Your information

You have rights to do with information that is recorded and held about you. These rights are protected by the Data Protection Act 2018 and General Data Protection Regulation (GDPR).

As a healthcare provider we may collect information regarding your contact with our services. This information about your physical and/or mental health is part of your healthcare record.

About your information leaflet - Information Assurance - About Your Information.

General Data Protection Regulation (GDPR)

Under the GDPR, we have a legal duty to protect any information we collect from you. We use leading technologies and encryption software to safeguard your data and keep strict security standards to prevent any unauthorised access to it. More detail about how we collect, process, transfer and store your data can be found in our privacy notices below.

What are my rights in relation to my data?

Under the General Data Protection Regulation and Data Protection Act 2018 you have specific rights in relation to your data; you can make these requests at any time. Your rights are as follows:

Right to be informed

Nottinghamshire Healthcare has a duty to provide you with information in relation to how your personal and special category data (more sensitive personal data) is collected, stored and processed. This is provided within our privacy notice on this page.

Right of Access to Information/Subject Access

You can request a copy of the information Nottinghamshire Healthcare holds about you by emailing AccesstoInformation@nottshc.nhs.uk. You can also telephone us to make this request. This information is generally available to you free of charge once you provide appropriate ID. We have 30 calendar days to respond to your request. In certain circumstances we may not be able to provide a response in such a time scale; however we will write to you and inform you of this as soon as possible. Please contact the Information Governance Team for further information by emailing
InformationGovernance@nottshc.nhs.uk.

AMS Subject Access Request Portal

As of June 2022, the Trust is now able to receive and respond to Subject Access Requests (SARs) through the AMS SAR Portal. The AMS SAR Portal is an online platform that is designed to streamline the SAR process and make the process more efficient for everyone.

If you'd like to make a Subject Access Request, either for yourself or on behalf of someone else, please use the following link to submit your request - AMS SAR Portal.

COVID-19 Pandemic - Access to Information Requests

The Trust endeavours to complete all Access to Information Requests (sometimes known as Subject Access Requests) in a timely manner. However, due to the effect on resources caused by the COVID-19 pandemic, there may be a delay in the processing of these requests. We will keep you updated on the progress of your request.

Please see the link below to the ICO website for more information regarding this, as well as other useful advice in relation to COVID-19.

https://ico.org.uk/your-data-matters/your-data-matters-blog/

Right to rectification and erasure

You have the right to request the rectification of inaccurate personal data and the right to request the erasure of your personal data. However, the rights to rectification and erasure are not an absolute right and it may be necessary for Nottinghamshire Healthcare to continue to process your personal data for lawful and legitimate reasons. If you wish to make such a request, please email InformationGovernance@nottshc.nhs.uk

Right to object to, or restrict processing

You have the right in certain circumstances to ask Nottinghamshire Healthcare to stop processing your personal data in relation to any Trust service. You can also request not to receive information from the Trust. However, the right to object to, or restrict processing is not an absolute right and it may be necessary in certain circumstances for Nottinghamshire Healthcare to continue to process your personal data for a number of lawful and legitimate reasons.

If you wish to object to your information being processed, to receiving information from the Trust, or wish to have information rectified or erased, please email your request to InformationGovernance@nottshc.nhs.uk.

Rights in relation to automated decision making and profiling

Nottinghamshire Healthcare does not use your information to make automated decisions about you, nor to undertake profiling.

Right to Data Portability

The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.

It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. If you wish to make such a request please email AccesstoInformation@nottshc.nhs.uk.

Who do I contact if I have any concerns about my data?

To safeguard your information and to support your rights, Nottinghamshire Healthcare has appointed a Data Protection Officer (DPO). The role of the DPO is to monitor internal compliance with data protection legislation and inform and advise staff, patients, carers and the public in relation to data protection. The DPO can be contacted by emailing DPOEnquiries@nottshc.nhs.uk.

If you have a concern about any aspect of your care or treatment at this hospital or about the way your records have been managed, you can also contact our Patient Advice and Liaison Service.

Alternatively, you can also contact the Information Commissioner if you have a complaint about our processing of your personal data:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113 or 01625 545 745
Fax: 01625 524510

Nottinghamshire Healthcare's privacy notice

Please read our privacy notice to find out more about how we deal with your information.

Your information

Accessibility links

Search the Nottinghamshire Healthcare NHS Foundation Trust website