Who we are and our data protection officer
Confidentiality affects everyone: Northern Lincolnshire and Goole NHS Foundation Trust collects stores and uses large amounts of personal data every day, such as medical records, personal records and computerised information.
The Trust has a Data Protection Officer who ensures the Trust is accountable and compliant with the Data Protection Act 2018:
Information Governance Team
New Beacon House
Ridgeway
Scunthorpe
DN17 1BS
Trust Membership
Northern Lincolnshire and Goole NHS Foundation Trust is committed to ensuring that the privacy of its members is protected and that members understand how their information is used by the Trust. This notice sets out how and why we collect and use your personal information, and how we protect it. If we ask you to provide certain information by which you can be identified, it will only be used in accordance with this privacy notice and in compliance with the law. This statement was effective from April 2024, and we may change this notice from time to time by updating this notice.
What information we collect
We currently collect the following information from our members:
- Title and full name
- Address and postcode
- Date of birth
- Gender (where you choose to provide it)
- Ethnicity (where you choose to provide it)
- Phone numbers and email addresses
What we do with the information we collect
We require this information for the following reasons:
- To maintain a representative membership from our local and staff communities
- Internal record keeping
- To respond to you if you have made an enquiry
- To contact you and share details of member events, membership newsletters and details of surveys or consultations you may be interested in and which will assist the Trust in discharging its functions as part of the delivery of the NHS.
Legal Basis for processing
We process your data as described in this Privacy Notice as part of discharging our Foundation Trust statutory requirements (in legal terms the legitimising condition is under “Article 6(1)(e) GDPR)) and so as to ensure we maintain a representative membership from the local and staff communities (the legitimising condition for this is to monitor equality of opportunity under Schedule 1 paragraph 8 of the Data Protection Act 2018). You will always be given the opportunity to opt out of communication by any channel at any time, by contacting the Communication Team via 03033 302528 or [email protected]
How long we keep data for
We keep information about our members for the length of their membership of the Trust. All records held by the NHS are subject to the NHS England (NHSE) Records Management Code of Practice (the Code), published August 2021 and updated August 2023. The Code sets out best practice guidance on how long we should keep your patient information before we are able to review and securely dispose of it.
We do not share personal information about our members
Everyone working within the NHS has a legal duty to keep information about you confidential. Membership data is not shared further within the Trust or with anyone outside of the Trust, other than to manage the Trust’s membership.
The Membership Database is an in-house database which is managed internally by the Trust.
We do not profile data or make decisions by wholly automated means.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
Under the NHS Confidentiality Code of Conduct, all our staff are required to protect your information, and inform you of how your information will be used. Everyone working for the NHS is subject to the common law of duty of confidentiality.
All staff are required to undertake annual mandatory information governance training which includes data security. This ensures that staff are aware of their information governance responsibilities and follow best practice guidelines, ensuring the necessary safeguards and appropriate use of person-identifiable and confidential information.
At Trust Board level, we have appointed a Senior Information Risk Owner who is accountable for the management of all information assets and any associated risks and incidents, and a Caldicott Guardian who is responsible for the management of patient information and patient confidentiality.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that external website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Your rights
You have various rights under Data Protection law, to ask us what information we hold about you (to make a “subject access request”), to ask us to correct information about you which is inaccurate, or to object to our use of information about you. You may also have a right, in certain circumstances, to restrict our collection or use of your personal information, or to ask us to delete information about you.
To exercise any rights, including if you have previously given us your permission to contact you and have now changed your mind, you can let us know by emailing [email protected] or writing to:
Communications Team
Beacon House
Ridgeway
Scunthorpe
DN17 1BS
This may mean, though, that we cannot update you about meetings or other activities or activities which are relevant to your membership.
If you request that we do not contact you again, we will respect your wishes. It may take up to 28 days for us to update our records and for you to stop receiving communications from us.
We do not have any access to your medical records when handling your information in connection with your membership. We will not sell or lease your personal information to third parties. We will not share your information with a third party for their own purposes unless required by law to do so. If you believe that any of the information we are holding on you is incorrect or incomplete, please contact us as soon as possible, so that we can correct the information.
Freedom of Information
The Freedom of information Act 2000 provides any person with the right to obtain information held by Northern Lincolnshire and Goole NHS Foundation Trust, subject to a number of exemptions. If you would like to request some information from us, please use www.nlg.nhs.uk/foi/make-an-foi-request/ or email [email protected]
Freedom of Information Department
West Arch
Diana Princess of Wales Hospital
DN33 2BA
E mail address [email protected]
Your right to complain to the Information Commissioner’s Office (ICO)
If the Trust is unable to comply with your request, or if you are unhappy about the way in which we have handled your information, please talk to us. If you would prefer, or consider that we have not dealt with your concern appropriately, you have the right to complain to the ICO at https://ico.org.uk.