Privacy notice - children and young adults

Personal data means any information that can identify a person. The person is known as a data subject. Examples of personal information include your name, address, date of birth, next of kin and GP. Personal data can also include images of you, for example, photographs or recordings made using Closed Circuit Television (CCTV) systems.

Special categories of personal data include:

• race;
• ethnic origin;
• politics;
• religion;
• trade union membership;
• genetics;
• biometrics;
• health;
• sex life; or
• sexual orientation

Nottinghamshire Healthcare NHS Foundation Trust (the Trust) is a major provider of mental health, intellectual disability and specialist mental health services, community physical health for both adults and children, and our low, medium and high secure hospitals including Rampton Hospital. The Trust works in partnership with other healthcare providers. We have around 9,600 staff.

We are registered to collect and use personal information. For this responsibility, the Trust is known as a 'Data Controller'.

To help us to look after your information and support your rights, we have appointed a Data Protection Officer (DPO).

The role of the DPO includes making sure we are looking after information properly and to provide advice on data protection. The DPO can be contacted via DPOEnquiries@nottshc.nhs.uk

The European Union (EU) General Data Protection Regulation came into force on 25 May 2018 and was designed to bring laws for the use of information up to date throughout the European Union. The UK Government also introduced the Data Protection Act 2018.

Since leaving the EU, the UK Government has further updated our data protection laws through the UK General Data Protection Regulation (UK GDPR).

The law:

• Introduced special protection of children's (defined to be under 13) personal data
• Says that unless very specific and limited circumstances apply, we need to ask you (seeking your consent) to use special category personal data (see Section 2 about this)
• Includes IP (computer) addresses, internet cookies and DNA as personal data
• Makes it easier and free for you to ask for copies of your information - if you are over 13 you will be able to make this request yourself without your parent/guardian's permission
• Makes it easier for you say you don't want your information to be used
• Allows you to ask for your information to be removed or corrected.

For more information please visit the Nottinghamshire Healthcare website.

The Trust is registered with the Information Commissioner's Office and the Trust's registration number is Z8086442.

The UK GDPR says that we need to make people aware of our lawful basis for using information. We call this processing of information.

The lawful basis for the processing of information is listed in Article 6 and 9 of the UK GDPR. It says that we can use information to provide health care, protect someone's life, and to meet our obligations. We sometimes use information for other reasons such as making sure our computer systems are secure and are being used properly. This type of processing helps the Trust to meet our 'legitimate interests'.

Sometimes we keep records to help investigate what happened if something goes wrong for example, CCTV images of an incident when someone got hurt. We might also share the CCTV images with the police if we need to.

There are times when we will need to ask your permission to use your information. If you are over 13 years old, we can ask you. If you are under 13 years old, we will need to ask your parent/guardian for permission.

There will also be times when we have to share your information with other third parties, but we will not disclose information to third parties unless there are specific circumstances, such as when your health and safety or the health or safety of others is at risk, where current legislation permits or requires it or where we have explicit consent.

The Trust keeps records about the health care and treatment you receive as one of our patients. This helps to ensure that you receive the best possible care from us.

It is important for us to have a complete picture of you as this will help our staff to deliver the right treatment and care plans in accordance with your needs.

The personal information we collect about you may also be used to:

• inform you at aged 13+ or your parents or guardians about your appointments
• review the care we provide to make sure it is of the highest quality
• support the funding of your care
• prepare figures for the Department of Health and other regulatory bodies
• help to train and educate our healthcare professionals
• report and investigate complaints
• report events to the appropriate authorities
• review your suitability for research study or clinical trials

• Name, address, date of birth, NHS Number and next of kin
• Your GP
• Contacts we have had with you such as referrals to our services, clinic visits, in patient stays
• Details of diagnosis and treatment
• Allergies and health conditions
• Special Category data (see section 2)
• Images such as photographs or CCTV images

Some of the information that we hold about you will be information that you have given to us. We will also hold information from other sources for example, your GP or another organisation that is working with you or provided you with care in the past.

If we don't have enough information about you then we might not be able to provide you with the right type of care.

We will hold your information as an electronic record on information systems or as a securely stored paper record. Only those people who are allowed to will access your information.

We make every effort to keep your information accurate and up to date and we need you to let us know when there are changes to your personal information so that we can update our records.

We don't keep your information for any longer than necessary. The Department of Health gives us guidance about how long records must be kept. More information about this can be found in the NHS Records Management Code of Practice .

Your information is not routinely processed outside of Europe by the Trust for the purpose of your healthcare.

If you are worried about what information we have about you, please speak to any of the doctors, nurses and staff who look after you so they can answer your questions.

We may need to share information from your records with other organisations from which you are also receiving care. However, we will not disclose any health information to others without your explicit consent unless there are special circumstances, such as when the health or safety of you or someone else is at risk or where the law says that we have to.

These organisations may include but are not restricted to:

• Other healthcare providers
• Social Services
• Police
• Local authorities
• Education Services

We also work in partnership with organisations that we will need to share information with. These organisations may include but are not restricted to:

• Sure Start Children's Centres (NCFP)
• Family Action
• Rotherham North Notts (RNN Group)
• Women's Aid
• Homestart UK
• Early Years providers

The Trust participates in the Nottinghamshire Care Record. This is a secure digital system that allows the people who are caring for you to see relevant information about you that is held by other organisations. For example, our healthcare staff can see information about when you've been to the hospital or to see your GP. They can also see test results, medication and care plans. Having access to the information they need in one place at the right time helps our healthcare staff to provide you with the best care. Only staff who are properly trained and authorised will be able to access your records in the Nottinghamshire Care Record. Information in the Nottinghamshire Care Record is securely processed on behalf of the Trust and the other healthcare providers who share data by the Interweave Consortium. To make sure your information is kept safe, a legal agreement is in place that says how and when information can be processed.

Right to be informed

The UK GDPR says that we have a duty to provide you with information about how your personal and special category data is collected and used. This is provided within this document. If you have any additional questions, please contact  DPOEnquiries@nottshc.nhs.uk   or speak to any of the doctors, nurses and staff who look after you.

Right to rectification and erasure

The UK GDPR says that you have the right to request the correction of information about you that isn't accurate. You also have the right to request the erasure of your information. However, we may not be able to meet these rights in full because it might be necessary for us to continue to use your information for lawful reasons.

Right to object to, or restrict processing

You have the right in certain situations to ask us to stop using your information. You can also ask us not to send you information. However, we may not be able to meet these rights in full because it might be necessary for us to continue to use your information for lawful reasons.

Rights in relation to automated decision making and profiling

We do not use your information to make automated decisions about you, or to undertake profiling.

Access to information/subject access

You can ask for a copy of the information we hold about you by emailing  accesstoinformation@nottshc.nhs.uk.  You can also telephone us to make a request. This information is generally available to you free of charge as long as we receive appropriate identification. Please speak to any of the doctors, nurses and staff who look after you if you would like to ask for a copy of the information we hold about you.

Data portability

The right to data portability allows people to have and reuse their information for their own purposes across different services. It allows them to move, copy or transfer information easily from one IT environment to another in a safe and secure way.

Raising a concern and complaints

If you are worried about anything to do with your care or treatment or about the way your records have been managed, please contact the Trust's Patient Advice and Liaison Service (PALS) in the first instance:

Telephone: 0115 993 4542

Mental Health and Community Health Services email:  PALSandComplaints@nottshc.nhs.uk   Forensic Services email:  PALSandComplaintsFS@nottshc.nhs.uk

Write to: PALS and Complaints, Highbury Hospital, Highbury Road, Nottingham NG6 9DR Website:  Nottinghamshire Healthcare - Patient Advice and Liaison Service

You can also contact the Information Commissioner if you have a complaint about our processing of your personal data:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 (or 01625 545745 if you would prefer not to call an '03' number, or +44 1625 545745 if calling from overseas)

Fax: 01625 524510

Research helps us to improve our services for everyone who uses them or is involved in them, and you might be asked if you would like to get involved in a research study or a service evaluation while you are receiving treatment from us or if you have received treatment in the past.

We collect important information about you when you use our services and record it to help to ensure you get the best possible care and treatment. This information can also be used and provided to other organisations for things other than your individual care, for instance to help with:

• Improving the quality and standards of care we provide
• Research into the development of new treatments
• Preventing illness and diseases
• Monitoring safety
• Planning services

Using data in these ways helps the NHS to provide better health and care for you, your family and future generations.

Most of the time, anonymised data is used for research, service evaluations and clinical audits; anonymised data does not contain any information that could be used to identify you. We do not need to use your confidential information if we are able to use anonymised data. We will only use confidential information about you for research studies, service evaluations or clinical audits when we are allowed to by law.

Most research studies and service evaluations that we sponsor or approve are based on consent (agreement). This means that we have to ensure that you agree to allow us to use your confidential information as part of the research study or service evaluation.

If you are invited to take part in a research study or service evaluation, the team that's running the project will provide you with information about how your confidential data will be processed. This information will help you to decide whether you consent (agree) for your data to be used.

You can change your decision about whether you want your confidential data to be used in a research study or service evaluation at any time and the team that is running the project will provide you with information about this if you decide to take part.

If you decide that you don't want your confidential information to be used it won't affect the care that you receive from us.

Sometimes, depending on the type of research project, service evaluation or clinical audit, you won't be contacted to ask for permission to use your confidential information. This is because the project that will be using your data has been approved under Section 251 of the NHS Act 2006. The National Data Opt-Out Policy allows you to choose if you want your confidential patient information to be used in these types of research studies, service evaluations and clinical audits.

If you are happy for your information to be used then you don't need to do anything.

If you decide that you don't want your confidential information to be used for research, service evaluations or clinical audits without your consent, you can 'opt-out'. If you decide to opt-out then we will still use information about you to support your care.

The Government says that the Trust must put systems and processes in place so we can be compliant with the National Data Opt-Out Policy and can apply your choice about whether you want your confidential information to be used for things other than your treatment without your agreement.

We have put those systems in place to ensure that we are compliant with the National Data Opt-Out Policy.

You can find out more about the National Data Opt-Out and register your choice to opt-out on the NHS website.

On this web page you will be able to:

• See what types of information we mean when we refer to 'confidential patient information'
• Find examples of when confidential patient information is used for individual care
• Find examples of when confidential patient information is used for another reason
• Find out more about the benefits of sharing data
• Understand more about the organisations who use your personal data
• Find out how your data is protected
• See the situations where your opt-out decision won't apply

You can also look at, set and change your decision about whether you are happy for your information to be used for research, service evaluations or clinical audits.

The Trust also uses the CRIS (powered by Akrivia Health) platform for things like research studies, service evaluations and clinical audits. The platform contains copies of the information in our electronic patient records. It is safe and secure and allows researchers and auditors to look at lots of pseudonymised information from our patients' medical records. This helps to identify trends and patterns which may lead to improvements in patient care.

Unless you have agreed to allow researchers to use your personal data, any information which might directly identify you, like your name or your address, is removed before researchers can access it.. If you don't want your information to be available in CRIS (powered by Akrivia Health) platform then you can 'opt-out' by visiting NHS website as mentioned above.

Please speak to the doctors, nurses and staff who look after you if you would like to know more about this or if you need help to tell us that you don't want your information to be used for research, service evaluations or clinical audits.

Closed Circuit Television (CCTV) systems are installed in Trust buildings and in Trust car parks. The images that are recorded using the CCTV systems can help keep people safe. CCTV images can also be used to prevent or detect crime, and we sometimes share CCTV recordings with the police to help them investigate complaints for example, if someone gets hurt.

The Trust is Data Controller for all images recording using CCTV systems it operates, and there is a specific policy that explains how we manage CCTV systems which you can find on the Nottinghamshire Healthcare website. The policy explains how we store CCTV images, who can access the recordings, and when copies of recordings might be shared with other organisations.

We don't usually keep CCTV images for longer than 31 days however, some recordings may be kept for

longer if we need them for an ongoing investigation.

Most Trust sites have CCTV systems in areas that can be accessed by the public such as reception areas and car parks. CCTV systems are sometimes installed in wards too. Clear signs will be displayed in areas where CCTV is in operation and those signs will also tell you how you can access copies of your personal data in the recordings if you want to.

To learn more about how we use, manage and maintain confidentiality of your information, contact the Data Security and Data Protection Service:

Email: informationgovernance@nottshc.nhs.uk Tel: 0115 969 1300

Or visit the Nottinghamshire Healthcare website. 

You can find out more about how and why patient information is used, the safeguards and how decisions are made on the Understanding Patient Data website.

You can find out more about how patient information is used for health and social care research on the Health Research Authority website.

You can find out more about the Trust's Research and Evidence Team on the Nottinghamshire Healthcare website.

You can find out more about the CRIS (powered by Akrivia Health) platform on the Nottinghamshire Healthcare website or speak to the doctors, nurses and staff who look after you so they can answer your questions.