website.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the contact details in this policy.
Please note that while The Trust will endeavour to make the updates as promptly as possible, communications may be sent using the original details until the changes have been processed.
Where we rely on your consent as the legal basis for processing your personal information, as set out under “How we use your personal information” in Section 4, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to which you previously opted in, you can also do so by contacting us either by telephone, post or e-mail. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
Where we rely on our public task as the legal basis for processing your personal information for any purpose(s), as mentioned in the “How we use your personal information” section, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. Your right to object will not apply where the information is being used for research or statistical purposes.
You may also contest a decision made about you based on automated processing by contacting the data protection department.
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information in the following situations:
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for your health, for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under “How we use your personal information”, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
From time to time, and where you have given your permission to do so, the Trust may wish to contact you with information regarding other information about the Trust.
If you decide you do not want to receive those marketing communications, you can unsubscribe using the following methods:
The Trust follows the standard NHS approved procedure for records management which can be found on the NHS England website.
Our organisation is currently compliant with the national data opt-out and is able to apply your choice to any confidential patient information it uses or shares for the purpose beyond your individual care. You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care. To find out more or to register your choice to opt out, please visit the NHS Your Data matters website.
On this web page you will:
You can change your mind about your choice at any time. Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
We are committed to ensuring your Information is secure. As part of our efforts to protect your Information, the Trust will never send you emails asking for your personal Information.
If you do receive such an email or are asked to disclose this information by someone claiming to work for The Trust please report the communication to our Data Controller using the following methods:
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website, whichever is the earlier. We recommend you regularly check for changes and review this policy when you visit our website. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease using our services.
If you have any questions, suggestions or complaints about the processing of your personal information or wish to contact us to amend/update your information or if you wish to access the information we hold about you, please contact us using the details below:
Records Management Team IM&T and Records
East Wing Kingsway House
If you have any queries or concerns about how we use your information, please speak to the staff involved in your care. More detailed questions about how we use your information which cannot be discussed or resolved by a member of staff can be discussed with the Patient Experience Team on 01332 623751 or 0800 027 2128.
Our Trust Data Protection Officer can be contacted using details below:
IM&T & Records Department
Derbyshire Healthcare NHS Foundation Trust
Kingsway House East Wing Room 017 | Kingsway Hospital| DE22 3LZ
Telephone: (01332) 623700 Email: email@example.com
You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details or use the contact details below.
Information Commissioner’s Office
The content of this website is the copyright of Derbyshire Healthcare NHS Foundation Trust unless stated otherwise. You may only download material for your personal use, private study, research or in-house use. You must not copy, distribute or publish any material from this website unless formal permission is obtained from the copyright holder.
While we have tried to compile accurate information on this site – and to keep it updated – we cannot guarantee that it is 100% complete or correct.
The information provided on this site does not constitute professional advice and is subject to change.
Links from this website are only provided for your information and convenience. We cannot accept responsibility for the link sites available through this website or the information found on them. A link does not imply we endorse a particular site. Neither does not linking to a site imply lack of endorsement.
Please note that Derbyshire Healthcare NHS Foundation Trust is not responsible for the privacy policies of other websites. We advise you to read the privacy statements of other sites when you leave Derbyshire Healthcare NHS Foundation Trust webpages.
We cannot guarantee uninterrupted access to this website, or the sites it links to. We cannot accept responsibility for any damages which arise from the loss of use of this information.
Our privacy statement below discloses the privacy practices for this website.
Derbyshire Healthcare NHS Foundation Trust does not collect or keep any personal information about site users as a matter of course.
We will only retain any personal information you provide via the website feedback forms to assist us with your enquiry or complaint. This information is treated confidentially – in the same way, as your medical records would be. The information you provide will only be shown to such of our employees who need it to deal with your comments or enquiry.
Any confidential information you provide to us is governed by our Data Protection Policy and codes of conduct.
We use records of the number of visitors our site has to analyse trends, or administer the site and to see what pages visitors use. These records do not contain personal information.
You can access and browse this site without disclosing your personal identifiable information.
Every reasonable effort has been made to ensure that the information held on this website is free from computer viruses or other contamination. However, it is recommended that content downloaded from this site is checked by your own anti-virus checking system prior to use.
Derbyshire Healthcare NHS Foundation Trust cannot accept liability for any damage caused to computer systems and/or data contained therein by any product, including viruses, in content downloaded from this website.
Any changes to this disclaimer or the privacy statement below will be posted on our homepage so that our visitors are always aware of what information we collect and how we use it.
Children and young people's services
Learn about our services for people with a learning disability
Make an appointment
Information for members of the public and health professionals on requesting treatment and support
Learn about different ways to stay healthy and well